I often use print_r($value, true)
to dump some variables in log statements, and sometimes I forget to set the second parameter to true, which then might result in instead of the result being in the log statement, in most cases it just gets lost, but sometimes it is even rendered to the users browser.
This just happened to me, and within the object graph where some credentials, and other things that you normally would not like the end user to see. The problem was that instead of passing true as the second parameter, for some reason I passed null 1 year ago. And now there was some system failure that made the wrong output show.
What do you do to avoid having stacktraces output by programmer error? Why do all PHP dumping functions just echo the output by default? Searching though our codebase, I found quite a lot of invocations of print_r without the second parameter set to true.
I also use json_encode() for debug output sometimes, because the output is sometimes more concise and friendly to read. Any drawbacks with that approach?
We normally use some sort of output buffering, but not everywhere.