← Back to changelog

New PHP Checks

Today we’re excited to release our first new PHP analysis checks since launching our PHP public beta.

Working with early customers and developers in the PHP community, we’ve focused on creating checks that flag a number of specific, impactful and actionable issues related to code clarity, security, compatibility and potential for bugs.

In addition to complexity and duplication, Code Climate now checks your PHP code for:

  • Non-standard PHP opening tags

    Non-standard PHP opening tags such as <%, <? or even <script language=php"> are less portable than the standard, recommended <?php tag.

  • PHP closing tags

    Using PHP closing tags is prohibited by many style guides, including PSR-2, Zend Framework, Symfony, and CodeIgniter. By omitting the closing tag you can avoid a common class of bugs which cause malformed or just plain broken responses.

  • Eval use

    Just say “no” to eval. Using eval inevitably leads to insecure, slow, and hard to follow code.

  • Superglobal use

    Direct access to superglobals such as $GLOBALS, $_GET and $_ENV can create both maintainability and security problems. For these and other reasons many PHP frameworks wrap superglobals in a Request object.

  • Classes with too many public methods

    A class with an excessive number of public methods has too many responsibilities and is a coupling liability that can be difficult to refactor.

  • Short method names

    We’ll flag any method names that are 1-2 characters long. Short method names convey too little information at best, and are confusing or error prone at worst.

  • Error suppression using @

    Placing an @ symbol before an expression in PHP suppresses any errors generated by that expression, including fatal errors. This makes debugging code difficult, and goes against the best practice of gracefully handling errors.

  • Non-uppercased constants

    The PHP manual, along with PHP-FIG’s PSR-1, recommends that the names of constants should always be uppercase. This makes them easy to identify and easier to scan for when reading the code.

  • Too many arguments to a method

    Methods or functions which take too many parameters are inconvenient and error-prone for consumers of the code and are confusing in terms of design. This check previously existed, but we’ve tuned and calibrated it to be more strict.

Stay tuned, we’ve got more checks on the way.

New PHP Checks

Actionable metrics for engineering leaders. Try Velocity Free