10 Most Common Programming and Coding Mistakes
Whatsapp Pinterest

The following are some of the most common programming and coding mistakes made by developers. These errors have resulted in widespread outages, data theft, intrusions and more. Some of the errors Top 10 Websites for Error Codes & Troubleshooting Top 10 Websites for Error Codes & Troubleshooting Read More are particular to certain languages such as C, C++, etc. but some are common across other languages such as Java, JavaScript, Python etc.

We recommend that you check this list often to make sure you are not making any of these in your code. This list is sorted in the order of importance from top to bottom.

1. Buffer Overflow

Buffer Overflow occurs when data is written into a buffer past its end. It may arise due to faulty calculations of the write position. Or continuous writing into a buffer without checking the length. Whatever the reason, this error is one of the most common and has resulted in major exploits. Some of these include the Morris Internet Worm 6 Computer Viruses That Changed The World 6 Computer Viruses That Changed The World Yesterday we took a look at some of the most damaging high-profile computer viruses in history, and today we’ll be exploring some of the more obscure ones instead. The term “virus” wasn’t attached to malware... Read More in 1988, W32/Nimda worm in 2001, and Sendmail error in 2003.

A C Example:

char array[6] = "hello";
strcat(array, ", joe"); /* <- This line causes a buffer overflow. */

10 Most Common Programming and Coding Mistakes buffer overflow
Image Credit: Cyber4All @Towson

2. SQL Injection

SQL Injection What Is An SQL Injection? [MakeUseOf Explains] What Is An SQL Injection? [MakeUseOf Explains] The world of Internet security is plagued with open ports, backdoors, security holes, Trojans, worms, firewall vulnerabilities and a slew of other issues that keep us all on our toes every day. For private users,... Read More is a techique for injecting SQL commands into user input such that these commands are directly executed by the database. This allows the attacker to perform malicious acts such deleting tables, dropping databases, stealing data and much more.

A key cause of SQL Injection attacks succeeding is that the application software that processes user input performs insufficient checks and validation on the input before passing it to the database for execution.

A Java Example:

// The following is a parameter value with SQL injection
String username = "joe'; delete from user where username like '%";
Connection con = ...; // create connection to database

// When this statement is executed, all users are deleted from the database.
con.createStatement().execute("update user set logged_in = 1 where username = '" + username + "'");

3. OS Command Injection

OS Command Injection arises when user-specified input is directly handed over to the operating system for exection by the application without proper vetting. Such an operation might be used by an application to use an existing command on the OS. When the application passes user input without properly validating it, it paves the way for an attacker to use clever constructs to execute malicious commands. These commands can be, for example, to delete files, steal data, alter permissions on files, and more.

4. Integer Overflow or Wraparound

An Integer The Basics Of Computer Programming 101 - Variables And DataTypes The Basics Of Computer Programming 101 - Variables And DataTypes Having introduced and talked a little about Object Oriented Programming before and where its namesake comes from, I thought it's time we go through the absolute basics of programming in a non-language specific way. This... Read More Overflow error occurs when you attempt to store a larger value into an integral type than will fit. When this happens, the larger value is truncated and the operation ends up storing an unpredictable result. For example, a 2-byte unsigned short can store a maximum value of 65535. Now, imagine adding two short values such as 65530 and 10 and storing the result in a short. The result (65545) will not fit in a short, leaving some unpredictable value in the target short as a result of truncation. When subsequently using this value in another operation (such as an array index), you will end up with unpredictable results.

A C Example:

short a = 65530, b = 10;
short c = a + b;
// on my computer, c has the unexpected value: 4

5. Improper Validation of an Array Index

Another very common error encountered in software is Improper Validation of an Array Index. It arises when accessing an array How Arrays and Lists Work in Python How Arrays and Lists Work in Python Arrays and lists are some of the most useful data structures in programming -- although few people use them to their full potential. Read More using an index that lies outside the bounds of the array. When you access a location outside the program’s valid data boundaries, you end up with a memory access error (also known as a segmentation violation). When the memory location lies within the data bounds but outside of the array, you are looking at memory corruption when you write to such locations.

These type of errors are more common with C and C++, but can arise with any language, even those with automatic memory management such as Java, JavaScript, Python, etc. The only way such errors can be mitigated in software is by you, the programmer, exercising sufficient care during coding.

6. Allocate Resources Without Limits

Memory allocation is very common in C and C++ since all memory management in these languages is manual. Allocating memory without proper validation of the size being allocated can cause the allocation to fail. When the result of this allocation is not checked but used directly, you have a recipe for disaster.

These type of errors are also possible without manual memory management such as Java, JavaScript and Python when allocating arrays. So proper care needs to be exercised when allocating arrays in these languages.

