DevelopmentCodeFragment

Since: 2.3.0

Functions like vardump(), printr() etc. are normally only used during development and therefore such calls in production code are a good indicator that they were just forgotten.

Example

class SuspectCode {

    public function doSomething(array $items)
    {
        foreach ($items as $i => $item) {
            // …

            if ('qafoo' == $item) var_dump($i);

            // …
        }
    }
}

Source https://phpmd.org/rules/design.html#developmentcodefragment

TooManyPublicMethods

Since: 0.1

A class with too many public methods is probably a good suspect for refactoring, in order to reduce its complexity and find a way to have more fine grained objects.

By default it ignores methods starting with 'get' or 'set'.

Example

Source https://phpmd.org/rules/codesize.html#toomanypublicmethods

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

• Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
• Code is considered more complex for each "break in the linear flow of the code"
• Code is considered more complex when "flow breaking structures are nested"

Further reading

• Cognitive Complexity docs
• Cognitive Complexity: A new way of measuring understandability

Having too many return statements in a function increases the function's essential complexity because the flow of execution is broken each time a return statement is encountered. This makes it harder to read and understand the logic of the function.

Noncompliant Code Example

With the default threshold of 3:

function myFunction(){ // Noncompliant as there are 4 return statements
  if (condition1) {
    return true;
  } else {
    if (condition2) {
      return false;
    } else {
      return true;
    }
  }
  return false;
}

MissingImport

Since: 2.7.0

Importing all external classes in a file through use statements makes them clearly visible.

Example

function make() {
    return new \stdClass();
}

Source http://phpmd.org/rules/cleancode.html#MissingImport

MissingImport

Since: 2.7.0

Importing all external classes in a file through use statements makes them clearly visible.

Example

function make() {
    return new \stdClass();
}

Source http://phpmd.org/rules/cleancode.html#MissingImport

MissingImport

Since: 2.7.0

Importing all external classes in a file through use statements makes them clearly visible.

Example

function make() {
    return new \stdClass();
}

Source http://phpmd.org/rules/cleancode.html#MissingImport

MissingImport

Since: 2.7.0

Importing all external classes in a file through use statements makes them clearly visible.

Example

function make() {
    return new \stdClass();
}

Source http://phpmd.org/rules/cleancode.html#MissingImport

MissingImport

Since: 2.7.0

Importing all external classes in a file through use statements makes them clearly visible.

Example

function make() {
    return new \stdClass();
}

Source http://phpmd.org/rules/cleancode.html#MissingImport

MissingImport

Since: 2.7.0

Importing all external classes in a file through use statements makes them clearly visible.

Example

function make() {
    return new \stdClass();
}

Source http://phpmd.org/rules/cleancode.html#MissingImport

MissingImport

Since: 2.7.0

Importing all external classes in a file through use statements makes them clearly visible.

Example

function make() {
    return new \stdClass();
}

Source http://phpmd.org/rules/cleancode.html#MissingImport

MissingImport

Since: 2.7.0

Importing all external classes in a file through use statements makes them clearly visible.

Example

function make() {
    return new \stdClass();
}

Source http://phpmd.org/rules/cleancode.html#MissingImport

MissingImport

Since: 2.7.0

Importing all external classes in a file through use statements makes them clearly visible.

Example

function make() {
    return new \stdClass();
}

Source http://phpmd.org/rules/cleancode.html#MissingImport

ElseExpression

Since: 1.4.0

An if expression with an else branch is basically not necessary. You can rewrite the conditions in a way that the else clause is not necessary and the code becomes simpler to read. To achieve this, use early return statements, though you may need to split the code it several smaller methods. For very simple assignments you could also use the ternary operations.

Example

class Foo
{
    public function bar($flag)
    {
        if ($flag) {
            // one branch
        } else {
            // another branch
        }
    }
}

Source https://phpmd.org/rules/cleancode.html#elseexpression

Shadowing fields with a local variable is a bad practice that reduces code readability: it makes it confusing to know whether the field or the variable is being used.

Noncompliant Code Example

class Foo {
  public $myField;

  public function doSomething() {
    $myField = 0;
    ...
  }
}

See

• CERT, DCL51-J. - Do not shadow or obscure identifiers in subscopes

Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.

