SonarSource Rules
  • Products

    In-IDE

    Code Quality and Security in your IDE with SonarQube Ide

    IDE extension that lets you fix coding issues before they exist!

    Discover SonarQube for IDE

    SaaS

    Code Quality and Security in the cloud with SonarQube Cloud

    Setup is effortless and analysis is automatic for most languages

    Discover SonarQube Cloud

    Self-Hosted

    Code Quality and Security Self-Hosted with SonarQube Server

    Fast, accurate analysis; enterprise scalability

    Discover SonarQube Server
  • SecretsSecrets
  • ABAPABAP
  • AnsibleAnsible
  • ApexApex
  • AzureResourceManagerAzureResourceManager
  • CC
  • C#C#
  • C++C++
  • CloudFormationCloudFormation
  • COBOLCOBOL
  • CSSCSS
  • DartDart
  • DockerDocker
  • FlexFlex
  • GitHub ActionsGitHub Actions
  • GoGo
  • HTMLHTML
  • JavaJava
  • JavaScriptJavaScript
  • JSONJSON
  • JCLJCL
  • KotlinKotlin
  • KubernetesKubernetes
  • Objective CObjective C
  • PHPPHP
  • PL/IPL/I
  • PL/SQLPL/SQL
  • PythonPython
  • RPGRPG
  • RubyRuby
  • RustRust
  • ScalaScala
  • ShellShell
  • SwiftSwift
  • TerraformTerraform
  • TextText
  • TypeScriptTypeScript
  • T-SQLT-SQL
  • VB.NETVB.NET
  • VB6VB6
  • XMLXML
  • YAMLYAML
PHP

PHP static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your PHP code

  • All rules 273
  • Vulnerability42
  • Bug51
  • Security Hotspot34
  • Code Smell146
Filtered: 17 rules found
suspicious
    Impact
      Clean code attribute
        1. Constants should not be used as conditions

           Code Smell
        2. Methods should not have identical implementations

           Code Smell
        3. Array values should not be replaced unconditionally

           Bug
        4. A conditionally executed single line should be denoted by indentation

           Code Smell
        5. Conditionals should start on new lines

           Code Smell
        6. Assertion arguments should be passed in the correct order

           Code Smell
        7. Configuration should not be changed dynamically

           Code Smell
        8. PHP parser failure

           Code Smell
        9. Return values from functions without side effects should not be ignored

           Bug
        10. "&&" and "||" should be used

           Code Smell
        11. Two branches in a conditional structure should not have exactly the same implementation

           Code Smell
        12. Identical expressions should not be used on both sides of a binary operator

           Bug
        13. Switch cases should end with an unconditional "break" statement

           Code Smell
        14. Methods should not be empty

           Code Smell
        15. Assignments should not be made from within sub-expressions

           Code Smell
        16. Local variables should not have the same name as class fields

           Code Smell
        17. Nested blocks of code should not be left empty

           Code Smell

        Methods should not be empty

        intentionality - complete
        maintainability
        Code Smell
        • suspicious

        Why is this an issue?

        How can I fix it?

        An empty function is generally considered bad practice and can lead to confusion, readability, and maintenance issues. Empty functions bring no functionality and are misleading to others as they might think the function implementation fulfills a specific and identified requirement.

        There are several reasons for a function not to have a body:

        • It is an unintentional omission, and should be fixed to prevent an unexpected behavior in production.
        • It is not yet, or never will be, supported. In this case an exception should be thrown.
        • The method is an intentionally-blank override. In this case a nested comment should explain the reason for the blank override.

        Exceptions

        This rule doesn’t raise an issue on empty methods in abstract classes.

        abstract class Animal {
          public function speak() {}  // default implementation ignored
        }
        
          Available In:
        • SonarQube IdeCatch issues on the fly,
          in your IDE
        • SonarQube CloudDetect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories
        • SonarQube Community BuildAnalyze code in your
          on-premise CI
          Available Since
          9.1
        • SonarQube ServerAnalyze code in your
          on-premise CI
          Developer Edition
          Available Since
          9.1

        © 2008-2025 SonarSource SA. All rights reserved.

        Privacy Policy | Cookie Policy | Terms of Use