Defensive PHP: Code that refuses to fail silently

Since the early days of PHP, when the language was deliberately forgiving and relied heavily on implicit type coercion, PHP has come a long way. With support for an expressive type system, granular and structured exceptions, Enums, read-only properties, asymmetric property visibility, and property hooks, modern PHP provides several features and syntax to write more defensive code.

This talk explores how to write defensive code that protects applications against invalid state by leveraging modern type-system features, explicit and meaningful exceptions, and stricter runtime behavior. The outcome is software that rejects invalid and insecure data early, making it impossible to represent invalid state.

During this talk, we will be walking through:

• How to make use of PHP's Type System to provide type-safety to application state.
• When and how to enable PHP's Exception-based error handling.
• Technical and domain-level exceptions, and where to use them.
• Possible "gotchas" with PHP's type coercion.
• Making invalid state unrepresentable.
• Asymmetric visibility and property hooks to avoid boilerplate validation logic.

This intermediate-level talk is ideal for those who are familiar with PHP's error and exception handling and want to deepen their understanding of modern type-system features and error handling improvements in recent PHP versions that help further improve the defensive and expressive capabilities of PHP code.