On the other hand, constants can be referenced from many places, but only need to be updated in a single place.

Noncompliant Code Example

With the default threshold of 3:

function run() {
  prepare('action1');                              // Non-Compliant - 'action1' is duplicated 3 times
  execute('action1');
  release('action1');
}

Compliant Solution

ACTION_1 = 'action1';

function run() {
  prepare(ACTION_1);
  execute(ACTION_1);
  release(ACTION_1);
}

Exceptions

To prevent generating some false-positives, literals having less than 5 characters are excluded.

Shadowing fields with a local variable is a bad practice that reduces code readability: it makes it confusing to know whether the field or the variable is being used.

Noncompliant Code Example

class Foo {
  public $myField;

  public function doSomething() {
    $myField = 0;
    ...
  }
}

See

• CERT, DCL51-J. - Do not shadow or obscure identifiers in subscopes

Shadowing fields with a local variable is a bad practice that reduces code readability: it makes it confusing to know whether the field or the variable is being used.

Noncompliant Code Example

class Foo {
  public $myField;

  public function doSomething() {
    $myField = 0;
    ...
  }
}

See

• CERT, DCL51-J. - Do not shadow or obscure identifiers in subscopes

Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.

On the other hand, constants can be referenced from many places, but only need to be updated in a single place.

Noncompliant Code Example

With the default threshold of 3:

function run() {
  prepare('action1');                              // Non-Compliant - 'action1' is duplicated 3 times
  execute('action1');
  release('action1');
}

Compliant Solution

ACTION_1 = 'action1';

function run() {
  prepare(ACTION_1);
  execute(ACTION_1);
  release(ACTION_1);
}

Exceptions

To prevent generating some false-positives, literals having less than 5 characters are excluded.

Shadowing fields with a local variable is a bad practice that reduces code readability: it makes it confusing to know whether the field or the variable is being used.

Noncompliant Code Example

class Foo {
  public $myField;

  public function doSomething() {
    $myField = 0;
    ...
  }
}

See

• CERT, DCL51-J. - Do not shadow or obscure identifiers in subscopes

Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.

On the other hand, constants can be referenced from many places, but only need to be updated in a single place.

Noncompliant Code Example

With the default threshold of 3:

function run() {
  prepare('action1');                              // Non-Compliant - 'action1' is duplicated 3 times
  execute('action1');
  release('action1');
}

Compliant Solution

ACTION_1 = 'action1';

function run() {
  prepare(ACTION_1);
  execute(ACTION_1);
  release(ACTION_1);
}

Exceptions

To prevent generating some false-positives, literals having less than 5 characters are excluded.

While not technically incorrect, the omission of curly braces can be misleading, and may lead to the introduction of errors during maintenance.

Noncompliant Code Example

if (condition)  // Noncompliant
  executeSomething();

Compliant Solution

if (condition) {
  executeSomething();
}

See

• MISRA C:2004, 14.8 - The statement forming the body of a switch, while, do ... while or for statement shall be a compound statement
• MISRA C:2004, 14.9 - An if (expression) construct shall be followed by a compound statement. The else keyword shall be followed by either a compound statement, or another if statement
• MISRA C++:2008, 6-3-1 - The statement forming the body of a switch, while, do ... while or for statement shall be a compound statement
• MISRA C++:2008, 6-4-1 - An if (condition) construct shall be followed by a compound statement. The else keyword shall be followed by either a compound statement, or another if statement
• MISRA C:2012, 15.6 - The body of an iteration-statement or a selection-statement shall be a compound-statement
• CERT, EXP19-C. - Use braces for the body of an if, for, or while statement
• CERT, EXP52-J. - Use braces for the body of an if, for, or while statement

Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.

On the other hand, constants can be referenced from many places, but only need to be updated in a single place.

Noncompliant Code Example

With the default threshold of 3:

function run() {
  prepare('action1');                              // Non-Compliant - 'action1' is duplicated 3 times
  execute('action1');
  release('action1');
}

Compliant Solution

ACTION_1 = 'action1';

function run() {
  prepare(ACTION_1);
  execute(ACTION_1);
  release(ACTION_1);
}

Exceptions

To prevent generating some false-positives, literals having less than 5 characters are excluded.

