Track
PHP
Review strict types, request validation, output escaping, PDO queries, passwords, sessions, configuration, and template boundaries.
- 01
Strict types and return types
Make PHP function contracts explicit with strict scalar types and return types so reviewers can catch coercion bugs at boundaries.
typesstrict-typescontracts - 02
Input validation and filtering
Validate request input at the boundary before it reaches query, domain, or template code.
inputvalidationrequest - 03
Output escaping for XSS
Escape untrusted values when rendering HTML so user content cannot become markup or script.
xssescapingtemplates - 04
PDO prepared statements
Use prepared statements with bound values instead of interpolating request data into SQL strings.
pdosqlprepared-statements - 05
Password hashing and verification
Store password hashes with PHP password APIs and verify them without inventing custom hashing rules.
passwordssecurityhashing - 06
Session handling and cookies
Configure session cookies deliberately and regenerate session IDs when authentication state changes.
sessionscookiesauth - 07
Error handling and exceptions
Catch exceptions at a clear boundary, log useful context, and return safe responses to users.
errorsexceptionslogging - 08
Autoloading and namespaces
Use namespaces and autoloaded classes so file structure, ownership, and dependencies are explicit.
autoloadingnamespacesstructure - 09
Configuration and secrets
Load configuration from the environment and fail clearly when required secrets are missing.
configurationsecretsenvironment - 10
Separating logic from templates
Keep request handling and data access outside templates so rendering code stays small and easy to review.
templatesseparationmvc
Related tracks
Keep learning inside the same language family.