
PHP Fundamentals for Security: Comparison Operators, Superglobals, and the Loose-Typing Trap
I keep telling new hunters that PHP isn’t a bad language. It’s a language with a few defaults that will eat your lunch if you don’t understand them. After spending most of 2024 and 2025 reviewing WordPress plugin code for paying clients, I’m comfortable saying that roughly half of every PHP CVE I read traces back to three things: ==, $_REQUEST, and the rules PHP uses to convert one type into another. ...
