10 Common Laravel Pitfalls Even Senior Developers Make (And How to Fix Them)

Laravel is one of the most popular PHP frameworks, praised for its elegant syntax and powerful features. However, even experienced Laravel developers can fall into common pitfalls. This article lists ten typical mistakes and offers recommended solutions.

1. Overusing lazy loading of Eloquent relationships

// Bad practice – N+1 query issue
$users = User::all();
foreach ($users as $user) {
    echo $user->profile->name; // query per iteration
}

// Recommended – eager loading
$users = User::with('profile')->get();

Many developers forget to use with() for eager loading, causing N+1 queries and hurting performance.

2. Ignoring database transactions

// Unsafe version
public function updateUser(Request $request, $id) {
    $user = User::find($id);
    $user->update($request->all());

    $profile = $user->profile;
    $profile->update($request->only(['bio', 'website']));
}

// Recommended – use transaction
public function updateUser(Request $request, $id) {
    DB::transaction(function () use ($request, $id) {
        $user = User::find($id);
        $user->update($request->all());

        $profile = $user->profile;
        $profile->update($request->only(['bio', 'website']));
    });
}

Not wrapping related model operations in a transaction can lead to data inconsistency.

3. Not handling failed queue jobs

// Incomplete queue job
class ProcessPodcast implements ShouldQueue {
    public function handle() {
        // processing logic
    }
}

// Recommended – add failed method
class ProcessPodcast implements ShouldQueue {
    public function handle() {
        // processing logic
    }

    public function failed(Exception $exception) {
        // log failure or send notification
    }
}

Ignoring failure handling may cause silent job failures.

4. Overusing Facade static calls

// Bad – hard to test
public function store(Request $request) {
    Cache::put('key', 'value', 60);
}

// Recommended – dependency injection
public function store(Request $request, Cache $cache) {
    $cache->put('key', 'value', 60);
}

Relying on static Facade calls makes code harder to test and maintain.

5. Ignoring model observers

// Bad – logic in controller
public function update(User $user, Request $request) {
    $user->update($request->all());
    ActivityLog::create(['user_id'=>$user->id,'activity'=>'updated_profile']);
}

// Recommended – observer
class UserObserver {
    public function updated(User $user) {
        ActivityLog::create(['user_id'=>$user->id,'activity'=>'updated_profile']);
    }
}

Placing business logic in controllers instead of observers leads to duplication and harder maintenance.

6. Incorrect caching strategy

// Bad cache usage
public function getPopularPosts() {
    $posts = Cache::remember('popular_posts', 60, function () {
        return Post::popular()->get();
    });
    return $posts;
}

// Recommended – consider expiration and invalidation
public function getPopularPosts() {
    $posts = Cache::remember('popular_posts', now()->addHours(6), function () {
        return Post::popular()->get();
    });
    // Cache::forget('popular_posts') when data changes
    return $posts;
}

Setting unreasonable cache lifetimes or forgetting to clear cache after data changes can show stale data.

7. Ignoring mass‑assignment protection

// Unsafe mass assignment
class UserController extends Controller {
    public function update(Request $request, User $user) {
        $user->update($request->all());
    }
}

// Recommended – define $fillable or $guarded
class User extends Model {
    protected $fillable = ['name','email','password'];
    // or
    protected $guarded = ['id','is_admin'];
}

Missing $fillable/$guarded may lead to mass‑assignment vulnerabilities.

8. Not optimizing query builder

// Unoptimized query
$users = DB::table('users')
    ->select('*')
    ->where('active',1)
    ->get();

// Optimized query
$users = DB::table('users')
    ->select(['id','name','email'])
    ->where('active',1)
    ->whereNotNull('email_verified_at')
    ->orderBy('name')
    ->get();

Selecting all columns without limits or missing indexes can degrade performance.

9. Incomplete exception handling

// Basic handling
try {
    $user = User::findOrFail($id);
} catch (ModelNotFoundException $e) {
    return back()->withError('User not found');
}

// Better handling
try {
    $user = User::findOrFail($id);
} catch (ModelNotFoundException $e) {
    Log::error("User not found: {$id}");
    return back()->withError('User not found');
} catch (QueryException $e) {
    Log::error("Database error: {$e->getMessage()}");
    return back()->withError('Database error occurred');
} catch (Exception $e) {
    Log::error("Unexpected error: {$e->getMessage()}");
    return back()->withError('Something went wrong');
}

Catching exceptions without logging or detailed messages makes debugging harder.

10. Ignoring performance monitoring

// No monitoring
public function generateReport() {
    $data = $this->gatherData();
    $report = $this->processData($data);
    return $report;
}

// With monitoring
public function generateReport() {
    $start = microtime(true);
    $data = $this->gatherData();
    $report = $this->processData($data);
    $executionTime = microtime(true) - $start;
    Log::info("Report generated in {$executionTime} seconds");
    return $report;
}

Without monitoring critical paths, performance issues may go unnoticed in production.

Even seasoned Laravel developers can overlook best practices due to the framework’s convenience. Avoiding these common mistakes helps you write more efficient, secure, and maintainable Laravel applications. Continuous learning and code reviews are key to improving code quality.