Analyzers Documentation

Adding Zero

[Since 0.8.4] - [ -P Structures/AddZero ] - [ Online docs ]

Adding 0 is useless, as 0 is the neutral element for addition. Besides, when one of the operands is an integer, PHP silently triggers a cast to integer for the other operand.

This rule also report using + with variables, proeprties, etc. which triggers an automated conversion to integer.

It is recommended to make the cast explicit with (int) .

<?php

// Explicit cast
$a = (int) foo();

// Useless addition
$a = foo() + 0;
$a = 0 + foo();

// Also works with minus
$b = 0 - $c; // drop the 0, but keep the minus
$b = $c - 0; // drop the 0 and the minus

$a += 0;
$a -= 0;

$z = '12';
print +$z + 1;

?>

• Remove the +/- 0, may be the whole assignation
• Use an explicit type casting operator (int)

Ambiguous Array Index

[Since 0.8.4] - [ -P Arrays/AmbiguousKeys ] - [ Online docs ]

Indexes should not be defined with different types than int or string.

Array indices only accept integers and strings, so any other type of literal is reported. In fact, null is turned into an empty string, booleans are turned into an integer, and real numbers are truncated (not rounded).

They are indeed distinct, but may lead to confusion.

<?php

$x = [ 1  => 1,
      '1' => 2,
      1.0 => 3,
      true => 4];
// $x only contains one element : 1 => 4

// Still wrong, immediate typecast to 1
$x[1.0]  = 5; 
$x[true] = 6; 

?>

• Only use string or integer as key for an array.
• Use transtyping operator (string) and (int) to make sure of the type

Array Index

[Since 0.8.4] - [ -P Arrays/Arrayindex ] - [ Online docs ]

List of all indexes used in arrays. The indexes are strings or integers. They are accessed with different syntaxes: either the square brackets, or the => operator.

<?php

// Index
$x['index'] = 1;

// in array creation
$a = array('index2' => 1);
$a2 = ['index3' => 2];

?>

Multidimensional Arrays

[Since 0.8.4] - [ -P Arrays/Multidimensional ] - [ Online docs ]

Multidimensional arrays are arrays of arrays. Each level of array is called a dimension. The number of dimensions is arbitrary, though it is recommende not to abuse it beyond 4.

<?php
    $x[1][2] = $x[2][3][4];
?>

Multiple Index Definition

[Since 0.8.4] - [ -P Arrays/MultipleIdenticalKeys ] - [ Online docs ]

This rules lists the indexes that are defined multiple times in the same array.

In reality, they are overwriting each other. This is most probably a typo or a failed copy/paste.

<?php
    // Multiple identical keys
    $x = array(1 => 2, 
               2 => 3,  
               1 => 3);

    // Multiple identical keys (sneaky version)
    $x = array(1 => 2, 
               1.1 => 3,  
               true => 4);

    // Multiple identical keys (automated version)
    $x = array(1 => 2, 
               3,        // This is the index 2
               2 => 4);  // this index is overwritten
?>

• Review the code and check that arrays only have keys defined once.
• Review carefully the code and check indirect values, like constants and static constants.

PHP Arrays Index

[Since 0.8.4] - [ -P Arrays/Phparrayindex ] - [ Online docs ]

List of indexes used when manipulating PHP arrays in the code. These indices usually carry semantic meanings, and should always be readable.

<?php

// HTTP_HOST is a PHP array index. 
$ip = 'http'.$_SERVER['HTTP_HOST'].'/'.$row['path'];

//'path' is not a PHP index

?>

Classes Names

[Since 0.8.4] - [ -P Classes/Classnames ] - [ Online docs ]

List of all classes, as defined in the application.

<?php

// foo is in the list
class foo {}

// Anonymous classes are not in the list
$o = class { function foo(){} }

?>

Constant Definition

[Since 0.8.4] - [ -P Classes/ConstantDefinition ] - [ Online docs ]

List of class constants being defined.

<?php

// traditional way of making constants
define('aConstant', 1);

// modern way of making constants
const anotherConstant = 2;

class foo {
    // Not a constant, a class constant.
    const aClassConstant = 3;
}

?>

Empty Classes

[Since 0.8.4] - [ -P Classes/EmptyClass ] - [ Online docs ]

Classes that do no define anything at all : no property, method nor constant. This is possibly dead code.

Empty classes are sometimes used to group classes; an interface may be used here for the same purpose, without inserting an extra level in the class hierarchy.
Classes that are directly derived from an exception are omitted.

<?php

//Empty class
class foo extends bar {}

//Not an empty class
class foo2 extends bar {
    const FOO = 2;
}

//Not an empty class, as derived from Exception
class barException extends \Exception {}

?>

• Remove the empty class: it is possibly dead code.
• Add some code to the class to make it concrete.
• Turn the class into an interface.

Magic Methods

[Since 0.8.4] - [ -P Classes/MagicMethod ] - [ Online docs ]

List of PHP magic methods being used. The magic methods are

__call(), __callStatic(), __get(), __set(), __isset(), __unset(), __sleep(), __wakeup(), __toString(), __invoke(), __set_state(), __clone() and __debugInfo().

__construct and __destruct are omitted here, as they are routinely used to create and destroy objects.

<?php

class foo{
    // PHP Magic method, called when cloning an object.
    function __clone() {}
}
?>

Forgotten Visibility

[Since 0.8.4] - [ -P Classes/NonPpp ] - [ Online docs ]

Some classes elements (property, method, constant) are missing their explicit visibility.

By default, it is public. It should at least be mentioned as public, or may be reviewed as protected or private.

Class constants support also visibility since PHP 7.1.

final, static and abstract are not counted as visibility. Only public, private and protected. The PHP 4 var keyword is counted as undefined.

Traits, classes and interfaces are checked.

<?php

// Explicit visibility
class X {
    protected sconst NO_VISIBILITY_CONST = 1; // For PHP 7.2 and later

    private $noVisibilityProperty = 2; 
    
    public function Method() {}
}

// Missing visibility
class X {
    const NO_VISIBILITY_CONST = 1; // For PHP 7.2 and later

    var $noVisibilityProperty = 2; // Only with var
    
    function NoVisibilityForMethod() {}
}

?>

• Always add explicit visibility to methods and constants in a class
• Always add explicit visibility to properties in a class, after PHP 7.4

Non Static Methods Called In A Static

[Since 0.8.4] - [ -P Classes/NonStaticMethodsCalledStatic ] - [ Online docs ]

Static methods have to be declared as such (using the static keyword). Then, one may call them without instantiating the object.

PHP 7.0, and more recent versions, yield a deprecated error : Non-static method A::B() should not be called statically .

PHP 5 and older doesn't check that a method is static or not : at any point, the code may call one method statically.
It is a bad idea to call non-static method statically. Such method may make use of special
variable $this, which will be undefined. PHP will not check those calls at compile time,
nor at running time.

It is recommended to update this situation : make the method actually static, or use it only
in object context.

Note that this analysis reports all static method call made on a non-static method,
even within the same class or class hierarchy. PHP silently accepts static call to any
in-family method.

<?php
    class x {
        static public function sm( ) { echo __METHOD__.\n; }
        public public sm( ) { echo __METHOD__.\n; }
    } 
    
    x::sm( ); // echo x::sm 
    
    // Dynamic call
    ['x', 'sm']();
    [\x::class, 'sm']();

    $s = 'x::sm';
    $s();

?>

• Call the method the correct way
• Define the method as static

Old Style Constructor

[Since 0.8.4] - [ -P Classes/OldStyleConstructor ] - [ Online docs ]

PHP classes used to have the method bearing the same name as the class acts as the constructor. That was PHP 4, and early PHP 5.

The manual issues a warning about this syntax : Old style constructors are DEPRECATED in PHP 7.0, and will be removed in a future version. You should always use __construct() in new code.
This is no more the case in PHP 5, which relies on __construct() to do so. Having this old style constructor may bring in confusion, unless you are also supporting old time PHP 4.

Note that classes with methods bearing the class name, but inside a namespace are not following this convention, as this is not breaking backward compatibility. Those are excluded from the analyze.

<?php

namespace {
    // Global namespace is important
    class foo {
        function foo() {
            // This acts as the old-style constructor, and is reported by PHP
        }
    }

    class bar {
        function __construct() { }
        function bar() {
            // This doesn't act as constructor, as bar has a __construct() method
        }
    }
}

namespace Foo\Bar{
    class foo {
        function foo() {
            // This doesn't act as constructor, as bar is not in the global namespace
        }
    }
}

?>

• Remove old style constructor and make it __construct()
• Remove old libraries and use a modern component

Static Methods

[Since 0.8.4] - [ -P Classes/StaticMethods ] - [ Online docs ]

List of all static methods.

<?php

class foo {
    static public function staticMethod() {
        
    }
    
    public function notStaticMethod() {
    
    }
           
    private function method() {
        // This is not a property
        new static();
    }
}

?>

Static Methods Called From Object

[Since 0.8.4] - [ -P Classes/StaticMethodsCalledFromObject ] - [ Online docs ]

Static methods may be called without instantiating an object. As such, they never interact with the special variable '$this', as they do not depend on object existence.

Besides this, static methods are normal methods that may be called directly from object context, to perform some utility task.

To maintain code readability, it is recommended to call static method in a static way, rather than within object context.

<?php
    class x {
        static function y( ) {}
    }
    
    $z = new x( );
    
    $z->y( ); // Readability : no one knows it is a static call
    x::y( );  // Readability : here we know
?>

• Switch to static method syntax
• Remove the static option from the method

Static Properties

[Since 0.8.4] - [ -P Classes/StaticProperties ] - [ Online docs ]

List of all static properties.

<?php

class foo {
    static public $staticProperty = 1;
           public $notStaticProperty = 2;
           
    private function method() {
        // This is not a property
        new static();
    }
}

function bar() {
    // This is not a static property
    static $staticVariable;
    
    //....
}

?>

Constants Usage

[Since 0.8.4] - [ -P Constants/ConstantUsage ] - [ Online docs ]

List of constants in use in the source code. Constants are T_STRING, localised in specific part of the code.

For example, they can't be followed by a parenthesis, as this is a function call; nor preceded by a new operator, as this is an object instantiation.

<?php

const MY_CONST = 'Hello';

// PHP_EOL (native PHP Constant)
// MY_CONST (custom constant)
echo PHP_EOL . MY_CONST;

// Here, MY_CONST is actually a function name, and is omitted in this analysis
MY_CONST();

?>

Magic Constant Usage

[Since 0.8.4] - [ -P Constants/MagicConstantUsage ] - [ Online docs ]

There are eight magical constants that change depending on where they are used. For example, the value of __LINE__ depends on the line that it's used on in your script. These special constants are case-insensitive.

