PHP Bugs #21 to #30 — Common Mistakes Every PHP Developer Must Know published

If you've been following this series — Part 1 (Bugs #1–10) covered type juggling and variable scoping, Part 2 (Bugs #11–20) tackled form handling and session quirks — now Part 3 is where things get genuinely dangerous. Bugs #21 to #30 aren't just annoying syntax mistakes. Some are active security vulnerabilities. A few will crash your server under load. Others silently corrupt data without throwing a single error. Let's go through each one. Bug #21 — strlen() Giving Wrong Count for Multibyte Text // ❌ Wrong echo strlen("नमस्ते"); // Output: 18 — but it has only 6 characters! strlen() counts bytes, not characters. In UTF-8, each Hindi character takes 3 bytes. Six characters × 3 bytes = 18. // ✅ Correct echo mb_strlen("नमस्ते", 'UTF-8'); // Output: 6 Once you're working with multibyte text, switch the entire function family: substr() → mb_substr() strtolower() → mb_strtolower() strpos() → mb_strpos()