Shadowing fields with a local variable is a bad practice that reduces code readability: it makes it confusing to know whether the field or the variable is being used.

Noncompliant Code Example

class Foo {
  public $myField;

  public function doSomething() {
    $myField = 0;
    ...
  }
}

See

• CERT, DCL51-J. - Do not shadow or obscure identifiers in subscopes

Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.

On the other hand, constants can be referenced from many places, but only need to be updated in a single place.

Noncompliant Code Example

With the default threshold of 3:

function run() {
  prepare('action1');                              // Non-Compliant - 'action1' is duplicated 3 times
  execute('action1');
  release('action1');
}

Compliant Solution

ACTION_1 = 'action1';

function run() {
  prepare(ACTION_1);
  execute(ACTION_1);
  release(ACTION_1);
}

Exceptions

To prevent generating some false-positives, literals having less than 5 characters are excluded.

Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.

On the other hand, constants can be referenced from many places, but only need to be updated in a single place.

Noncompliant Code Example

With the default threshold of 3:

function run() {
  prepare('action1');                              // Non-Compliant - 'action1' is duplicated 3 times
  execute('action1');
  release('action1');
}

Compliant Solution

ACTION_1 = 'action1';

function run() {
  prepare(ACTION_1);
  execute(ACTION_1);
  release(ACTION_1);
}

Exceptions

To prevent generating some false-positives, literals having less than 5 characters are excluded.

If you throw a general exception type, such as ErrorException, RuntimeException, or Exception in a library or framework, it forces consumers to catch all exceptions, including unknown exceptions that they do not know how to handle.

Instead, either throw a subtype that already exists in the Standard PHP Library, or create your own type that derives from Exception.

Noncompliant Code Example

throw new Exception();  // Noncompliant

Compliant Solution

throw new InvalidArgumentException();
// or
throw new UnexpectedValueException();

See

• MITRE, CWE-397 - Declaration of Throws for Generic Exception
• CERT, ERR07-J. - Do not throw RuntimeException, Exception, or Throwable

Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.

On the other hand, constants can be referenced from many places, but only need to be updated in a single place.

Noncompliant Code Example

With the default threshold of 3:

function run() {
  prepare('action1');                              // Non-Compliant - 'action1' is duplicated 3 times
  execute('action1');
  release('action1');
}

Compliant Solution

ACTION_1 = 'action1';

function run() {
  prepare(ACTION_1);
  execute(ACTION_1);
  release(ACTION_1);
}

Exceptions

To prevent generating some false-positives, literals having less than 5 characters are excluded.

Shadowing fields with a local variable is a bad practice that reduces code readability: it makes it confusing to know whether the field or the variable is being used.

Noncompliant Code Example

class Foo {
  public $myField;

  public function doSomething() {
    $myField = 0;
    ...
  }
}

See

• CERT, DCL51-J. - Do not shadow or obscure identifiers in subscopes

ShortVariable

Since: 0.2

Detects when a field, local, or parameter has a very short name.

Example

class Something {
    private $q = 15; // VIOLATION - Field
    public static function main( array $as ) { // VIOLATION - Formal
        $r = 20 + $this->q; // VIOLATION - Local
        for (int $i = 0; $i < 10; $i++) { // Not a Violation (inside FOR)
            $r += $this->q;
        }
    }
}

Source https://phpmd.org/rules/naming.html#shortvariable

ShortVariable

Since: 0.2

Detects when a field, local, or parameter has a very short name.

Example

class Something {
    private $q = 15; // VIOLATION - Field
    public static function main( array $as ) { // VIOLATION - Formal
        $r = 20 + $this->q; // VIOLATION - Local
        for (int $i = 0; $i < 10; $i++) { // Not a Violation (inside FOR)
            $r += $this->q;
        }
    }
}

Source https://phpmd.org/rules/naming.html#shortvariable

ShortVariable

Since: 0.2

Detects when a field, local, or parameter has a very short name.