• __LINE__
  
• __FILE__
  
• __DIR__
  
• __FUNCTION__
  
• __CLASS__
  
• __TRAIT__
  
• __METHOD__
  
• __NAMESPACE__
  

<?php

echo 'This code is in file '__FILE__.', line '.__LINE__;

?>

PHP Constant Usage

[Since 0.8.4] - [ -P Constants/PhpConstantUsage ] - [ Online docs ]

List of PHP constants being used.

<?php

const MY_CONST = 'Hello';

// PHP_EOL (native PHP Constant)
// MY_CONST (custom constant, not reported)
echo PHP_EOL . MY_CONST;

?>

Defined Exceptions

[Since 0.8.4] - [ -P Exceptions/DefinedExceptions ] - [ Online docs ]

This is the list of defined exceptions. Those exceptions are custom to the code, and shall be thrown at one point or more in the code.

<?php

class myException extends \Exception {}

// A defined exception
throw new myException();

// not a defined exception : it is already defined. 
throw new \RuntimeException();

?>

Thrown Exceptions

[Since 0.8.4] - [ -P Exceptions/ThrownExceptions ] - [ Online docs ]

This rules reports the usage of the throw keyword. This means all these exceptions are raised at some point in the code.

<?php

throw new MyException("An error happened");

?>

ext/apc

[Since 0.8.4] - [ -P Extensions/Extapc ] - [ Online docs ]

Extension Alternative PHP Cache.

The Alternative PHP Cache (APC) is a free and open opcode cache for PHP. Its goal is to provide a free, open, and robust framework for caching and optimizing PHP intermediate code.

This extension is considered unmaintained and dead.

<?php
   $bar = 'BAR';
   apc_add('foo', $bar);
   var_dump(apc_fetch('foo'));
   echo PHP_EOL;

   $bar = 'NEVER GETS SET';
   apc_add('foo', $bar);
   var_dump(apc_fetch('foo'));
   echo PHP_EOL;
?>

ext/bcmath

[Since 0.8.4] - [ -P Extensions/Extbcmath ] - [ Online docs ]

Extension BC Math.

For arbitrary precision mathematics PHP offers the Binary Calculator which supports numbers of any size and precision up to 2147483647-1 (or 0x7FFFFFFF-1 ) decimals, represented as strings.

<?php

echo bcpow('2', '123'); 
//10633823966279326983230456482242756608

echo 2**123;
//1.0633823966279E+37
?>

ext/bzip2

[Since 0.8.4] - [ -P Extensions/Extbzip2 ] - [ Online docs ]

Extension ext/bzip2.

Bzip2 Functions for PHP.

<?php

$file = '/tmp/foo.bz2';
$bz = bzopen($file, 'r') or die('Couldn\'t open $file for reading');

bzclose($bz);

?>

ext/calendar

[Since 0.8.4] - [ -P Extensions/Extcalendar ] - [ Online docs ]

Extension ext/calendar.

The calendar extension presents a series of functions to simplify converting between different calendar formats.

<?php
$number = cal_days_in_month(CAL_GREGORIAN, 8, 2003); // 31
echo "There were {$number} days in August 2003";
?>

ext/crypto

[Since 0.8.4] - [ -P Extensions/Extcrypto ] - [ Online docs ]

Extension ext/crypto (PECL).

Objective PHP binding of OpenSSL Crypto library.

<?php
use Crypto\Cipher;
use Crypto\AlgorihtmException;
$algorithm = 'aes-256-cbc';
if (!Cipher::hasAlgorithm($algorithm)) {
    die('Algorithm $algorithm not found' . PHP_EOL);
}
try {
    $cipher = new Cipher($algorithm);
    // Algorithm method for retrieving algorithm
    echo 'Algorithm: ' . $cipher->getAlgorithmName() . PHP_EOL;
    // Params
    $key_len = $cipher->getKeyLength();
    $iv_len = $cipher->getIVLength();
    
    echo 'Key length: ' . $key_len . PHP_EOL;
    echo 'IV length: '  . $iv_len . PHP_EOL;
    echo 'Block size: ' . $cipher->getBlockSize() . PHP_EOL;
    // This is just for this example. You should never use such key and IV!
    $key = str_repeat('x', $key_len);
    $iv = str_repeat('i', $iv_len);
    // Test data
    $data1 = 'Test';
    $data2 = 'Data';
    $data = $data1 . $data2;
    // Simple encryption
    $sim_ct = $cipher->encrypt($data, $key, $iv);
    
    // init/update/finish encryption
    $cipher->encryptInit($key, $iv);
    $iuf_ct  = $cipher->encryptUpdate($data1);
    $iuf_ct .= $cipher->encryptUpdate($data2);
    $iuf_ct .= $cipher->encryptFinish();
    // Raw data output (used base64 format for printing)
    echo 'Ciphertext (sim): ' . base64_encode($sim_ct) . PHP_EOL;
    echo 'Ciphertext (iuf): ' . base64_encode($iuf_ct) . PHP_EOL;
    // $iuf_out == $sim_out
    $ct = $sim_ct;
    // Another way how to create a new cipher object (using the same algorithm and mode)
    $cipher = Cipher::aes(Cipher::MODE_CBC, 256);
    // Simple decryption
    $sim_text = $cipher->decrypt($ct, $key, $iv);
    
    // init/update/finish decryption
    $cipher->decryptInit($key, $iv);
    $iuf_text = $cipher->decryptUpdate($ct);
    $iuf_text .= $cipher->decryptFinish();
    // Raw data output ($iuf_out == $sim_out)
    echo 'Text (sim): ' . $sim_text . PHP_EOL;
    echo 'Text (iuf): ' . $iuf_text . PHP_EOL;
}
catch (AlgorithmException $e) {
    echo $e->getMessage() . PHP_EOL;
}

?>

ext/ctype

[Since 0.8.4] - [ -P Extensions/Extctype ] - [ Online docs ]

Extension ext/ctype.

Ext/ctype checks whether a character or string falls into a certain character class according to the current locale.

<?php
$strings = array('AbCd1zyZ9', 'foo!#$bar');
foreach ($strings as $testcase) {
    if (ctype_alnum($testcase)) {
        echo "The string $testcase consists of all letters or digits.\n";
    } else {
        echo "The string $testcase does not consist of all letters or digits.\n";
    }
}
?>

ext/curl

[Since 0.8.4] - [ -P Extensions/Extcurl ] - [ Online docs ]

Extension curl.

PHP supports libcurl, a library created by Daniel Stenberg. It allows the connection and communication to many different types of servers with many different types of protocols.

<?php

$ch = curl_init("http://www.example.com/");
$fp = fopen("example_homepage.txt", "w");

curl_setopt($ch, CURLOPT_FILE, $fp);
curl_setopt($ch, CURLOPT_HEADER, 0);

curl_exec($ch);
curl_close($ch);
fclose($fp);
?>

ext/date

[Since 0.8.4] - [ -P Extensions/Extdate ] - [ Online docs ]

Extension ext/date.

These functions allows the manipulation of date and time from the server where the PHP scripts are running.

<?php
$dt = new DateTime('2015-11-01 00:00:00', new DateTimeZone('America/New_York'));
echo 'Start: ', $dt->format('Y-m-d H:i:s P'), PHP_EOL;
$dt->add(new DateInterval('PT3H'));
echo 'End:   ', $dt->format('Y-m-d H:i:s P'), PHP_EOL;
?>

ext/dba

[Since 0.8.4] - [ -P Extensions/Extdba ] - [ Online docs ]

Extension ext/dba.

These functions build the foundation for accessing Berkeley DB style databases.

<?php

$id = dba_open('/tmp/test.db', 'n', 'db2');

if (!$id) {
    echo 'dba_open failed'.PHP_EOL;
    exit;
}

dba_replace('key', 'This is an example!', $id);

if (dba_exists('key', $id)) {
    echo dba_fetch('key', $id);
    dba_delete('key', $id);
}

dba_close($id);
?>

ext/dom

[Since 0.8.4] - [ -P Extensions/Extdom ] - [ Online docs ]

Extension Document Object Model.

The DOM extension allows the manipulation of XML documents through the DOM API with PHP.

<?php

$dom = new DOMDocument('1.0', 'utf-8');

$element = $dom->createElement('test', 'This is the root element!');

// We insert the new element as root (child of the document)
$dom->appendChild($element);

echo $dom->saveXML();
?>

ext/enchant

[Since 0.8.4] - [ -P Extensions/Extenchant ] - [ Online docs ]

Extension Enchant.

Enchant is the PHP binding for the Enchant spelling library. Enchant steps in to provide uniformity and conformity on top of all spelling libraries, and implement certain features that may be lacking in any individual provider library.

<?php
$tag = 'en_US';
$r = enchant_broker_init();
$bprovides = enchant_broker_describe($r);
echo 'Current broker provides the following backend(s):'.PHP_EOL;
print_r($bprovides);

$dicts = enchant_broker_list_dicts($r);
print_r($dicts);
if (enchant_broker_dict_exists($r,$tag)) {
    $d = enchant_broker_request_dict($r, $tag);
    $dprovides = enchant_dict_describe($d);
    echo 'dictionary $tag provides:'.PHP_EOL;
    $wordcorrect = enchant_dict_check($d, 'soong');
    print_r($dprovides);
    if (!$wordcorrect) {
        $suggs = enchant_dict_suggest($d, 'soong');
        echo 'Suggestions for "soong":';
        print_r($suggs);
    }
    enchant_broker_free_dict($d);
} else {
}
enchant_broker_free($r);
?>

ext/exif

[Since 0.8.4] - [ -P Extensions/Extexif ] - [ Online docs ]

Extension EXIF : Exchangeable image file format.

The EXIF extension manipulates image meta data.

<?php
echo 'test1.jpg:<br />';
$exif = exif_read_data('tests/test1.jpg', 'IFD0');
echo $exif===false ? 'No header data found.<br />' : 'Image contains headers<br />';

$exif = exif_read_data('tests/test2.jpg', 0, true);
echo 'test2.jpg:<br />';
foreach ($exif as $key => $section) {
    foreach ($section as $name => $val) {
        echo $key.$name.': '.$val.'<br />';
    }
}
?>

ext/fileinfo

[Since 0.8.4] - [ -P Extensions/Extfileinfo ] - [ Online docs ]

Extension ext/fileinfo.

