Glossary
Cognitive Complexity
4
A readability-focused complexity metric that penalises nesting more heavily than cyclomatic complexity.
3mo ago
quality intermediate
Cross-Site Request Forgery (CSRF)
PHP 5.0+
1
A forged request tricks an authenticated user's browser into performing an unintended action on a site they're logged into.
CWE-352 OWASP A1:2021
3mo ago
security intermediate
6.5
Cross-Site Scripting (XSS)
PHP 5.0+
1
User-supplied content rendered in the browser without escaping, allowing script injection into other users' sessions.
CWE-79 OWASP A3:2021
3mo ago
security intermediate
6.1
Dependency Injection
PHP 5.0+ Passing dependencies into a class rather than creating them inside — makes classes testable and loosely coupled.
3mo ago
quality intermediate
DRY Principle
PHP 5.0+
Don't Repeat Yourself — every piece of knowledge should have a single, unambiguous representation in the codebase.
3mo ago
quality beginner
Early Return Pattern
Exit a function as soon as the result is known rather than carrying state through the rest of the function body.
3mo ago
style beginner
Exception Handling (try/catch/finally)
PHP 5.0+
1
PHP's structured error handling mechanism that separates error-path code from the happy path and ensures resource cleanup.
3mo ago
php intermediate
Immutability
PHP 8.1+
1
Objects whose state cannot change after construction — immutable objects are inherently thread-safe, predictable, and easy to reason about.
3mo ago
quality intermediate
Input Validation vs Output Encoding
PHP 5.0+
Validation checks that input is acceptable; output encoding makes data safe for the context it's rendered in. Both are required.
3mo ago
general beginner
Insecure Direct Object Reference (IDOR)
PHP 5.0+ A user accesses another user's data by changing an ID in a URL or request — no authorisation check performed.
CWE-639 OWASP A1:2021
3mo ago
security intermediate
7.5
Insufficient Logging & Monitoring
Failure to log security events and monitor them allows attacks to go undetected and unresponded to.
CWE-778 OWASP A9:2021
3mo ago
security beginner
6.5
Lazy Loading
HTML5
Defer loading or initialising a resource until it is actually needed, reducing startup cost and memory usage.
3mo ago
performance beginner
Magic Number
PHP 5.0+
A numeric literal with no explanation — its meaning is unclear without context, harming readability and maintainability.
3mo ago
quality beginner
N+1 Query Problem
PHP 5.0+ Executing one query to get N records, then N more queries to fetch related data — one per record.
3mo ago
performance intermediate
OPcache
PHP 5.5+
6
A PHP extension that caches precompiled bytecode in shared memory, eliminating repeated parsing and compilation overhead.
3mo ago
php intermediate
Prepared Statement
PHP 5.1+
A parameterised SQL query where data placeholders are bound separately from the query structure, preventing SQL injection.
3mo ago
php intermediate
Rate Limiting
PHP 5.0+
Restricting the number of requests a client can make in a given time window to prevent abuse, DoS, and credential stuffing.
CWE-770 OWASP A5:2021
3mo ago
performance intermediate
Repository Pattern
PHP 5.0+
2
Abstracts the data persistence layer behind an interface, decoupling domain logic from database implementation details.
3mo ago
general intermediate
Session Fixation
PHP 5.0+
1
An attacker forces a victim to use a known session ID, then hijacks their session after they authenticate.
CWE-384 OWASP A7:2021
3mo ago
security intermediate
8.0
Single Responsibility Principle
PHP 5.0+
A class or function should have one reason to change — doing one thing and doing it well.
3mo ago
general beginner