Tag: php
Iterating Objects with foreach (Iterator & IteratorAggregate)
PHP 5.5+
3
foreach can traverse any object implementing Iterator or IteratorAggregate, not just arrays — control iteration without exposing internal state.
1w ago
PHP intermediate
Insecure Deserialization
Deserializing attacker-controlled data can trigger arbitrary object construction and method calls — PHP's unserialize() with untrusted input enables remote code execution via gadget chains in the loaded class graph.
CWE-502 OWASP A8:2021
3mo ago
Security advanced
INSERT ... ON DUPLICATE KEY UPDATE
PHP 5.1+
An atomic MySQL upsert — inserts a new row or updates the existing one if a unique key constraint would be violated.
3mo ago
Database intermediate
ICU Message Format
PHP 7.0+
1
A standard syntax for translatable strings that handles pluralisation, gender, number formatting, and date formatting in a single expression — supported by PHP's intl extension via MessageFormatter.
3mo ago
i18n intermediate
Intersection & DNF Types in Practice
PHP 8.1+
PHP 8.1 intersection types (A&B) and PHP 8.2 DNF types ((A&B)|null) allow precise type constraints for objects implementing multiple interfaces.
3mo ago
PHP advanced
IoC Container
PHP 7.0+
An Inversion of Control container automatically resolves and injects class dependencies — you declare what a class needs, the container figures out how to create it, eliminating manual dependency wiring.
3mo ago
Code Quality intermediate
Integer Overflow & PHP_INT_MAX
PHP 4.0+
PHP integers silently overflow to float when exceeding PHP_INT_MAX (9.2×10¹⁸ on 64-bit) — use BCMath or GMP for arbitrary precision arithmetic.
3mo ago
PHP intermediate
Inconsistent Indentation
Mixing tabs and spaces, or using varying numbers of spaces for indentation — causes visual misalignment across editors and makes diffs noisy.
3mo ago
Style beginner
Insecure Randomness
PHP 7.0+
Using non-cryptographic random functions (rand(), mt_rand(), array_rand()) for security tokens — these are predictable and enable token forgery, session prediction, and CSRF bypass.
3mo ago
Security intermediate
include vs require vs *_once
PHP 5.0+
require halts on failure; include warns and continues. The _once variants prevent double-loading — use require_once for dependencies.
3mo ago
PHP beginner
Interface vs Abstract Class
PHP 5.0+ Interfaces define pure capability contracts with no state; abstract classes add shared implementation. Use interfaces for type contracts, abstract for shared behaviour.
3mo ago
PHP intermediate
Interfaces
PHP 5.0+
3
Contracts that define a set of method signatures a class must implement, enabling polymorphism without inheritance.
3mo ago
PHP intermediate
Intersection Types (PHP 8.1)
PHP 8.1+
1
Require a value to satisfy multiple type constraints simultaneously, declared as TypeA&TypeB — useful for combining interfaces.
3mo ago
PHP intermediate
intval() / Type Casting
PHP 5.0+
1
Casting user input to int or float is a safe way to enforce numeric types — cheaper than regex validation for IDs.
3mo ago
PHP beginner
Iterator Pattern
PHP 5.0+
Provides a uniform way to traverse a collection without exposing its internal structure — the foundation of PHP's foreach and SPL iterators.
3mo ago
Code Quality intermediate
Iterators & IteratorAggregate
PHP 5.0+
1
PHP interfaces that allow custom objects to be used in foreach loops, enabling lazy and memory-efficient iteration over any data source.
3mo ago
PHP intermediate
Input Validation vs Output Encoding
PHP 5.0+
4
Validation checks that input is acceptable; output encoding makes data safe for the context it's rendered in. Both are required.
3mo ago
General beginner