This module guesses the content type and encoding of a file by looking for certain magic byte sequences at specific positions within the file.

<?php
$finfo = finfo_open(FILEINFO_MIME_TYPE); // return mime type ala mimetype extension
foreach (glob('*') as $filename) {
    echo finfo_file($finfo, $filename) . PHP_EOL;
}
finfo_close($finfo);
?>

ext/filter

[Since 0.8.4] - [ -P Extensions/Extfilter ] - [ Online docs ]

Extension filter.

This extension filters data by either validating or sanitizing it.

<?php
$email_a = 'joe@example.com';
$email_b = 'bogus';

if (filter_var($email_a, FILTER_VALIDATE_EMAIL)) {
    echo 'This ($email_a) email address is considered valid.'.PHP_EOL;
}
if (filter_var($email_b, FILTER_VALIDATE_EMAIL)) {
    echo 'This ($email_b) email address is considered valid.'.PHP_EOL;
} else {
    echo 'This ($email_b) email address is considered invalid.'.PHP_EOL;
}
?>

ext/ftp

[Since 0.8.4] - [ -P Extensions/Extftp ] - [ Online docs ]

Extension FTP.

The functions in this extension implement client access to files servers speaking the File Transfer Protocol (FTP) as defined in RFC 959.

<?php
// set up basic connection
$conn_id = ftp_connect($ftp_server); 

// login with username and password
$login_result = ftp_login($conn_id, $ftp_user_name, $ftp_user_pass); 

// check connection
if ((!$conn_id) || (!$login_result)) { 
    echo 'FTP connection has failed!';
    echo 'Attempted to connect to $ftp_server for user $ftp_user_name'; 
    exit; 
} else {
    echo 'Connected to $ftp_server, for user $ftp_user_name';
}

// upload the file
$upload = ftp_put($conn_id, $destination_file, $source_file, FTP_BINARY); 

// check upload status
if (!$upload) { 
    echo 'FTP upload has failed!';
} else {
    echo 'Uploaded $source_file to $ftp_server as $destination_file';
}

// close the FTP stream 
ftp_close($conn_id); 
?>

ext/gd

[Since 0.8.4] - [ -P Extensions/Extgd ] - [ Online docs ]

Extension GD for PHP.

This extension allows PHP to create and manipulate image files in a variety of different image formats, including GIF, PNG, JPEG, WBMP, and XPM.

<?php

header("Content-type: image/png");
$string = $_GET['text'];
$im     = imagecreatefrompng("images/button1.png");
$orange = imagecolorallocate($im, 220, 210, 60);
$px     = (imagesx($im) - 7.5 * strlen($string)) / 2;
imagestring($im, 3, $px, 9, $string, $orange);
imagepng($im);
imagedestroy($im);

?>

ext/gmp

[Since 0.8.4] - [ -P Extensions/Extgmp ] - [ Online docs ]

Extension ext/gmp.

These functions allow for arbitrary-length integers to be worked with using the GNU MP library.

<?php
$pow1 = gmp_pow('2', 131);
echo gmp_strval($pow1) . PHP_EOL;
$pow2 = gmp_pow('0', 0);
echo gmp_strval($pow2) . PHP_EOL;
$pow3 = gmp_pow('2', -1); // Negative exp, generates warning
echo gmp_strval($pow3) . PHP_EOL;
?>

ext/gnupgp

[Since 0.8.4] - [ -P Extensions/Extgnupg ] - [ Online docs ]

Extension GnuPG.

This module allows you to interact with gnupg.

<?php
// init gnupg
$res = gnupg_init();
// not really needed. Clearsign is default
gnupg_setsignmode($res,GNUPG_SIG_MODE_CLEAR);
// add key with passphrase 'test' for signing
gnupg_addsignkey($res,"8660281B6051D071D94B5B230549F9DC851566DC","test");
// sign
$signed = gnupg_sign($res,"just a test");
echo $signed;
?>

ext/hash

[Since 0.8.4] - [ -P Extensions/Exthash ] - [ Online docs ]

Extension for HASH Message Digest Framework.

Message Digest (hash) engine. Allows direct or incremental processing of arbitrary length messages using a variety of hashing algorithms.

<?php
/* Create a file to calculate hash of */
file_put_contents('example.txt', 'The quick brown fox jumped over the lazy dog.');

echo hash_file('md5', 'example.txt');
?>

ext/iconv

[Since 0.8.4] - [ -P Extensions/Exticonv ] - [ Online docs ]

Extension ext/iconv.

With this module, you can turn a string represented by a local character set into the one represented by another character set, which may be the Unicode character set.

<?php
$text = "This is the Euro symbol '€'.";

echo 'Original : ', $text, PHP_EOL;
echo 'TRANSLIT : ', iconv("UTF-8", "ISO-8859-1//TRANSLIT", $text), PHP_EOL;
echo 'IGNORE   : ', iconv("UTF-8", "ISO-8859-1//IGNORE", $text), PHP_EOL;
echo 'Plain    : ', iconv("UTF-8", "ISO-8859-1", $text), PHP_EOL;

?>

ext/json

[Since 0.8.4] - [ -P Extensions/Extjson ] - [ Online docs ]

Extension JSON.

This extension implements the JavaScript Object Notation (JSON) data-interchange format. PHP implements a superset of JSON as specified in the original RFC 7159.

<?php
$arr = array('a' => 1, 'b' => 2, 'c' => 3, 'd' => 4, 'e' => 5);

echo json_encode($arr);
?>

ext/ldap

[Since 0.8.4] - [ -P Extensions/Extldap ] - [ Online docs ]

Extension ext/ldap.

LDAP is the Lightweight Directory Access Protocol, and is a protocol used to access 'Directory Servers'. The Directory is a special kind of database that holds information in a tree structure.

<?php
// basic sequence with LDAP is connect, bind, search, interpret search
// result, close connection

echo '<h3>LDAP query test</h3>';
echo 'Connecting ...';
$ds=ldap_connect('localhost');  // must be a valid LDAP server!
echo 'connect result is ' . $ds . '<br />';

if ($ds) { 
    echo 'Binding ...'; 
    $r=ldap_bind($ds);     // this is an 'anonymous' bind, typically
                           // read-only access
    echo 'Bind result is ' . $r . '<br />';

    echo 'Searching for (sn=S*) ...';
    // Search surname entry
    $sr=ldap_search($ds, 'o=My Company, c=US', 'sn=S*');  
    echo 'Search result is ' . $sr . '<br />';

    echo 'Number of entries returned is ' . ldap_count_entries($ds, $sr) . '<br />';

    echo 'Getting entries ...<p>';
    $info = ldap_get_entries($ds, $sr);
    echo 'Data for ' . $info['count'] . ' items returned:<p>';

    for ($i=0; $i<$info['count']; $i++) {
        echo 'dn is: ' . $info[$i]['dn'] . '<br />';
        echo 'first cn entry is: ' . $info[$i]['cn'][0] . '<br />';
        echo 'first email entry is: ' . $info[$i]['mail'][0] . '<br /><hr />';
    }

    echo 'Closing connection';
    ldap_close($ds);

} else {
    echo '<h4>Unable to connect to LDAP server</h4>';
}
?>

ext/libxml

[Since 0.8.4] - [ -P Extensions/Extlibxml ] - [ Online docs ]

Extension libxml.

These functions/constants are available as of PHP 5.1.0, and the following core extensions rely on this libxml extension: DOM, libxml, SimpleXML, SOAP, WDDX, XSL, XML, XMLReader, XMLRPC and XMLWriter.

<?php

// $xmlstr is a string, containing a XML document. 

$doc = simplexml_load_string($xmlstr);
$xml = explode(PHP_EOL, $xmlstr);

if ($doc === false) {
    $errors = libxml_get_errors();

    foreach ($errors as $error) {
        echo display_xml_error($error, $xml);
    }

    libxml_clear_errors();
}


function display_xml_error($error, $xml)
{
    $return  = $xml[$error->line - 1] . PHP_EOL;
    $return .= str_repeat('-', $error->column) . '^'.PHP_EOL;

    switch ($error->level) {
        case LIBXML_ERR_WARNING:
            $return .= 'Warning ',$error->code.': ';
            break;
         case LIBXML_ERR_ERROR:
            $return .= 'Error '.$error->code.': ';
            break;
        case LIBXML_ERR_FATAL:
            $return .= 'Fatal Error '.$error->code.': ';
            break;
    }

    $return .= trim($error->message) .
               PHP_EOL.'  Line: '.$error->line .
               PHP_EOL.'  Column: '.$error->column;

    if ($error->file) {
        $return .= "\n  File: $error->file";
    }

    return $return.PHP_EOL.PHP_EOL.'--------------------------------------------'.PHP_EOL.PHP_EOL;
}

?>

ext/mbstring

[Since 0.8.4] - [ -P Extensions/Extmbstring ] - [ Online docs ]

Extension ext/mbstring .

mbstring provides multibyte specific string functions that help you deal with multibyte encodings in PHP.

<?php
/* Convert internal character encoding to SJIS */
$str = mb_convert_encoding($str, "SJIS");

/* Convert EUC-JP to UTF-7 */
$str = mb_convert_encoding($str, "UTF-7", "EUC-JP");

/* Auto detect encoding from JIS, eucjp-win, sjis-win, then convert str to UCS-2LE */
$str = mb_convert_encoding($str, "UCS-2LE", "JIS, eucjp-win, sjis-win");

/* "auto" is expanded to "ASCII,JIS,UTF-8,EUC-JP,SJIS" */
$str = mb_convert_encoding($str, "EUC-JP", "auto");
?>

ext/mcrypt

[Since 0.8.4] - [ -P Extensions/Extmcrypt ] - [ Online docs ]

Extension for mcrypt.

This extension has been deprecated as of PHP 7.1.0 and moved to PECL as of PHP 7.2.0.

This is an interface to the mcrypt library, which supports a wide variety of block algorithms such as DES, TripleDES, Blowfish (default), 3-WAY, SAFER-SK64, SAFER-SK128, TWOFISH, TEA, RC2 and GOST in CBC, OFB, CFB and ECB cipher modes. Additionally, it supports RC6 and IDEA which are considered 'non-free'. CFB/OFB are 8bit by default.