Another possibility of this error arising is to create other resources such as file handles or connection handles without proper checking. Not properly closing these resources when you are done using them is the most common way that these resource limits are reached.

7. Expired Pointer Dereference

In languages such as C and C++, memory can be freed once you are done with it. Using a pointer An Introduction to Pointers for Programmers An Introduction to Pointers for Programmers Whether you realize it or not, the vast majority of programs you have used make use of pointers in some way. As a programmer, you need to understand how pointers work. Read More to this block of memory that has already been freed is an error. This type of error has also been in the news due to major outages, so you would do well to verify that this kind of error does not happen in your code.

8. Null Pointer Dereference

A pointer may have a null value before it is properly initialized (or after the memory is freed). Dereferencing such a pointer causes a null pointer error (called NullPointerException in Java). It is very common in C, C++ as well as Java, and definitely possible in other languages too. You should take sufficient care in your code to avoid this kind of error.

null pointer
Image Credit: J.T.Presta

9. Missing Initialization

Local variables are those which are declared within a function (or a block) and cease to exist at the end of the function. These variables are allocated on the stack and will have random garbage when they are first declared. As a programmer it is your duty to assign a suitable value to these variables as soon as they are declared. Using them before such initialization results in the Missing Initialization error and will most definitely end in a crash (or something more devastating).

A C Example:

int pos;
char buffer[] = "hello world";

// this line may print garbage and/or may crash the program since pos is not initialized.
printf("Value of character at pos %d is: %c\n", pos, buffer[pos]);

10. Broken or Risky Cryptographic Algorithm

The world of cryptography How Does Encryption Work, and Is It Really Safe? How Does Encryption Work, and Is It Really Safe? Read More is constantly evolving. What is acceptable today may no longer be acceptable tomorrow. This might be due to the increasing power of computers where computing tasks which are deemed to take years today might take minutes tomorrow. Or someone finds a new way to crack a particular algorithm which renders that algorithm useless. So you need to constantly keep abeast of developments in cryptography and update your code (if it is still in use) if vulnerabilities and hacks are discovered in the algorithms you use.

For example, SHA-1, which is a hashing algorithm, is no longer recommended for computing hashes. In 2005, attacks were discovered against this algorithm, and SHA-2 or SHA-3 are recommended. So if your code uses SHA-1 at any point, you will need to replace it with the recommended one if the software is still being used. Otherwise you run the risk that your application is open to attack.


We have covered a few of the most common programming and coding errors in this article. You can refer to this list often to make sure you are avoiding them.

Have you come across these or other errors which might lead to a large-scale hack of your website or application? Let us know in the comments below.

Image Credit: ajfile/Depositphotos

Enjoyed this article? Stay informed by joining our newsletter!

Enter your Email

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Kirby Wallace
    August 20, 2018 at 1:06 am

    I'm surprised this list doesn't include what must be almost the most common error of all, the notorious "off by one" error. But, I guess Index Validation kinda covers that topic.

  2. harkirat
    October 14, 2017 at 10:12 am

    Great article! Thanks.
    I want to ask one thing I don't know is this the right place or not but I have asked this questions to a lot of people but got a reply. I hope you can help me out and please reply even if the answer is not known. Recently, I have given a company exam, in the coding domain, some of the parts were locked and other were unlocked to write the logic.
    I wrote the statement: return arr; // this resulted in an error.
    My question is how to return an array from a function?
    Please, help.

    • Jane
      February 23, 2018 at 5:11 pm

      Return it in an object.

  3. Krutika
    October 13, 2017 at 7:19 am

    Thank you for sharing the information!

  4. German
    October 13, 2017 at 1:06 am

    "Memory allocation is very common in C and C++ since all memory management in these languages is manual. "

    This is a brute error. Please, learn before trying to teach.

    • Jay Sridhar
      October 13, 2017 at 2:29 am

      Care to explain? Which part of the statement is wrong? Are you aware that memory allocated in these languages need to be freed? Does that not make it manual, as opposed to being garbage collected like in Java?


      • mearnsgeek
        October 13, 2017 at 6:17 am

        Your statement isnt wrong but extremely simplistic and memory *management* is the real issue not the allocation of memory which happens manually in all languages - "new Thing()" in Java or C#?

        Going back to c++, memory allocated on the stack for local variables is automatically allocated and modern c++ heavily promotes the use of smart pointers making memory management exactly the same as for any other reference counted language such as python.

        I have to say that I thought your article would be based on studies with figures to cite but it looks more like a simple list of errors that can happen.

  5. Fred
    October 12, 2017 at 5:10 pm

    You dick. These are really obvious ones that you learning in basic computer class.

    • Vladhed
      February 23, 2018 at 7:49 pm

      ...and yet people continue to make them, even after years of experience.