PHP & React Development Insights

Practical insights and guides on PHP/Symfony, React/Next.js, legacy modernization, and software architecture, drawn from 18+ years of building web applications for European businesses.

The Security Audit Checklist for AI-Generated PHP: 7 Vulnerability Patterns in Every Vibe-Coded Codebase

Every AI-assisted PHP project we audit surfaces the same seven vulnerability families: SQL injection adjacent to raw execute calls, missing CSRF tokens, user-controlled file paths, hardcoded secrets, over-privileged JWT claims, open redirects, and Symfony firewall bypasses. This post names each pattern, explains why LLMs generate it, and gives the GrumPHP, Rector, and PHPStan rules that catch it before merge.

Read more