SonarSource Rules
  • Products

    In-IDE

    Code Quality and Security in your IDE with SonarQube Ide

    IDE extension that lets you fix coding issues before they exist!

    Discover SonarQube for IDE

    SaaS

    Code Quality and Security in the cloud with SonarQube Cloud

    Setup is effortless and analysis is automatic for most languages

    Discover SonarQube Cloud

    Self-Hosted

    Code Quality and Security Self-Hosted with SonarQube Server

    Fast, accurate analysis; enterprise scalability

    Discover SonarQube Server
  • SecretsSecrets
  • ABAPABAP
  • AnsibleAnsible
  • ApexApex
  • AzureResourceManagerAzureResourceManager
  • CC
  • C#C#
  • C++C++
  • CloudFormationCloudFormation
  • COBOLCOBOL
  • CSSCSS
  • DartDart
  • DockerDocker
  • FlexFlex
  • GitHub ActionsGitHub Actions
  • GoGo
  • HTMLHTML
  • JavaJava
  • JavaScriptJavaScript
  • JSONJSON
  • JCLJCL
  • KotlinKotlin
  • KubernetesKubernetes
  • Objective CObjective C
  • PHPPHP
  • PL/IPL/I
  • PL/SQLPL/SQL
  • PythonPython
  • RPGRPG
  • RubyRuby
  • RustRust
  • ScalaScala
  • ShellShell
  • SwiftSwift
  • TerraformTerraform
  • TextText
  • TypeScriptTypeScript
  • T-SQLT-SQL
  • VB.NETVB.NET
  • VB6VB6
  • XMLXML
  • YAMLYAML
PHP

PHP static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your PHP code

  • All rules 273
  • Vulnerability42
  • Bug51
  • Security Hotspot34
  • Code Smell146
Filtered: 34 rules found
convention
    Impact
      Clean code attribute
        1. Classes named like "Exception" should extend "Exception" or a subclass

           Code Smell
        2. The names of methods with boolean return values should start with "is" or "has"

           Code Smell
        3. Perl-style comments should not be used

           Code Smell
        4. Colors should be defined in upper case

           Code Smell
        5. "global" should not be used

           Code Smell
        6. Files should not contain inline HTML

           Code Smell
        7. "final" should not be used redundantly

           Code Smell
        8. Source code should comply with formatting standards

           Code Smell
        9. "elseif" keyword should be used in place of "else if" keywords

           Code Smell
        10. Method visibility should be explicitly declared

           Bug
        11. PHP keywords and constants "true", "false", "null" should be lower case

           Code Smell
        12. Only LF character (Unix-like) should be used to end lines

           Code Smell
        13. More than one property should not be declared per statement

           Code Smell
        14. The "var" keyword should not be used

           Code Smell
        15. "<?php" and "<?=" tags should be used

           Code Smell
        16. "__construct" functions should not make PHP 4-style calls to parent constructors

           Code Smell
        17. File names should comply with a naming convention

           Code Smell
        18. Track lack of copyright and license headers

           Code Smell
        19. Comments should not be located at the end of lines of code

           Code Smell
        20. Statements should be on separate lines

           Code Smell
        21. Local variable and function parameter names should comply with a naming convention

           Code Smell
        22. Field names should comply with a naming convention

           Code Smell
        23. Constant names should comply with a naming convention

           Code Smell
        24. Interface names should comply with a naming convention

           Code Smell
        25. Lines should not end with trailing whitespaces

           Code Smell
        26. Files should end with a newline

           Code Smell
        27. Modifiers should be declared in the correct order

           Code Smell
        28. A close curly brace should be located at the beginning of a line

           Code Smell
        29. An open curly brace should be located at the beginning of a line

           Code Smell
        30. An open curly brace should be located at the end of a line

           Code Smell
        31. Tabulation characters should not be used

           Code Smell
        32. Lines should not be too long

           Code Smell
        33. Class names should comply with a naming convention

           Code Smell
        34. Function names should comply with a naming convention

           Code Smell

        "<?php" and "<?=" tags should be used

        consistency - conventional
        maintainability
        Code Smell
        • convention
        • psr1

        Why is this an issue?

        More Info

        The <?php tag is used to explicitly mark the start of PHP code in a file. It is considered the recommended and portable way to open PHP blocks. On the other hand, the <?= tag is a shorthand for <?php echo and is specifically used to output variables or expressions directly without using the echo statement. Not using these tags can make the code less readable and harder to maintain, as it deviates from the standard conventions followed by most PHP developers.

        Noncompliant code example

        <?
        $foo = 1;
        ?>
        

        Compliant solution

        <?php
        $foo = 1;
        ?>
        
          Available In:
        • SonarQube IdeCatch issues on the fly,
          in your IDE
        • SonarQube CloudDetect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories
        • SonarQube Community BuildAnalyze code in your
          on-premise CI
          Available Since
          9.1
        • SonarQube ServerAnalyze code in your
          on-premise CI
          Developer Edition
          Available Since
          9.1

        © 2008-2025 SonarSource SA. All rights reserved.

        Privacy Policy | Cookie Policy | Terms of Use