<?php
    # --- ENCRYPTION ---

    # the key should be random binary, use scrypt, bcrypt or PBKDF2 to
    # convert a string into a key
    # key is specified using hexadecimal
    $key = pack('H*', 'bcb04b7e103a0cd8b54763051cef08bc55abe029fdebae5e1d417e2ffb2a00a3');
    
    # show key size use either 16, 24 or 32 byte keys for AES-128, 192
    # and 256 respectively
    $key_size =  strlen($key);
    echo 'Key size: ' . $key_size . PHP_EOL;
    
    $plaintext = 'This string was AES-256 / CBC / ZeroBytePadding encrypted.';

    # create a random IV to use with CBC encoding
    $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    
    # creates a cipher text compatible with AES (Rijndael block size = 128)
    # to keep the text confidential 
    # only suitable for encoded input that never ends with value 00h
    # (because of default zero padding)
    $ciphertext = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key,
                                 $plaintext, MCRYPT_MODE_CBC, $iv);

    # prepend the IV for it to be available for decryption
    $ciphertext = $iv . $ciphertext;
    
    # encode the resulting cipher text so it can be represented by a string
    $ciphertext_base64 = base64_encode($ciphertext);

    echo  $ciphertext_base64 . PHP_EOL;

    # === WARNING ===

    # Resulting cipher text has no integrity or authenticity added
    # and is not protected against padding oracle attacks.
    
    # --- DECRYPTION ---
    
    $ciphertext_dec = base64_decode($ciphertext_base64);
    
    # retrieves the IV, iv_size should be created using mcrypt_get_iv_size()
    $iv_dec = substr($ciphertext_dec, 0, $iv_size);
    
    # retrieves the cipher text (everything except the $iv_size in the front)
    $ciphertext_dec = substr($ciphertext_dec, $iv_size);

    # may remove 00h valued characters from end of plain text
    $plaintext_dec = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key,
                                    $ciphertext_dec, MCRYPT_MODE_CBC, $iv_dec);
    
    echo  $plaintext_dec . PHP_EOL;
?>

ext/mongo

[Since 0.8.4] - [ -P Extensions/Extmongo ] - [ Online docs ]

Extension MongoDB driver (legacy).
Note : this is not the MongoDB driver. This is the legacy extension.

<?php

// connect
$m = new MongoClient();

// select a database
$db = $m->comedy;

// select a collection (analogous to a relational database\'s table)
$collection = $db->cartoons;

// add a record
$document = array( 'title' => 'Calvin and Hobbes', 'author' => 'Bill Watterson' );
$collection->insert($document);

// add another record, with a different 'shape'
$document = array( 'title' => 'XKCD', 'online' => true );
$collection->insert($document);

// find everything in the collection
$cursor = $collection->find();

// iterate through the results
foreach ($cursor as $document) {
    echo $document['title'] . PHP_EOL;
}

?>

ext/mssql

[Since 0.8.4] - [ -P Extensions/Extmssql ] - [ Online docs ]

Extension MSSQL, Microsoft SQL Server.

These functions allow you to access MS SQL Server database.

<?php
// Connect to MSSQL
$link = mssql_connect('KALLESPC\SQLEXPRESS', 'sa', 'phpfi');

if (!$link || !mssql_select_db('php', $link)) {
    die('Unable to connect or select database!');
}

// Do a simple query, select the version of 
// MSSQL and print it.
$version = mssql_query('SELECT @@VERSION');
$row = mssql_fetch_array($version);

echo $row[0];

// Clean up
mssql_free_result($version);
?>

ext/mysql

[Since 0.8.4] - [ -P Extensions/Extmysql ] - [ Online docs ]

Extension for MySQL (Original MySQL API).

This extension is deprecated as of PHP 5.5.0, and has been removed as of PHP 7.0.0. Instead, either the mysqli or PDO_MySQL extension should be used.

See also the MySQL API Overview for further help while choosing a MySQL API.

<?php
$result = mysql_query('SELECT * WHERE 1=1');
if (!$result) {
    die('Invalid query: ' . mysql_error());
}

?>

ext/mysqli

[Since 0.8.4] - [ -P Extensions/Extmysqli ] - [ Online docs ]

Extension mysqli for MySQL.

The mysqli extension allows you to access the functionality provided by MySQL 4.1 and above.

<?php
$mysqli = new mysqli('localhost', 'my_user', 'my_password', 'world');

/* check connection */
if (mysqli_connect_errno()) {
    printf('Connect failed: %s\n', mysqli_connect_error());
    exit();
}

$city = 'Amersfoort';

/* create a prepared statement */
if ($stmt = $mysqli->prepare('SELECT District FROM City WHERE Name=?')) {

    /* bind parameters for markers */
    $stmt->bind_param('s', $city);

    /* execute query */
    $stmt->execute();

    /* bind result variables */
    $stmt->bind_result($district);

    /* fetch value */
    $stmt->fetch();

    printf('%s is in district %s\n', $city, $district);

    /* close statement */
    $stmt->close();
}

/* close connection */
$mysqli->close();
?>

ext/odbc

[Since 0.8.4] - [ -P Extensions/Extodbc ] - [ Online docs ]

Extension ODBC.

In addition to normal ODBC support, the Unified ODBC functions in PHP allow you to access several databases that have borrowed the semantics of the ODBC API to implement their own API. Instead of maintaining multiple database drivers that were all nearly identical, these drivers have been unified into a single set of ODBC functions.

<?php
$a = 1;
$b = 2;
$c = 3;
$stmt    = odbc_prepare($conn, 'CALL myproc(?,?,?)');
$success = odbc_execute($stmt, array($a, $b, $c));
?>

ext/openssl

[Since 0.8.4] - [ -P Extensions/Extopenssl ] - [ Online docs ]

Extension Openssl.

This extension binds functions of OpenSSL library for symmetric and asymmetric encryption and decryption, PBKDF2 , PKCS7 , PKCS12 , X509 and other cryptographic operations. In addition to that it provides implementation of TLS streams.

<?php
// $data and $signature are assumed to contain the data and the signature

// fetch public key from certificate and ready it
$pubkeyid = openssl_pkey_get_public("file://src/openssl-0.9.6/demos/sign/cert.pem");

// state whether signature is okay or not
$ok = openssl_verify($data, $signature, $pubkeyid);
if ($ok == 1) {
    echo "good";
} elseif ($ok == 0) {
    echo "bad";
} else {
    echo "ugly, error checking signature";
}
// free the key from memory
openssl_free_key($pubkeyid);
?>

ext/pcre

[Since 0.8.4] - [ -P Extensions/Extpcre ] - [ Online docs ]

Extension ext/pcre. PCRE stands for Perl Compatible Regular Expression. It is a standard PHP extension.

<?php

$zip_code = $_GET['zip'];

// Canadian Zip code H2M 3J1
$zip_ca = '/^([a-zA-Z]\d[a-zA-Z])\ {0,1}(\d[a-zA-Z]\d)$/';

// French Zip code  75017
$zip_fr = '/^\d{5}$/';

// Chinese Zip code  590615
$zip_cn = '/^\d{6}$/';

var_dump(preg_match($_GET['zip']));

?>

ext/pdo

[Since 0.8.4] - [ -P Extensions/Extpdo ] - [ Online docs ]

Generic extension PDO.

The PHP Data Objects (PDO) extension defines a lightweight, consistent interface for accessing databases in PHP.

<?php
/* Execute a prepared statement by passing an array of values */
$sql = 'SELECT name, colour, calories
    FROM fruit
    WHERE calories < :calories AND colour = :colour';
$sth = $dbh->prepare($sql, array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY));
$sth->execute(array(':calories' => 150, ':colour' => 'red'));
$red = $sth->fetchAll();
$sth->execute(array(':calories' => 175, ':colour' => 'yellow'));
$yellow = $sth->fetchAll();
?>

ext/pgsql

[Since 0.8.4] - [ -P Extensions/Extpgsql ] - [ Online docs ]

Extension PostGreSQL.

PostgreSQL is an open source descendant of this original Berkeley code. It provides SQL92/SQL99 language support, transactions, referential integrity, stored procedures and type extensibility.

<?php
// Connect to a database named 'mary'
$dbconn = pg_connect('dbname=mary');

// Prepare a query for execution
$result = pg_prepare($dbconn, 'my_query', 'SELECT * FROM shops WHERE name = $1');

// Execute the prepared query.  Note that it is not necessary to escape
// the string 'Joe's Widgets' in any way
$result = pg_execute($dbconn, 'my_query', array('Joe\'s Widgets'));

// Execute the same prepared query, this time with a different parameter
$result = pg_execute($dbconn, 'my_query', array('Clothes Clothes Clothes'));

?>

ext/phar

[Since 0.8.4] - [ -P Extensions/Extphar ] - [ Online docs ]

Extension phar.

The phar extension provides a way to put entire PHP applications into a single file called a phar (PHP Archive) for easy distribution and installation.

<?php
try {
    $p = new Phar('/path/to/my.phar', 0, 'my.phar');
    $p['myfile.txt'] = 'hi';
    $file = $p['myfile.txt'];
    var_dump($file->isCompressed(Phar::BZ2));
    $p['myfile.txt']->compress(Phar::BZ2);
    var_dump($file->isCompressed(Phar::BZ2));
} catch (Exception $e) {
    echo 'Create/modify operations on my.phar failed: ', $e;
}
?>

ext/posix

[Since 0.8.4] - [ -P Extensions/Extposix ] - [ Online docs ]

Extension POSIX.

Ext/posix contains an interface to those functions defined in the IEEE 1003.1 (POSIX.1) standards document which are not accessible through other means.

<?php
posix_kill(999459,SIGKILL);
echo 'Your error returned was '.posix_get_last_error(); //Your error was ___
?>

ext/readline

[Since 0.8.4] - [ -P Extensions/Extreadline ] - [ Online docs ]

Extension readline.

The readline functions implement an interface to the GNU Readline library. These are functions that provide editable command lines.

<?php
//get 3 commands from user
for ($i=0; $i < 3; $i++) {
        $line = readline("Command: ");
        readline_add_history($line);
}

//dump history
print_r(readline_list_history());

//dump variables
print_r(readline_info());
?>

ext/reflection

[Since 0.8.4] - [ -P Extensions/Extreflection ] - [ Online docs ]

Extension Reflection.

PHP comes with a complete reflection API that adds the ability to reverse-engineer classes, interfaces, functions, methods and extensions. Additionally, the reflection API offers ways to retrieve doc comments for functions, classes and methods.

