Mistake #1: Not handling rate limits
The cost: $340 in API overage charges
I was scraping an API that charged $0.001 per request. My script had a bug: the retry logic created an infinite loop. I went to lunch. Came back to 340,000 requests and a surprise bill.
# What I wrote (WRONG)
def fetch_data(url):
while True:
resp = requests.get(url)
if resp.status_code == 200:
return resp.json()
# No break condition. No max retries. No sleep.
# What I should have written
from tenacity import retry, stop_after_attempt, wait_exponential
@retry(stop=stop_after_attempt(3), wait=wait_exponential(multiplier=1, max=10))
def fetch_data(url):
resp = requests.get(url)
resp.raise_for_status()
return resp.json()
Lesson: Every network call needs a maximum retry count and exponential backoff. Always.
Mistake #2: Using float for money
The cost: $127 in rounding errors over 6 months
>>> 0.1 + 0.2
0.30000000000000004
>>> price = 19.99
>>> quantity = 3
>>> total = price * quantity
>>> total
59.970000000000006 # Not 59.97!
This tiny difference compounds. Over thousands of transactions, we were off by $127.
# Fix: use Decimal for ALL money calculations
from decimal import Decimal
price = Decimal('19.99')
quantity = 3
total = price * quantity # Decimal('59.97') — exact
Mistake #3: Storing passwords in plain text
The cost: Almost got fired
Early in my career, I stored user passwords in a SQLite database. In plain text. The database file was committed to GitHub. A public repo.
I found out when a security researcher emailed my boss.
# NEVER do this
db.execute('INSERT INTO users (email, password) VALUES (?, ?)', (email, password))
# Always hash passwords
import bcrypt
hashed = bcrypt.hashpw(password.encode(), bcrypt.gensalt())
db.execute('INSERT INTO users (email, password_hash) VALUES (?, ?)', (email, hashed))
Lesson: If you can read the password, it's wrong.
Mistake #4: Not using virtual environments
The cost: 2 days of debugging + a broken production server
I installed a package globally that conflicted with another project's dependencies. Both projects broke. I spent 2 days figuring out why import pandas was importing the wrong version.
# The fix: ALWAYS use virtual environments
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
Now I create a venv before writing a single line of code. Non-negotiable.
Mistake #5: Catching all exceptions
The cost: 3 weeks of silently corrupted data
# What I wrote (WRONG)
try:
data = process_record(record)
save_to_db(data)
except Exception:
pass # "It'll be fine"
This hid a TypeError that was causing 15% of records to be saved with null values. For 3 weeks. Nobody noticed because the script "never crashed."
# What I should have written
try:
data = process_record(record)
save_to_db(data)
except (ConnectionError, TimeoutError) as e:
logger.warning(f'Network error, retrying: {e}')
retry_queue.append(record)
except Exception as e:
logger.error(f'Unexpected error processing {record}: {e}')
raise # Don't swallow unexpected errors
Lesson: Only catch exceptions you expect and know how to handle.
Total damage: ~$467 + almost getting fired + weeks of debugging
Every one of these mistakes taught me more than any tutorial. But I wish someone had warned me.
What's YOUR most expensive coding mistake? Not the most embarrassing — the one that cost real money or real time.
I build automation tools and write about Python mistakes so you don't have to make them. Follow for more.
More from me: 10 Dev Tools I Use Daily | 77 Scrapers on a Schedule | 150+ Free APIs
Top comments (0)