PHP Code Sniffer to vet code look for errors tidy and sanitize php code

PHP Code SnifferThe excellent PHP Code Sniffer is just one part of our quality control process and is widely used across the industry. There are actually two different sides to this tool:

  • It can scan code to find violations of a defined set of rules
  • In many cases, it can also fix the code and bring it into compliance

We’re mostly concerned with the first part–detecting the problems–so let’s start with an example. view rawsample.php hosted with ❤ by GitHubVarious things could be said about the above snippet (which simply displays someone’s name when submitted from an appropriately structured form) and an experienced coder will have no difficulty in pinpointing them.

  • Crucially, it is insecure: blindly trusting that the user did indeed submit their name and not a malicious piece of code just isn’t safe
  • The formatting isn’t very nice (in the WordPress world we love our whitespace!) … of course, this is a highly subjective statement. But on a large codebase it’s important to have consistency and avoid a mish-mash of different styles, which can lead to headaches and confusion.
<?php
// If the user submitted a form providing their name, display it back to them!
if (isset($_POST[name]))
echo Hello . $_POST[name] . ! How are you?;

 

Leave a comment