<?php
/**
 * A simple counter
 *
 * @return    int
 */
function counter1()
{
    static $c = 0;
    return ++$c;
}

/**
 * Another simple counter
 *
 * @return    int
 */
$counter2 = function()
{
    static $d = 0;
    return ++$d;

};

function dumpReflectionFunction($func)
{
    // Print out basic information
    printf(
        PHP_EOL.'===> The %s function '%s''.PHP_EOL.
        '     declared in %s'.PHP_EOL.
        '     lines %d to %d'.PHP_EOL,
        $func->isInternal() ? 'internal' : 'user-defined',
        $func->getName(),
        $func->getFileName(),
        $func->getStartLine(),
        $func->getEndline()
    );

    // Print documentation comment
    printf('---> Documentation:'.PHP_EOL.' %s',PHP_EOL, var_export($func->getDocComment(), 1));

    // Print static variables if existant
    if ($statics = $func->getStaticVariables())
    {
        printf('---> Static variables: %s',PHP_EOL, var_export($statics, 1));
    }
}

// Create an instance of the ReflectionFunction class
dumpReflectionFunction(new ReflectionFunction('counter1'));
dumpReflectionFunction(new ReflectionFunction($counter2));
?>

ext/sem

[Since 0.8.4] - [ -P Extensions/Extsem ] - [ Online docs ]

Extension Semaphore, Shared Memory and IPC.

This module provides wrappers for the System V IPC family of functions. It includes semaphores, shared memory and inter-process messaging (IPC).

<?php

$key         = ftok(__FILE__,'a');
$semaphore   = sem_get($key);
sem_acquire($semaphore);
sem_release($semaphore);
sem_remove($semaphore);

?>

ext/session

[Since 0.8.4] - [ -P Extensions/Extsession ] - [ Online docs ]

Extension ext/session.

Session support in PHP consists of a way to preserve certain data across subsequent accesses.

<?php
session_start();
if (!isset($_SESSION['count'])) {
  $_SESSION['count'] = 0;
} else {
  $_SESSION['count']++;
}
?>

ext/shmop

[Since 0.8.4] - [ -P Extensions/Extshmop ] - [ Online docs ]

Extension ext/shmop.

Shmop is an easy to use set of functions that allows PHP to read, write, create and delete Unix shared memory segments.

<?php
// Create a temporary file and return its path
$tmp = tempnam('/tmp', 'PHP');

// Get the file token key
$key = ftok($tmp, 'a');

// Attach the SHM resource, notice the cast afterwards
$id = shm_attach($key);

if ($id === false) {
    die('Unable to create the shared memory segment');
}

// Cast to integer, since prior to PHP 5.3.0 the resource id 
// is returned which can be exposed when casting a resource
// to an integer
$id = (integer) $id;
?>

ext/simplexml

[Since 0.8.4] - [ -P Extensions/Extsimplexml ] - [ Online docs ]

Extension SimpleXML .

The SimpleXML extension provides a very simple and easily usable toolset to convert XML to an object that can be processed with normal property selectors and array iterators.

<?php

$xml = <<<'XML'
<?xml version='1.0' standalone='yes' ? >
<movies>
 <movie>
  <title>PHP: Behind the Parser</title>
  <characters>
   <character>
    <name>Ms. Coder</name>
    <actor>Onlivia Actora</actor>
   </character>
   <character>
    <name>Mr. Coder</name>
    <actor>El Act&#211;r</actor>
   </character>
  </characters>
  <plot>
   So, this language. It's like, a programming language. Or is it a
   scripting language? All is revealed in this thrilling horror spoof
   of a documentary.
  </plot>
  <great-lines>
   <line>PHP solves all my web problems</line>
  </great-lines>
  <rating type="thumbs">7</rating>
  <rating type="stars">5</rating>
 </movie>
</movies>
XML;

$movies = new SimpleXMLElement($xml);

echo $movies->movie[0]->plot;
?>

ext/snmp

[Since 0.8.4] - [ -P Extensions/Extsnmp ] - [ Online docs ]

Extension SNMP.

The SNMP extension provides a very simple and easily usable toolset for managing remote devices via the Simple Network Management Protocol.

<?php
    $nameOfSecondInterface = snmp3_get('localhost', 'james', 'authPriv', 'SHA', 'secret007', 'AES', 'secret007', 'IF-MIB::ifName.2');
?>

ext/soap

[Since 0.8.4] - [ -P Extensions/Extsoap ] - [ Online docs ]

Extension SOAP.

The SOAP extension can be used to write SOAP Servers and Clients. It supports subsets of » SOAP 1.1, » SOAP 1.2 and » WSDL 1.1 specifications.

<?php

$client = new SoapClient("some.wsdl");

$client = new SoapClient("some.wsdl", array('soap_version'   => SOAP_1_2));

$client = new SoapClient("some.wsdl", array('login'          => "some_name",
                                            'password'       => "some_password"));

?>

ext/sockets

[Since 0.8.4] - [ -P Extensions/Extsockets ] - [ Online docs ]

Extension socket.

The socket extension implements a low-level interface to the socket communication functions based on the popular BSD sockets, providing the possibility to act as a socket server as well as a client.

<?php

//Example #2 Socket example: Simple TCP/IP client
//From the PHP manual

error_reporting(E_ALL);

echo "<h2>TCP/IP Connection</h2>\n";

/* Get the port for the WWW service. */
$service_port = getservbyname('www', 'tcp');

/* Get the IP address for the target host. */
$address = gethostbyname('www.example.com');

/* Create a TCP/IP socket. */
$socket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
if ($socket === false) {
    echo 'socket_create() failed: reason: ' . socket_strerror(socket_last_error()) . PHP_EOL;
} else {
    echo 'OK.'.PHP_EOL;
}

echo 'Attempting to connect to '$address' on port '$service_port'...';
$result = socket_connect($socket, $address, $service_port);
if ($result === false) {
    echo 'socket_connect() failed.\nReason: ($result) ' . socket_strerror(socket_last_error($socket)) . '\n';
} else {
    echo 'OK.'.PHP_EOL;
}

$in = "HEAD / HTTP/1.1\r\n";
$in .= "Host: www.example.com\r\n";
$in .= "Connection: Close\r\n\r\n";
$out = '';

echo 'Sending HTTP HEAD request...';
socket_write($socket, $in, strlen($in));
echo "OK.\n";

echo 'Reading response:\n\n';
while ($out = socket_read($socket, 2048)) {
    echo $out;
}

echo 'Closing socket...';
socket_close($socket);
echo 'OK.\n\n';
?>

ext/spl

[Since 0.8.4] - [ -P Extensions/Extspl ] - [ Online docs ]

SPL extension.

The Standard PHP Library (SPL) is a collection of interfaces and classes that are meant to solve common problems.

<?php

// Example with FilesystemIterator
$files = new FilesystemIterator('/path/to/dir');
foreach($files as $file) {
    echo $file->getFilename() . PHP_EOL;
}

?>

ext/sqlite

[Since 0.11.3] - [ -P Extensions/Extsqlite ] - [ Online docs ]

Extension Sqlite 2.

Support for SQLite version 2 databases. The support for this version of Sqlite has ended. It is recommended to use SQLite3 .

<?php

if ($db = sqlite_open('mysqlitedb', 0666, $sqliteerror)) { 
    sqlite_query($db, 'CREATE TABLE foo (bar varchar(10))');
    sqlite_query($db, 'INSERT INTO foo VALUES ("fnord")');
    $result = sqlite_query($db, 'select bar from foo');
    var_dump(sqlite_fetch_array($result)); 
} else {
    die($sqliteerror);
}

?>

ext/sqlite3

[Since 0.8.4] - [ -P Extensions/Extsqlite3 ] - [ Online docs ]

Extension Sqlite3.

This extension adds support for SQLite version 3 databases. There used to be a Sqlite2 extension, which have been discontinued: this is the replacement.

<?php
$db = new SQLite3('mysqlitedb.db');

$results = $db->query('SELECT bar FROM foo');
while ($row = $results->fetchArray()) {
    var_dump($row);
}
?>

ext/ssh2

[Since 0.8.4] - [ -P Extensions/Extssh2 ] - [ Online docs ]

Extension ext/ssh2.

<?php
/* Notify the user if the server terminates the connection */
function my_ssh_disconnect($reason, $message, $language) {
  printf("Server disconnected with reason code [%d] and message: %s\n",
         $reason, $message);
}

$methods = array(
  'kex' => 'diffie-hellman-group1-sha1',
  'client_to_server' => array(
    'crypt' => '3des-cbc',
    'comp' => 'none'),
  'server_to_client' => array(
    'crypt' => 'aes256-cbc,aes192-cbc,aes128-cbc',
    'comp' => 'none'));

$callbacks = array('disconnect' => 'my_ssh_disconnect');

$connection = ssh2_connect('shell.example.com', 22, $methods, $callbacks);
if (!$connection) die('Connection failed');
?>

ext/standard

[Since 0.8.4] - [ -P Extensions/Extstandard ] - [ Online docs ]

Standards PHP functions.

This is not a real PHP extension : it covers the core functions.

<?php
/*
Our php.ini contains the following settings:

display_errors = On
register_globals = Off
post_max_size = 8M
*/

echo 'display_errors = ' . ini_get('display_errors') . PHP_EOL;
echo 'register_globals = ' . ini_get('register_globals') . PHP_EOL;
echo 'post_max_size = ' . ini_get('post_max_size') . PHP_EOL;
echo 'post_max_size+1 = ' . (ini_get('post_max_size')+1) . PHP_EOL;
echo 'post_max_size in bytes = ' . return_bytes(ini_get('post_max_size'));

function return_bytes($val) {
    $val = trim($val);
    $last = strtolower($val[strlen($val)-1]);
    switch($last) {
        // The 'G' modifier is available since PHP 5.1.0
        case 'g':
            $val *= 1024;
        case 'm':
            $val *= 1024;
        case 'k':
            $val *= 1024;
    }

    return $val;
}

?>

ext/tidy

[Since 0.8.4] - [ -P Extensions/Exttidy ] - [ Online docs ]

Extension Tidy.

Tidy is a binding for the Tidy HTML clean and repair utility which allows you to not only clean and otherwise manipulate HTML documents, but also traverse the document tree.
a html document

<?php
ob_start();
?>

ext/tokenizer

[Since 0.8.4] - [ -P Extensions/Exttokenizer ] - [ Online docs ]

Extension Tokenizer.

The Tokenizer functions provide an interface to the PHP tokenizer embedded in the Zend Engine.