Example

class Something {
    private $q = 15; // VIOLATION - Field
    public static function main( array $as ) { // VIOLATION - Formal
        $r = 20 + $this->q; // VIOLATION - Local
        for (int $i = 0; $i < 10; $i++) { // Not a Violation (inside FOR)
            $r += $this->q;
        }
    }
}

Source https://phpmd.org/rules/naming.html#shortvariable

ShortVariable

Since: 0.2

Detects when a field, local, or parameter has a very short name.

Example

class Something {
    private $q = 15; // VIOLATION - Field
    public static function main( array $as ) { // VIOLATION - Formal
        $r = 20 + $this->q; // VIOLATION - Local
        for (int $i = 0; $i < 10; $i++) { // Not a Violation (inside FOR)
            $r += $this->q;
        }
    }
}

Source https://phpmd.org/rules/naming.html#shortvariable

ShortVariable

Since: 0.2

Detects when a field, local, or parameter has a very short name.

Example

class Something {
    private $q = 15; // VIOLATION - Field
    public static function main( array $as ) { // VIOLATION - Formal
        $r = 20 + $this->q; // VIOLATION - Local
        for (int $i = 0; $i < 10; $i++) { // Not a Violation (inside FOR)
            $r += $this->q;
        }
    }
}

Source https://phpmd.org/rules/naming.html#shortvariable

ShortVariable

Since: 0.2

Detects when a field, local, or parameter has a very short name.

Example

class Something {
    private $q = 15; // VIOLATION - Field
    public static function main( array $as ) { // VIOLATION - Formal
        $r = 20 + $this->q; // VIOLATION - Local
        for (int $i = 0; $i < 10; $i++) { // Not a Violation (inside FOR)
            $r += $this->q;
        }
    }
}

Source https://phpmd.org/rules/naming.html#shortvariable

CamelCaseClassName

Since: 0.2

It is considered best practice to use the CamelCase notation to name classes.

Example

class class_name {
}

Source

ShortVariable

Since: 0.2

Detects when a field, local, or parameter has a very short name.

Example

class Something {
    private $q = 15; // VIOLATION - Field
    public static function main( array $as ) { // VIOLATION - Formal
        $r = 20 + $this->q; // VIOLATION - Local
        for (int $i = 0; $i < 10; $i++) { // Not a Violation (inside FOR)
            $r += $this->q;
        }
    }
}

Source https://phpmd.org/rules/naming.html#shortvariable

ShortVariable

Since: 0.2

Detects when a field, local, or parameter has a very short name.

Example

class Something {
    private $q = 15; // VIOLATION - Field
    public static function main( array $as ) { // VIOLATION - Formal
        $r = 20 + $this->q; // VIOLATION - Local
        for (int $i = 0; $i < 10; $i++) { // Not a Violation (inside FOR)
            $r += $this->q;
        }
    }
}

Source https://phpmd.org/rules/naming.html#shortvariable

CamelCaseParameterName

Since: 0.2

It is considered best practice to use the camelCase notation to name parameters.

Example

class ClassName {
    public function doSomething($user_name) {
    }
}

Source

ShortVariable

Since: 0.2

Detects when a field, local, or parameter has a very short name.

Example

class Something {
    private $q = 15; // VIOLATION - Field
    public static function main( array $as ) { // VIOLATION - Formal
        $r = 20 + $this->q; // VIOLATION - Local
        for (int $i = 0; $i < 10; $i++) { // Not a Violation (inside FOR)
            $r += $this->q;
        }
    }
}

Source https://phpmd.org/rules/naming.html#shortvariable

CamelCaseParameterName

Since: 0.2

It is considered best practice to use the camelCase notation to name parameters.

Example

class ClassName {
    public function doSomething($user_name) {
    }
}

Source

CamelCaseParameterName

Since: 0.2

It is considered best practice to use the camelCase notation to name parameters.

Example

class ClassName {
    public function doSomething($user_name) {
    }
}

Source

ShortVariable

Since: 0.2

Detects when a field, local, or parameter has a very short name.

Example

class Something {
    private $q = 15; // VIOLATION - Field
    public static function main( array $as ) { // VIOLATION - Formal
        $r = 20 + $this->q; // VIOLATION - Local
        for (int $i = 0; $i < 10; $i++) { // Not a Violation (inside FOR)
            $r += $this->q;
        }
    }
}

Source https://phpmd.org/rules/naming.html#shortvariable

ShortVariable

Since: 0.2

Detects when a field, local, or parameter has a very short name.

