Most Common Mistakes PHP Developers Make

PHP makes it very easy for developers to build web-based systems. Companies hire PHP developers to utilize this server-side language in creating static and dynamic web pages and applications. The ease of use is so significant that developers can create a functional code in mere hours, which would take days in other languages.

However, the language has become more sophisticated, with more nuances and subtleties with each update. Even small code-writing mistakes can lead to errors and unreliable scripts.

Here are the most common mistakes which PHP developers make while writing their code:

1. Leaving dangling array references after foreach loops

References in foreach loops are useful for operating on each element in the array that you are iterating over. For instance:


If you run this code, the $value will remain in scope and will hold a reference to the last element in the array. The later operations that involve $value will end up modifying the last element in the array.

An important point to remember is that foreach does not create a scope. Hence, $value in the above example is a reference within the top scope of the code. With each iteration, foreach will set the reference to point to the next element of $array. After the loop is completed, the $value will still point to the last element of $array and will remain in scope.

To still use reference in foreach loops without the risk of these problems, you can use unset() on the variable immediately after the foreach loop to eliminate the reference. Look at the example below:


2. Misunderstanding isset() behaviour

The command isset() returns false for items that do not exist and null values. This behavior often causes confusion among PHP developers. Consider this example:


The developer clearly wanted to check if the keyShouldBeSet was set in $data. However, isset($data[‘keyShouldBeSet’]) will also return false if $data[‘keyShouldBeSet’] was set to null. Hence, this logic is flawed.

If you really want to check if a variable was set to null, a much better option is array_key_exists().

3. Performing queries in a loop

If your PHP code is not working, it might be because of this:

Loop queries

If you follow the logic in the code, you will notice that the call to the above $valueRepository->findByValue() leads to a query:


Hence, each iteration of the above loop will result in a separate query in the database. Using such a script in multiple threads can cause havoc. Therefore, developers must recognize when the queries are made by the code, gather the values and then run a query to get the result.

4. Ignoring Unicode/UTF-8 issues

This might seem more like a PHP issue and less of a developer issue. However, it is the latter’s responsibility to properly handle UTF-8 and avoid the assumption that all strings are treated as ASCII. Any code that fails to properly handle the non-ASCII strings results in bugs. To ensure you do not ignore such issues:

Learn the basics of Unicode and UTF-8

Always use mb_* functions in place of the old string functions (ensure that the “multibyte” extension is included in your PHP build)

Ensure your database and tables are ready to use Unicode (some builds of MySQL still use latin1 as default)

Keep in mind that json_encode() converts non-ASCII symbols but serialize() does not

Make sure that the PHP code files are also UTF-8 encoded. This will avoid any collisions while concatenating strings with configured or hardcoded string constants.

5. Using the mysql extension

The mysql extension is insecure, unreliable, does not support SSL, and misses some modern features. The extension also generates deprecation notices that appear at the top of your app. It is highly advised to avoid this extension and use other alternatives, such as MySQLi or PDO.

A MySQLi code will make the setup more secure without much effort:

MySQLi code

A PDO, on the other hand, will allow the developer some amazing object-oriented syntax and help them work with other SQL databases like PostgreSQL, MS SQL, and more. PDO also allows you to use named parameters and inject fetched data directly into a new object, saving significant time in large projects.

6. Assigning conditions

Even experienced PHP professionals often slip up and write if ($condition = ‘value’) { instead of if ($condition == ‘value’) {. There are several ways to avoid this problem:

Use a good IDE, PhpStorm, for example, which warns you of “assignment condition’ issues

Use Yoda Conditions, which places the constant portion on the left side of the conditional statement. These conditions are standard even in large enterprises, so the practice will only benefit you if you invert the comparisons to if (‘value’ = $condition) {, even weaker IDEs will notice the problem.

Keep practicing and check for mistakes every time until perfection becomes a habit.

7. Misusing the empty() command

Many PHP developers use the empty() command for Boolean checks. However, this command can cause a lot of confusion. For example:

Empty command

To avoid this issue, choose count():


Since PHP casts 0 to false, you can also use count() to use within if() conditions to check for any empty array. Also, count() is a constant complexity (o(1) operation) on arrays in PHP, which makes it a better choice.

Hence, empty() method must be used carefully, as it can lead to confusing or even misleading results.

8. Ignoring coding standards

You can invite a whole barrage of problems by ignoring coding standards. While it does not directly impact the debugging of the PHP code, it is still very important to note. A standardized code is consistent, works every time, and is easy to navigate. Hence, the department’s productivity will peak, and you can avoid wasting a lot of time in debugging, enhancing, and maintaining an inconsistent code.

There are five PHP standards:

  • PSR-0: Autoloading Standard
  • PSR-1: Basic Coding Standard
  • PSR-2: Coding Style Guide
  • PSR-3: Logger Interface
  • PSR-4: Autoloader

PSR was created by working on the inputs from the maintainers of the most popular platforms. Zend, Drupal, Joomla, and Symfony contributed to these standards and followed them with dedication. While we practice writing clean codes every time, it is important to follow any one specific standard unless the project compels us not to. Day by day, more teams are conforming to the PSR standards, and it makes it easier for any new joiner to quickly grasp the code by following the standard.


PHP is one of the easiest languages to code in, and this comfort lulls developers vulnerable to errors. This can result in bugs and loads of resources in resolving the issue.

The aforementioned tips will help PHP developers identify and avoid the most common mistakes they make. Use these tips to build more scalable, maintainable, and robust software.

Have a Look at These Articles Too

Published on April 18, 2023 by Adnan Mujic. Filed under: , , , .

I am a committed and seasoned content creator with expertise in the realms of technology, marketing, and WordPress. My initial foray into the world of WordPress occurred during my time at WebFactory Ltd, and my involvement in this field continues to grow. Armed with a solid background in electrical engineering and IT, coupled with a fervor for making technology accessible to the masses, my goal is to connect intricate technical ideas with approachable and captivating content.

Leave a Reply