<?php
/*
* T_ML_COMMENT does not exist in PHP 5.
* The following three lines define it in order to
* preserve backwards compatibility.
*
* The next two lines define the PHP 5 only T_DOC_COMMENT,
* which we will mask as T_ML_COMMENT for PHP 4.
*/
if (!defined('T_ML_COMMENT')) {
   define('T_ML_COMMENT', T_COMMENT);
} else {
   define('T_DOC_COMMENT', T_ML_COMMENT);
}

$source = file_get_contents('example.php');
$tokens = token_get_all($source);

foreach ($tokens as $token) {
   if (is_string($token)) {
       // simple 1-character token
       echo $token;
   } else {
       // token array
       list($id, $text) = $token;

       switch ($id) { 
           case T_COMMENT: 
           case T_ML_COMMENT: // we\'ve defined this
           case T_DOC_COMMENT: // and this
               // no action on comments
               break;

           default:
               // anything else -> output 'as is'
               echo $text;
               break;
       }
   }
}
?>

ext/wddx

[Since 0.8.4] - [ -P Extensions/Extwddx ] - [ Online docs ]

Extension WDDX.

The Web Distributed Data Exchange, or WDDX, is a free, open XML-based technology that allows Web applications created with any platform to easily exchange data with one another over the Web.

<?php
  echo wddx_serialize_value("PHP to WDDX packet example", "PHP packet");
?>

ext/xdebug

[Since 0.8.4] - [ -P Extensions/Extxdebug ] - [ Online docs ]

Xdebug extension.

The Xdebug is a extension PHP which provides debugging and profiling capabilities.

<?php
class Strings
{
    static function fix_string($a)
    {
        echo
            xdebug_call_class().
            "::".
            xdebug_call_function().
            " is called at ".
            xdebug_call_file().
            ":".
            xdebug_call_line();
    }
}

$ret = Strings::fix_string( 'Derick' );
?>

ext/xmlreader

[Since 0.8.4] - [ -P Extensions/Extxmlreader ] - [ Online docs ]

Extension XMLReader.

The XMLReader extension is an XML Pull parser. The reader acts as a cursor going forward on the document stream and stopping at each node on the way.

<?php

    $xmlreader = new XMLReader();
    $xmlreader->xml("<xml><div>Content</div></xml>");
    $xmlreader->read();
    $xmlreader->read();
    $xmlreader->readString();

?>

ext/xmlrpc

[Since 0.8.4] - [ -P Extensions/Extxmlrpc ] - [ Online docs ]

Extension ext/xmlrpc.

This extension can be used to write XML-RPC servers and clients.

<?php
$request = xmlrpc_encode_request('method', array(1, 2, 3));
$context = stream_context_create(array('http' => array(
    'method' => 'POST',
    'header' => 'Content-Type: text/xml',
    'content' => $request
)));
$file = file_get_contents('http://www.example.com/xmlrpc', false, $context);
$response = xmlrpc_decode($file);
if ($response && xmlrpc_is_fault($response)) {
    trigger_error('xmlrpc: '.$response['faultString'].' ('.$response['faultCode']));
} else {
    print_r($response);
}
?>

ext/xmlwriter

[Since 0.8.4] - [ -P Extensions/Extxmlwriter ] - [ Online docs ]

Extension ext/xmlwriter.

The XMLWriter extension wraps the libxml xmlWriter API inside PHP.

<?php
$xw = xmlwriter_open_memory();
xmlwriter_set_indent($xw, TRUE);
xmlwriter_start_document($xw, NULL, 'UTF-8');
xmlwriter_start_element($xw, 'root');
xmlwriter_write_attribute_ns($xw, 'prefix', '', 'http://www.php.net/uri');
xmlwriter_start_element($xw, 'elem1');
xmlwriter_write_attribute($xw, 'attr1', 'first');
xmlwriter_end_element($xw);
xmlwriter_full_end_element($xw);
xmlwriter_end_document($xw);
$output = xmlwriter_flush($xw, true);
print $output;
// write attribute_ns without start_element first
$xw = xmlwriter_open_memory();
var_dump(xmlwriter_write_attribute_ns($xw, 'prefix', 'id', 'http://www.php.net/uri', 'elem1'));
print xmlwriter_output_memory($xw);
?>

ext/xsl

[Since 0.8.4] - [ -P Extensions/Extxsl ] - [ Online docs ]

Extension XSL.

The XSL extension implements the XSL standard, performing XSLT transformations using the libxslt library.

<?php

// Example from the PHP manual

$xmldoc = new DOMDocument();
$xsldoc = new DOMDocument();
$xsl = new XSLTProcessor();

$xmldoc->loadXML('fruits.xml');
$xsldoc->loadXML('fruits.xsl');

libxml_use_internal_errors(true);
$result = $xsl->importStyleSheet($xsldoc);
if (!$result) {
    foreach (libxml_get_errors() as $error) {
        echo "Libxml error: {$error->message}\n";
    }
}
libxml_use_internal_errors(false);

if ($result) {
    echo $xsl->transformToXML($xmldoc);
}

?>

ext/yaml

[Since 0.8.4] - [ -P Extensions/Extyaml ] - [ Online docs ]

Extension YAML.

This extension implements the YAML Ain't Markup Language (YAML) data serialization standard. Parsing and emitting are handled by the LibYAML library.

<?php
$addr = array(
    'given' => 'Chris',
    'family'=> 'Dumars',
    'address'=> array(
        'lines'=> '458 Walkman Dr.
        Suite #292',
        'city'=> 'Royal Oak',
        'state'=> 'MI',
        'postal'=> 48046,
      ),
  );
$invoice = array (
    'invoice'=> 34843,
    'date'=> '2001-01-23',
    'bill-to'=> $addr,
    'ship-to'=> $addr,
    'product'=> array(
        array(
            'sku'=> 'BL394D',
            'quantity'=> 4,
            'description'=> 'Basketball',
            'price'=> 450,
          ),
        array(
            'sku'=> 'BL4438H',
            'quantity'=> 1,
            'description'=> 'Super Hoop',
            'price'=> 2392,
          ),
      ),
    'tax'=> 251.42,
    'total'=> 4443.52,
    'comments'=> 'Late afternoon is best. Backup contact is Nancy Billsmer @ 338-4338.',
    );

// generate a YAML representation of the invoice
$yaml = yaml_emit($invoice);
var_dump($yaml);

// convert the YAML back into a PHP variable
$parsed = yaml_parse($yaml);

// check that roundtrip conversion produced an equivalent structure
var_dump($parsed == $invoice);
?>

ext/zip

[Since 0.8.4] - [ -P Extensions/Extzip ] - [ Online docs ]

Extension ext/zip.

This extension enables you to transparently read or write ZIP compressed archives and the files inside them.

<?php

$zip = new ZipArchive();
$filename = './test112.zip';

if ($zip->open($filename, ZipArchive::CREATE)!==TRUE) {
    exit('cannot open <$filename>');
}

$zip->addFromString('testfilephp.txt' . time(), '#1 This is a test string added as testfilephp.txt.'.PHP_EOL);
$zip->addFromString('testfilephp2.txt' . time(), '#2 This is a test string added as testfilephp2.txt.'.PHP_EOL);
$zip->addFile($thisdir . '/too.php','/testfromfile.php');
echo 'numfiles: ' . $zip->numFiles . PHP_EOL;
echo 'status:' . $zip->status . PHP_EOL;
$zip->close();
?>

ext/zlib

[Since 0.8.4] - [ -P Extensions/Extzlib ] - [ Online docs ]

Extension ext/zlib.

<?php

$filename = tempnam('/tmp', 'zlibtest') . '.gz';
echo "<html>\n<head></head>\n<body>\n<pre>\n";
$s = "Only a test, test, test, test, test, test, test, test!\n";

// open file for writing with maximum compression
$zp = gzopen($filename, 'w9');

// write string to file
gzwrite($zp, $s);

// close file
gzclose($zp);

?>

Closures Glossary

[Since 0.8.4] - [ -P Functions/Closures ] - [ Online docs ]

List of all the closures in the code.

<?php

// A closure is also a unnamed function
$closure = function ($arg) { return 'A'.strtolower($arg); }

?>

Empty Function

[Since 0.8.4] - [ -P Functions/EmptyFunction ] - [ Online docs ]

Function or method whose body is empty.

Such functions or methods are rarely useful. As a bare minimum, the function should return some useful value, even if constant.

A method is considered empty when it contains nothing, or contains expressions without impact.
Methods which overwrite another methods are omitted. Methods which are the concrete version of an abstract method are considered.

<?php

// classic empty function
function emptyFunction() {}

class bar {
    // classic empty method
    function emptyMethod() {}

    // classic empty function
    function emptyMethodWithParent() {}
}

class barbar extends bar {
    // NOT an empty method : it overwrites the parent method
    function emptyMethodWithParent() {}
}

?>

• Fill the function with actual code
• Remove any usage of the function, then remove the function

Functions Glossary

[Since 0.8.4] - [ -P Functions/Functionnames ] - [ Online docs ]

List of all the defined functions in the code.

<?php

// A function
function aFunction() {}

// Closures (not reported)
$closure = function ($arg) {  }

// Methods
class foo {
    function aMethod() {}
}

?>

Recursive Functions

[Since 0.8.4] - [ -P Functions/Recursive ] - [ Online docs ]

Recursive methods are methods that calls itself.

Usually, the method call itself directly. In rarer occasions, the method calls another method which calls it back; such cycle are longer and not detected here.



Functions, methods, arrow functions and closures are identified as recursive. Higher level of recursion are not detected (function a() calls function b(), calls function a(), etc.).

Functions are easy to identify as recursive. Methods have some blind spots : when the injected argument is of the same class, it may lead to recursion too. On the other hand, calling the same method on a property is not sufficient, as the property might not be $this .

<?php

// a recursive function ; it calls itself
function factorial($n) {
    if ($n == 1) { return 1; }
    
    return factorial($n - 1) * $n;
}
?>

Redeclared PHP Functions

[Since 0.8.4] - [ -P Functions/RedeclaredPhpFunction ] - [ Online docs ]

Function that bear the same name as a PHP function, and that are declared.

This is useful when managing backward compatibility, like emulating an old function, or preparing for newer PHP versions, like emulating new upcoming function.

<?php

if (version_compare(PHP_VERSION, 7.0) > 0) {
    function split($separator, $string) {
        return explode($separator, $string);
    }
}

print_r( split(' ', '2 3'));

?>

• Check if it is still worth emulating that function

Typehints

[Since 0.8.4] - [ -P Functions/Typehints ] - [ Online docs ]

List of all the types (classes or scalar) used in Typehinting.

<?php

// here, array, myObject and string are all typehints.
function foo(array $array, myObject $x, string $string) {

}

?>

Methods Without Return

[Since 0.8.4] - [ -P Functions/WithoutReturn ] - [ Online docs ]

List of all the functions, closures, methods that have no explicit return.