Example

class Something {
    private $q = 15; // VIOLATION - Field
    public static function main( array $as ) { // VIOLATION - Formal
        $r = 20 + $this->q; // VIOLATION - Local
        for (int $i = 0; $i < 10; $i++) { // Not a Violation (inside FOR)
            $r += $this->q;
        }
    }
}

Source https://phpmd.org/rules/naming.html#shortvariable

ShortVariable

Since: 0.2

Detects when a field, local, or parameter has a very short name.

Example

class Something {
    private $q = 15; // VIOLATION - Field
    public static function main( array $as ) { // VIOLATION - Formal
        $r = 20 + $this->q; // VIOLATION - Local
        for (int $i = 0; $i < 10; $i++) { // Not a Violation (inside FOR)
            $r += $this->q;
        }
    }
}

Source https://phpmd.org/rules/naming.html#shortvariable

ShortVariable

Since: 0.2

Detects when a field, local, or parameter has a very short name.

Example

class Something {
    private $q = 15; // VIOLATION - Field
    public static function main( array $as ) { // VIOLATION - Formal
        $r = 20 + $this->q; // VIOLATION - Local
        for (int $i = 0; $i < 10; $i++) { // Not a Violation (inside FOR)
            $r += $this->q;
        }
    }
}

Source https://phpmd.org/rules/naming.html#shortvariable

ShortVariable

Since: 0.2

Detects when a field, local, or parameter has a very short name.

Example

class Something {
    private $q = 15; // VIOLATION - Field
    public static function main( array $as ) { // VIOLATION - Formal
        $r = 20 + $this->q; // VIOLATION - Local
        for (int $i = 0; $i < 10; $i++) { // Not a Violation (inside FOR)
            $r += $this->q;
        }
    }
}

Source https://phpmd.org/rules/naming.html#shortvariable

CamelCaseVariableName

Since: 0.2

It is considered best practice to use the camelCase notation to name variables.

Example

class ClassName {
    public function doSomething() {
        $data_module = new DataModule();
    }
}

Source

CamelCaseVariableName

Since: 0.2

It is considered best practice to use the camelCase notation to name variables.

Example

class ClassName {
    public function doSomething() {
        $data_module = new DataModule();
    }
}

Source

CamelCaseVariableName

Since: 0.2

It is considered best practice to use the camelCase notation to name variables.

Example

class ClassName {
    public function doSomething() {
        $data_module = new DataModule();
    }
}

Source

CamelCaseVariableName

Since: 0.2

It is considered best practice to use the camelCase notation to name variables.

Example

class ClassName {
    public function doSomething() {
        $data_module = new DataModule();
    }
}

Source

CamelCaseVariableName

Since: 0.2

It is considered best practice to use the camelCase notation to name variables.

Example

class ClassName {
    public function doSomething() {
        $data_module = new DataModule();
    }
}

Source

CamelCaseVariableName

Since: 0.2

It is considered best practice to use the camelCase notation to name variables.

Example

class ClassName {
    public function doSomething() {
        $data_module = new DataModule();
    }
}

Source

CamelCaseVariableName

Since: 0.2

It is considered best practice to use the camelCase notation to name variables.

Example

class ClassName {
    public function doSomething() {
        $data_module = new DataModule();
    }
}

Source

CamelCaseVariableName

Since: 0.2

It is considered best practice to use the camelCase notation to name variables.

Example

class ClassName {
    public function doSomething() {
        $data_module = new DataModule();
    }
}

Source

CamelCaseVariableName

Since: 0.2

It is considered best practice to use the camelCase notation to name variables.

Example

class ClassName {
    public function doSomething() {
        $data_module = new DataModule();
    }
}

Source

CamelCaseVariableName

Since: 0.2

It is considered best practice to use the camelCase notation to name variables.

Example

class ClassName {
    public function doSomething() {
        $data_module = new DataModule();
    }
}

Source

CamelCaseVariableName

Since: 0.2

It is considered best practice to use the camelCase notation to name variables.

Example

class ClassName {
    public function doSomething() {
        $data_module = new DataModule();
    }
}

Source