Production PHP patterns from real bugs: UTF-8 safety, JSON injection, type safety, structured logging, webhook deduplication, and schema migrations.
How PHP's PCRE engine silently corrupts Devanagari text without the /u flag, the bullet-point production bug, diagnosing json_encode() returning false, and addiβ¦
Why json_encode() output in onclick breaks HTML (and creates XSS), how JSON_HEX_TAG + htmlspecialchars(ENT_QUOTES) fixes it, and why data attributes + event lisβ¦
Strict types and TypeError in production webhooks β the single missing argument that crashes a request after all work is done. Static analysis with PHPStan to fβ¦
Correlation IDs per request, the production allowlist that keeps PII out of logs, LOCK_EX on every write, JSON_UNESCAPED_UNICODE, and the difference between audβ¦
INSERT IGNORE as the atomic deduplication primitive β why SELECT+INSERT is wrong, TTL cleanup for the dedup table, and extending the pattern to Celery tasks andβ¦
TTS β conversion β upload β send: per-step logging, text fallback at every failure point, and the circuit breaker pattern to stop retrying after N consecutive fβ¦
File-naming with zero-padded sequences, the migrations tracking table with checksum verification, ALGORITHM=INSTANT for live ALTER operations, and why up-only mβ¦