Why this matters
Parsing or trusting error pages as data leads to misleading behavior and crashes.
Check transport errors and HTTP status codes before parsing response bodies; treat 4xx/5xx as errors with context.
Parsing or trusting error pages as data leads to misleading behavior and crashes.
Side-by-side examples engineers can pattern-match during review.
$body = file_get_contents($url);
$data = json_decode($body, true);$ch = curl_init($url);
curl_setopt_array($ch, [CURLOPT_RETURNTRANSFER=>true, CURLOPT_TIMEOUT=>10]);
$body = curl_exec($ch);
$err = curl_error($ch);
$code = (int)curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
if ($err || $code >= 400) {
throw new RuntimeException("HTTP {$code} error: {$err}");
}$data = json_decode(file_get_contents($u), true);if($code>=400) throw new RuntimeException('bad status')From the same buckets as this rule.