PHP & React Development Insights

Practical insights and guides on PHP/Symfony, React/Next.js, legacy modernization, and software architecture, drawn from 18+ years of building web applications for European businesses.

Prompt Injection Defense for B2B SaaS: Beyond Input Sanitization With Defense-in-Depth Patterns

Input sanitization stops the obvious attacks and almost nothing else. Indirect prompt injection through RAG documents, tool outputs, and multi-turn context is the threat most B2B SaaS teams are not ready for. This post covers the production defense stack: structural prompt separation, tool-use allowlists, user-scoped permission propagation, output constraints that catch data exfiltration, and the red-team harness enterprise buyers will ask to see.

Read more

WCAG 2.2 Level AA in React and Next.js: The Engineering-Level Accessibility Audit Before EAA Enforcement

The European Accessibility Act enforcement gap closes mid-2026, and the WCAG 2.2 AA checklist your product manager hands to engineers rarely survives contact with a real React component tree. This is the engineering-level audit: focus management in Next.js App Router, criteria that Radix and Headless UI quietly fail, form error announcements that work with real screen readers, and the CI setup using axe-core and Playwright that catches regressions before they ship.

Read more