Functions with the void or never return types, are omitted.

<?php

// With return null : Explicitly not returning
function withExplicitReturn($a = 1) {
    $a++;
    return null;
}

// Without indication
function withoutExplicitReturn($a = 1) {
    $a++;
}

// With return type void : Explicitly not returning
function withExplicitReturnType($a = 1) : void {
    $a++;
}

?>

• Add the returntype 'void' to make this explicit behavior

Empty Interfaces

[Since 0.8.4] - [ -P Interfaces/EmptyInterface ] - [ Online docs ]

Empty interfaces are a code smell. Interfaces should contains at least a method or a constant, and not be totally empty.

<?php

// an empty interface
interface empty {}

// an normal interface
interface normal {
    public function i() ;
}

// a constants interface
interface constantsOnly {
    const FOO = 1;
}

?>

• Remove the interface
• Add some methods or constants to the interface

Interfaces Names

[Since 0.8.4] - [ -P Interfaces/Interfacenames ] - [ Online docs ]

List of all the defined interfaces in the code.

<?php

// interfaceName is reported
interface interfaceName {
    function interfaceMethod() ; 
}
?>

Aliases

[Since 0.8.4] - [ -P Namespaces/Alias ] - [ Online docs ]

This rule lists all aliases. Aliases are used file by file, although some classes may have different aliases depending on the context.

<?php

// This is an alias
use stdClass as aClass;

// This is not an alias : it is not explicit
use stdClass;

trait t {
    // This is not an alias, it's a trait usage
    use otherTrait;
}

?>

Namespaces Glossary

[Since 0.8.4] - [ -P Namespaces/Namespacesnames ] - [ Online docs ]

List of all the defined namespaces in the code, using the namespace keyword.
Global namespaces are mentioned when they are explicitly used.

<?php

// One reported namespace
namespace one\name\space {}

// This global namespace is reported, as it is explicit
namespace { }

?>

Autoloading

[Since 0.8.4] - [ -P Php/AutoloadUsage ] - [ Online docs ]

Usage of the autoloading feature of PHP.
Defining the __autoload() function is obsolete since PHP 7.2.

<?php

spl_autoload_register('my_autoloader');

// Old way to autoload. Deprecated in PHP 7.2
function __autoload($class ) {}

?>

Goto Names

[Since 0.8.4] - [ -P Php/Gotonames ] - [ Online docs ]

This rule lists of all goto labels used in the code. The labels must match a goto call, although it is possible to create a label without a goto.

<?php

GOTO_NAME_1: 

// reports the usage of GOTO_NAME_1
goto GOTO_NAME_1;

UNUSED_GOTO_NAME_1: 

?>

__halt_compiler

[Since 0.8.4] - [ -P Php/Haltcompiler ] - [ Online docs ]

__halt_compiler() usage.

<?php

// open this file
$fp = fopen(__FILE__, 'r');

// seek file pointer to data
fseek($fp, __COMPILER_HALT_OFFSET__);

// and output it
var_dump(stream_get_contents($fp));

// the end of the script execution
__halt_compiler(); the installation data (eg. tar, gz, PHP, etc.)

?>

Incompilable Files

[Since 0.8.4] - [ -P Php/Incompilable ] - [ Online docs ]

Files that cannot be compiled, and, as such, be run by PHP. Scripts are linted against various versions of PHP.

This is usually undesirable, as all code must compile before being executed. It may be that such files are not compilable because they are not yet ready for an upcoming PHP version.



Code that is not compilable with older PHP versions means that the code is breaking backward compatibility : good or bad is project decision.

When the code is used as a template for PHP code generation, for example at installation time, it is recommended to use a distinct file extension, so as to distinguish them from actual PHP code.

<?php

// Can't compile this : Print only accepts one argument
print $a, $b, $c;

?>

• If this file is a template for PHP code, change the extension to something else than .php
• Fix the syntax so it works with various versions of PHP

Labels

[Since 0.8.4] - [ -P Php/Labelnames ] - [ Online docs ]

List of all labels used in the code.

<?php

// A is label. 
goto A:

A:

// A label may be used by several gotos.
goto A:

?>

Throw

[Since 0.8.4] - [ -P Php/ThrowUsage ] - [ Online docs ]

List of thrown exceptions.

<?php
if ($divisor === 0) {
    // Throw native exception
    throw new DivisionByZeroError("Shouldn't divide by one");
}

if ($divisor === 1) {
    // Throw custom exception
    throw new DontDivideByOneException("Shouldn't divide by one");
}
?>

Trigger Errors

[Since 0.8.4] - [ -P Php/TriggerErrorUsage ] - [ Online docs ]

List of situations where user errors are triggered.

PHP errors are triggered with trigger_error().

<?php
if ($divisor == 0) {
    trigger_error('Cannot divide by zero', E_USER_ERROR);
}
?>

Caught Expressions

[Since 0.8.4] - [ -P Php/TryCatchUsage ] - [ Online docs ]

This rule lists all the caught exceptions.

Exceptions may be caught by a code, while the same code never throw them.

<?php

// This analyzer reports MyException and Exception
try {
    doSomething();
} catch (MyException $e) {
    fixIt();
} catch (\Exception $e) {
    fixIt();
}

?>

error_reporting() With Integers

[Since 0.8.4] - [ -P Structures/ErrorReportingWithInteger ] - [ Online docs ]

Using named constants with error_reporting is strongly encouraged to ensure compatibility for future versions. As error levels are added, the range of integers increases, so older integer-based error levels will not always behave as expected. (Adapted from the documentation).

<?php

// This is ready for PHP next version
error_reporting(E_ALL & ~E_DEPRECATED & ~E_STRICT & ~E_NOTICE & ~E_WARNING);

// This is not ready for PHP next version
error_reporting(2047);

// -1 and 0 are omitted, as they will be valid even is constants changes.
error_reporting(-1);
error_reporting(0);

?>

• Always use the constant combination when configuring error_reporting or any PHP native function

Eval() Usage

[Since 0.8.4] - [ -P Structures/EvalUsage ] - [ Online docs ]

Using eval() is evil.

Using eval() is bad for performances (compilation time), for caches (it won't be compiled), and for security (if it includes external data).
Most of the time, it is possible to replace the code by some standard PHP, like variable variable for accessing a variable for which you have the name.
At worse, including a pregenerated file is faster and cacheable.

There are several situations where eval() is actually the only solution :

For PHP 7.0 and later, it is important to put eval() in a try..catch expression.

<?php
    // Avoid using incoming data to build the eval() expression : any filtering error leads to PHP injection
    $mathExpression = $_GET['mathExpression']; 
    $mathExpression = preg_replace('#[^0-9+-*/(/)]#is', '', $mathExpression); // expecting 1+2
    $literalCode = '$a = '.$mathExpression.';';
    eval($literalCode);
    echo $a;

    // If the code code given to eval() is known at compile time, it is best to put it inline
    $literalCode = 'phpinfo();';
    eval($literalCode);

?>

• Use a dynamic feature of PHP to replace the dynamic code
• Store the code on the disk, and use include
• Replace create_function() with a closure!

<?php

// Throw an exception, that may be caught somewhere
throw new Exception('error');

// Dying with error message. 
die('error');

function foo() {
    //exiting the function but not dying
    if (somethingWrong()) {
        return true;
    }
}
?>

<?php
    // This script has no forgotten whitespace, not at the beginning
    function foo() {}

    // This script has no forgotten whitespace, not at the end
?>

<?php

// an iffectation : assignation in a If condition
if($connexion = mysql_connect($host, $user, $pass)) {
    $res = mysql_query($connexion, $query);
}

// Iffectation may happen in while too.
while($row = mysql_fetch($res)) {
    $store[] = $row;
}

?>

<?php

// Still the same value than $m, but now cast to integer or float
$m = $m * 1; 

// Still the same value than $m, but now cast to integer or float
$n *= 1; 

// make typecasting clear, and merge it with the producing call.
$n = (int) $n;

?>

<?php

// Set x with incoming value, or else null. 
$x = @$_GET['x'];

?>

<?php
    // Explicit code
    $b = (boolean) $x; 
    $b = (bool) $x; 

    // Wrong type casting
    $b = !!$x; 

?>

<?php

// Including a library. 
include 'lib/helpers.inc';

// Including a library, and avoiding double inclusion
include_once 'lib/helpers.inc';

?>

<?php

// This is the best comparison
if (strpos($string, 'a') === false) { }

// This is OK, as 2 won't be mistaken with false
if (strpos($string, 'a') == 2) { }

// strpos is one of the 26 functions that may behave this way
if (preg_match($regex, $string)) { } 

// This works like above, catching the value for later reuse
if ($a = strpos($string, 'a')) { }

// This misses the case where 'a' is the first char of the string
if (strpos($string, 'a')) { }

// This misses the case where 'a' is the first char of the string, just like above
if (strpos($string, 'a') == 0) { }

?>

<?php

    // $e is useful, though not by much
    $e = new() Exception();
    throw $e;

    // $e is useless
    throw $e = new Exception();

?>

<?php

if ($error) {
    // Debugging usage of var_dump
    // And major security problem 
    var_dump($query);
    
    // This is OK : the $query is logged, and not displayed
    $this->log(print_r($query, true));
}

?>

<?php

class myString {
    private $string = null;
    
    public function __construct($string) {
        $this->string = $string;
    }
    
    public function __toString() {
        // Do not throw exceptions in __toString
        if (!is_string($this->string)) {
            throw new Exception("$this->string is not a string!!");
        }
        
        return $this->string;
    }
}   

?>

<?php

$a = 0b10;
$b = 0B0101;

?>

<?php

$email = 'contact@exakat.io';

?>

<?php

$a = <<<EOD
heredoc
EOD;

?>

<?php

$hexadecimal = 0x10;

$anotherHexadecimal =0XAF;

?>

<?php
    // 32 
   $a = '0cc175b9c0f1b6a831c399e269771111';

?>

<?php
$nowdoc = <<<'EOD'

EOD;

?>

<?php

  $a = 1234; // decimal number
  $a = 0123; // octal number (equivalent to 83 decimal)

  // silently valid for PHP 5.x
  $a = 01283; // octal number (equivalent to 10 decimal)

?>

<?php

// the first argument is recognized as an URL
ftp_connect('http://www.example.com/', $port, $timeout);

// the string argument  is recognized as an URL
$source = 'https://www.other-example.com/';

?>

<?php

$a = '1'; // not a reference
$b = &$a; // a reference

?>

<?php

function foo() {
    // static variable
    static $count = 0;
    
    echo ++$count;
}

class bar {
    // This is not a static variable : 
    // it is a static property
    static $property = 1;
}

