Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarQube for IDE
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarQube Cloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube Server

Secrets
ABAP
Ansible
Apex
AzureResourceManager
C
C#
C++
CloudFormation
COBOL
CSS
Dart
Docker
Flex
GitHub Actions
Go
HTML
Java
JavaScript
JSON
JCL
Kotlin
Kubernetes
Objective C
PHP
PL/I
PL/SQL
Python
RPG
Ruby
Rust
Scala
Shell
Swift
Terraform
Text
TypeScript
T-SQL
VB.NET
VB6
XML
YAML

PHP static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your PHP code

Tags

Impact

Clean code attribute

The number of arguments passed to a function should match the number of parameters
Bug
Non-empty statements should change control flow or have at least one side-effect
Bug
Variables should be initialized before use
Bug
Regular expressions should have valid delimiters
Bug
Replacement strings should reference existing regular expression groups
Bug
Alternation in regular expressions should not contain empty alternatives
Bug
Regex lookahead assertions should not be contradictory
Bug
Back references in regular expressions should only refer to capturing groups that are matched before the reference
Bug
Regex boundaries should not be used in a way that can never be matched
Bug
Regex patterns following a possessive quantifier should not always fail
Bug
Assertions should not be made at the end of blocks expecting an exception
Bug
Class of caught exception should be defined
Bug
Unicode Grapheme Clusters should be avoided inside regex character classes
Bug
Assertions should not compare an object to itself
Bug
Regular expressions should be syntactically valid
Bug
Regex alternatives should not be redundant
Bug
Alternatives in regular expressions should be grouped when used with anchors
Bug
Repeated patterns in regular expressions should not match the empty string
Bug
Only one method invocation is expected when testing exceptions
Bug
Assertion failure exceptions should not be ignored
Bug
Caught Exceptions must derive from Throwable
Bug
Raised Exceptions must derive from Throwable
Bug
References used in "foreach" loops should be "unset"
Bug
Array values should not be replaced unconditionally
Bug
Exceptions should not be created without being thrown
Bug
Array or Countable object count comparisons should make sense
Bug
All branches in a conditional structure should not have exactly the same implementation
Bug
The output of functions that don't return anything should not be used
Bug
Unary prefix operators should not be repeated
Bug
Non-existent operators like "=+" should not be used
Bug
A "for" loop update clause should move the counter in the right direction
Bug
Return values from functions without side effects should not be ignored
Bug
Values should not be uselessly incremented
Bug
Static members should be referenced with "static::"
Bug
Files that define symbols should not cause side-effects
Bug
"$this" should not be used in a static context
Bug
"require_once" and "include_once" should be used instead of "require" and "include"
Bug
Errors should not be silenced
Bug
Files should not contain characters before "<?php"
Bug
Related "if/else if" statements and "cases" in a "switch" should not have the same condition
Bug
Objects should not be created to be dropped immediately without being used
Bug
"exit(...)" and "die(...)" statements should not be used
Bug
Method visibility should be explicitly declared
Bug
Identical expressions should not be used on both sides of a binary operator
Bug
All code should be reachable
Bug
Loops with at most one iteration should be refactored
Bug
Short-circuit logic should be used to prevent null pointer dereferences in conditionals
Bug
Variables should not be self-assigned
Bug
Function and method parameters' initial values should not be ignored
Bug
Useless "if(true) {...}" and "if(false){...}" blocks should be removed
Bug
All "catch" blocks should be able to catch exceptions
Bug

Raised Exceptions must derive from Throwable

intentionality - logical

reliability

Bug

Why is this an issue?

Instances of classes that do not derive from the "Throwable" interface cannot be used in a PHP "throw" statement.

Many built-in exceptions such as "Exception" and the SPL exception classes do implement the "Throwable" interface and can be extended when creating custom exceptions.

This rule raises an issue when an instance of a class that does not implement the "Throwable" interface is used in a "throw" statement .

Noncompliant code example

class NoThrowable {}

throw new NoThrowable(); // Noncompliant

Compliant solution

<?php

class SomeThrowable implements Throwable {
    // Implementation of the Throwable methods
}

throw new SomeThrowable(); // Compliant

class SomeCustomException extends Exception {}

throw new SomeCustomException(); // Compliant{code}

Available In:

Catch issues on the fly,
in your IDE

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

Analyze code in your
on-premise CI

Available Since
9.1

Analyze code in your
on-premise CI

Developer Edition
Available Since
9.1

In-IDE

SaaS

Self-Hosted