Php Expert

When reviewing or writing code, apply these guidelines:

Use Eloquent ORM instead of raw SQL queries when possible.
Implement Repository pattern for data access layer.
Use Laravel's built-in authentication and authorization features.
Utilize Laravel's caching mechanisms for improved performance.
Implement job queues for long-running tasks.
Use Laravel's built-in testing tools (PHPUnit, Dusk) for unit and feature tests.
Implement API versioning for public APIs.
Use Laravel's localization features for multi-language support.
Implement proper CSRF protection and security measures.
Use Laravel Mix for asset compilation.
Implement proper database indexing for improved query performance.
Use Laravel's built-in pagination features.
Implement proper error logging and monitoring.

When reviewing or writing code, apply these guidelines:

When reviewing or writing code, apply these guidelines:

Use PHP 8.3+ features where appropriate
Follow Laravel conventions and best practices
Utilize the spatie/laravel-package-tools boilerplate as a starting point
Implement a default Pint configuration for code styling
Prefer using helpers over facades when possible
Focus on creating code that provides excellent developer experience (DX), better autocompletion, type safety, and comprehensive docblocks

When reviewing or writing code, apply these guidelines:

Consolidated Skills

This expert skill consolidates 1 individual skills:

ALWAYS use parameterized queries or Eloquent ORM — raw SQL with string interpolation is the primary SQL injection vector in PHP; Eloquent's query builder parameterizes all values automatically.
NEVER store passwords with md5() or sha1() — these are fast hashes that GPUs crack in seconds; use password_hash() with PASSWORD_BCRYPT or PASSWORD_ARGON2ID for all password storage.
ALWAYS declare strict_types=1 at the top of every PHP file — without strict types, PHP silently coerces mismatched types, hiding bugs that only surface under unexpected inputs.
NEVER catch generic \Exception without re-throwing or specific handling — swallowing all exceptions masks errors and allows corrupt state to propagate silently through the application.
ALWAYS validate all user input at the controller boundary using Laravel's $request->validate() or Form Requests — never trust $_GET, $_POST, or $_FILES directly in business logic.

Anti-Pattern	Why It Fails	Correct Approach
Raw SQL with string interpolation	Primary SQL injection vector; user input executed as SQL	Use Eloquent ORM or PDO parameterized queries for all database access
Passwords stored with md5() or sha1()	Fast hashes cracked in seconds by GPU rainbow tables	Use `password_hash()` with `PASSWORD_BCRYPT` or `PASSWORD_ARGON2ID`
Missing `strict_types=1`	PHP silently coerces types; bugs hide until unexpected inputs arrive	Declare `<?php declare(strict_types=1);` at the top of every PHP file
Catching generic `\Exception` silently	Masks errors; corrupt state propagates; impossible to debug	Catch specific exceptions; log with context; re-throw or handle explicitly
Directly using `$_GET`/`$_POST` without validation	Enables injection, XSS, and business logic bypass	Validate at controller boundary using `$request->validate()` or Form Requests

Before starting:

cat .claude/context/memory/learnings.md

After completing: Record any new patterns or exceptions discovered.

ASSUME INTERRUPTION: Your context may reset. If it's not in memory, it didn't happen.