?>

<?php

// Quite a long variable name
$There_is nothing_wrong_with_long_variable_names_They_tend_to_be_rare_and_that_make_them_noteworthy = 1;

?>

<?php

// person, in Simplified Chinese
class 人 {
    // An actual working class in PHP.
    public function __construct() {
        echo __CLASS__;
    }
}

// people = new person();
$人民 = new 人();

?>

<?php

// Reading an incoming email, with sanitation
$email = filter_var($_GET['email'], FILTER_SANITIZE_EMAIL);

?>

<?php

// The variables below never appear again in the code
$writtenOnce = 1;

foo($readOnce);

?>

<?php

// Normal variable
$a = 'b';
$b = 'c';

// Variable variable
$d = $$b;

// Variable variable in string
$d = "$\{$b\}";

?>

<?php

abstract class foo {
    function foobar(); 
}

class bar extends foo {
    // extended method
    function foobar() {
        // doSomething()
    }

    // extra method
    function barbar() {
        // doSomething()
    }
}
?>

<?php

// abstract class
abstract class foo {
    // abstract method
    function foobar(); 
}

class bar extends foo {
    // extended abstract method
    function foobar() {
        // doSomething()
    }

    // extra method
    function barbar() {
        // doSomething()
    }
}
?>

<?php
    $dateTime = new DateTime();
    echo (clone $dateTime)->format('Y');
?>

<?php

const __MY_APP_CONST__ = 1;

const __MY_APP_CONST__ = 1;

define('__MY_OTHER_APP_CONST__', 2);

?>

<?php

const A = 'constant_value';

$constant_name = 'A';

$variableConstant = constant($constant_name);

?>

<?php

// empty trait
trait t { }

// Another empty trait
trait t2 {
    use t; 
}

?>

<?php

trait t {
    function t() {
        echo 'I\'m in t';
    }
}

class foo {
    use t;
}

$x = new foo();
$x->t();

?>

<?php

// This trait is called 't'
trait t {}

?>

<?php

// Normal syntax
if ($a == 1) { 
    print $a;
}

// Alternative syntax : identical to the previous one.
if ($a == 1) : 
    print $a;
endif;

?>

<?php

// All PHP versions array
$a = array(1, 2, 3);

// PHP 5.4+ arrays
$a = [1, 2, 3];

?>

<?php

include 'library.php';

// display is a function defined in 'library.php';
display('Message');

?>

<?php
$row = 1;
if (($handle = fopen('test.csv', 'r')) !== FALSE) {
    while (($data = fgetcsv($handle, 1000, ',')) !== FALSE) {
        $num = count($data);
        echo '<p> $num fields in line $row: <br /></p>'.PHP_EOL;
        $row++;
        for ($c=0; $c < $num; $c++) {
            echo $data[$c] . '<br />'.PHP_EOL;
        }
    }
    fclose($handle);
}
?>

<?php

// Recommended way to write a use statement.
use  A\B\C\D as E;

// No need to use the initial \
use \A\B\C\D as F;

?>

<?php
function odd($var)
{
    // returns whether the input integer is odd
    return($var & 1);
}

function even($var)
{
    // returns whether the input integer is even
    return(!($var & 1));
}

$array1 = array('a'=>1, 'b'=>2, 'c'=>3, 'd'=>4, 'e'=>5);
$array2 = array(6, 7, 8, 9, 10, 11, 12);

echo 'Odd :'.PHP_EOL;
print_r(array_filter($array1, 'odd'));
echo 'Even:'.PHP_EOL;
print_r(array_filter($array2, 'even'));
?>

<?php
/*
Our php.ini contains the following settings:

display_errors = On
register_globals = Off
post_max_size = 8M
*/

echo 'display_errors = ' . ini_get('display_errors') . "\n";
echo 'register_globals = ' . ini_get('register_globals') . "\n";
echo 'post_max_size = ' . ini_get('post_max_size') . "\n";
echo 'post_max_size+1 = ' . (ini_get('post_max_size')+1) . "\n";
echo 'post_max_size in bytes = ' . return_bytes(ini_get('post_max_size'));

function return_bytes($val) {
    $val = trim($val);
    $last = strtolower($val[strlen($val)-1]);
    switch($last) {
        // The 'G' modifier is available since PHP 5.1.0
        case 'g':
            $val *= 1024;
        case 'm':
            $val *= 1024;
        case 'k':
            $val *= 1024;
    }

    return $val;
}

?>

<?php
echo decbin(12) . PHP_EOL;
echo decbin(26);
?>

<?php

// PHP 5.5 and older
$postdata = $HTTP_RAW_POST_DATA;

// PHP 5.6 and more recent
$postdata = file_get_contents(php://input);

?>

<?php

// Concatenating with an empty string is useless.
$string = 'This part '.$is.' useful but '.$not.'';

// This is a typo, that PHP turns into a constant, then a string, then nothing.
continue;

// Empty string in a concatenation
$a = 'abc' . '';

// Returning expression, whose result is not used (additions, comparisons, properties, closures, new without =, ...)
1 + 2;

// Returning post-incrementation
function foo($a) {
    return $a++;
}

// array_replace() with only one argument
$replaced = array_replace($array);
// array_replace() is OK with ... 
$replaced = array_replace(...$array);

// @ operator on source array, in foreach, or when assigning literals
$array = @array(1,2,3);

// Multiple comparisons in a for loop : only the last is actually used.
for($i = 0; $j = 0; $j < 10, $i < 20; ++$j, ++$i) {
    print $i.' '.$j.PHP_EOL;
}

// Counting the keys and counting the array is the same.
$c = count(array_keys($array))

//array_keys already provides an array with only unique values, as they were keys in a previous array
$d = array_unique(array_keys($file['messages']))

// No need for assignation inside the ternary operator
$closeQuote = $openQuote[3] === "'" ? substr($openQuote, 4, -2) : $closeQuote = substr($openQuote, 3);

?>

<?php

abstract class foo {
    // This is not possible
    static abstract function bar() ;
}

?>

<?php

define('+3', 1); // wrong constant name! 

echo constant('+3'); // invalid constant access

// This won't compile, with a syntax error.
// const 3A = 3;

?>

<?php

// OS is defined twice. 
if (PHP_OS == 'Windows') {
    define('OS', 'Win');
} else {
    define('OS', 'Other');
}

?>

<?php
    function x($arg = 1) {
        // PHP code here
    }
?>

<?php

// Operator === is faster
if ($a === null) {

}

// Function call is slow 
if (is_null($a)) {

}
?>

<?php

function foo($string) {
    assert(!empty($string), 'An empty string was provided!');
    
    echo '['.$string.']';
}

?>

<?php

// $this is an array
class Foo extends ArrayAccess {
    function bar() {
        ++$this[3];
    }
}

// $this is not an array
class Foo2 {
    function bar() {
        ++$this[3];
    }
}

?>

<?php

$a = 0;
$b = "$a"; // This is a one-variable string

// Better way to write the above
$b = (string) $a;

// Alternatives : 
$b2 = "$a[1]"; // This is a one-variable string
$b3 = "$a->b"; // This is a one-variable string
$c = "d";
$d = "D";
$b4 = "{$$c}";
$b5 = "{$a->foo()}";

?>

<?php

if (is_int($_GET['x'])) {
    $number = (int) $_GET['x'];
} else {
    error_display('a wrong value was provided for "x"');
}

?>

<?php

function foo() {
    return array(1 => 'a', 'b', 'c');
}

echo foo()[1]; // displays 'a';

// Function subscripting, the old way
function foo() {
    return array(1 => 'a', 'b', 'c');
}

$x = foo();
echo $x[1]; // displays 'a';

?>

<?php

// Nested loops
foreach($array as $a) {
    foreach ($letters as $b) {
        // This is performed count($array) * count($letters) times. 
        doSomething();
    }
}

?>

<?php

class foo {
    // Static method may access other static methods, or property, or none. 
    static function staticBar() {
        // This is not possible in a static method
        return self::otherStaticBar() . static::$staticProperty;
    }

    static function bar() {
        // This is not possible in a static method
        return $this->property;
    }
}

?>

<?php

    while(list($key, $value) = each($array)) {
        doSomethingWith($key) and $value();
    }

    foreach($array as $key => $value) {
        doSomethingWith($key) and $value();
    }
?>

<?php

switch ($x) {
    // Is it a fallthrough or not ? 
    case 1:
        doSomething(); break;

    // Easily spotted break.
    case 1:
        doSomethingElse(); 
        break;

    default : 
        doDefault(); 
        break;
}

?>

<?php

const A = 1;

case ($x) {
    case 1 : 
        break;
    case true:    // This is a duplicate of the previous
        break; 
    case 1 + 0:   // This is a duplicate of the previous
        break; 
    case 1.0 :    // This is a duplicate of the previous
        break; 
    case A :      // The A constant is actually 1
        break; 
    case $y  :    // This is not reported.
        break; 
    default:
        
}
?>

<?php

// Missing default
switch($format) {
    case 'gif' : 
        processGif();
        break 1;
    
    case 'jpeg' : 
        processJpeg();
        break 1;
        
    case 'bmp' :
        throw new UnsupportedFormat($format);
}
// In case $format is not known, then switch is ignored and no processing happens, leading to preparation errors


// switch with default
switch($format) {
    case 'text' : 
        processText();
        break 1;
    
    case 'jpeg' : 
        processJpeg();
        break 1;
        
    case 'rtf' :
        throw new UnsupportedFormat($format);
        
    default :
        throw new UnknownFileFormat($format);
}
// In case $format is not known, an exception is thrown for processing 

?>

<?php

// as an argument
function foo($this) {
    // Using global
    global $this;
    // Using static (not a property)
    static $this;
    
    // Can't unset it
    unset($this);
    
    try {
        // inside a foreach
        foreach($a as $this) {  }
        foreach($a as $this => $b) {  }
        foreach($a as $b => $this) {  }
    } catch (Exception $this) {
        // inside a catch
    }
    
    // with Variable Variable
    $a = this;
    $$a = 42;
}

class foo {
    function bar() {
        // Using references
        $a =& $this;
        $a = 42;
        
        // Using extract(), parse_str() or similar functions
        extract([this => 42]);  // throw new Error(Cannot re-assign $this)
        var_dump($this);
    }

    static function __call($name, $args) {
        // Using __call
        var_dump($this); // prints object(C)#1 (0) {}, php-7.0 printed NULL
        $this->test();   // prints ops
    }

}
?>