I am looking for applications or methods for performing sanity checks of php code.
I hope to to avoid finding out about the coding mistakes the hard way, but instead find them before publishing the website.
display_errors = on and similar run-time methods find the problems too late.
So far I have found the following ways, which I think are not thorough enough:
php_check_syntax() from within php
php -l from the command line
ioncube php encoder
netbeans and eclipse as editors
What better way is there to find problems in PHP code early?
How bout unit testing? =) http://www.phpunit.de/
PHP Code Sniffer can help ensure you're writing code to a set standard.
http://pear.php.net/package/PHP_CodeSniffer/
PHP_CodeSniffer is a PHP5 script that tokenises and "sniffs" PHP, JavaScript and CSS files to detect violations of a defined coding standard. It is an essential development tool that ensures your code remains clean and consistent. It can also help prevent some common semantic errors made by developers.
Incidentally, if you want to get really into code checking, you can integrate Code Sniffer, PHPUnit and a repo together with something like phpUnderControl for automating such a process.
You could of course strip back a little and get a friend, colleague ... or dare I say it a Coding Buddy - nothing better than getting a real human being to check your code when you check it in :)
The DMS Software Reengineering Toolkit has a full PHP parser which does syntax checks. That's a big system if all you want is syntax checking.
One way to get "just" the syntax checking part of DMS is the SD PHP Formatter. This tool formats PHP code nicely. To do so, it parses it first (there's the syntax check) and then prettyprints it according to the structures implied by the PHP language rules. Of course, you could just ignore the formatted result and simply look for parsing errors.
If you like the test coverage idea, you should consider the SD PHP Test Coverage tool. This packages DMS to parse your source code, fill it with instrumentation to determine what gets executed when you run. It obviously has the syntax check still built in, as well as providing the test coverage ability.
Related
This might seem to be a silly question but I was wondering if there any programs out there that would scan over a directory of PHP scripts and generate a report that states exactly what databases and tables are queried in each particular script?
Our database type is MySQL. Thanks for your help.
You might try something like PHP Code Sniffer. It's a static analysis tool that can search through PHP code for certain rules. You may have to end up writing your own sniffing rules, but it might be somewhere you could start. I've used it to check PHP version updates and it's worked pretty well. Just search for 'php code sniffer custom standards' and you can find some useful stuff to help get started.
Problem
I have a legacy codebase I need to analyze and determine dependencies. Particularly the dependencies on classes (internal/external) and extensions (Memcache, PDO, etc).
What I've Tried
I have reviewed the tools listed in Is there a static code analyzer for PHP files?. Unfortunately, this post is dated and most of the promising tools like phpCallGraph no longer work.
My thought was to analyze the code lexically and look for class tokens. Reviewing a list of these would at least allow me to visually determine dependencies. However finding OtherClass in the following code may be complex:
$classname = 'OtherClass';
echo $classname::doubleColon();
In the end, I doubt I'm the first to need this. I'm sure a tool or combination of tools exist to provide what I need. So I'm asking the SO community before writing this myself.
Update
Ideally this tool will analyze multiple files with complete code coverage. As such, tools like Xdebug, while great, are not solutions to this exact problem.
Instead of phpCallGraph you could use Gopal Vijayaraghavan's inclued extension which in combination with Graphviz gives you a nice looking graph of all included files for a certain execution path.
Example:
Moreover, I'd recommend Xdebug (a PHP debugger) which offers a profiler that outputs data consumable by Valgrind. Use the debugger with a compatible IDE to follow the execution path (which helped me a lot to wade thru e.g. Drupal's massive call-stack).
Combine both and you should get a fairly thourough overview.
EDIT
Searched the web and found nWire for PHP - an eclipse plugin that looks like it could be the right tool for you (30 day free trial which should be enough to give you a head start).
I think PhpCodeAnalyzer is exactly what you're looking for - https://github.com/wapmorgan/PhpCodeAnalyzer
It print list of all used external extensions in code base.
For the past while I've been using phpdoc, phpunit (with xdebug for code coverage generation) and pdepend to produce documentation and code metrics. I can't help but think that things look a bit disjointed. Ideally I'd like to integrate the code coverage reports, test results and metrics together in one place — with the phpdoc output. I'm not using any CI system.
Is there anything that can help me achieve what I want to do or do I basically need to start hacking away at phpdoc and/or smarty templates?
I don't think there is a tool for combining phpdoc and the phpunit code coverage.
For the other tools you can check out "phpcb" - The PHP Code Browser.
It will combine the result from "PHP Code Sniffer", "PHP Mess Detector" and PHPUnits "CRAP" index by giving you a source code browser where you can look at the code an all the errors in one place.
Screenshots from a sample project:
I'm going to be doing some PHP editing for my job this summer, and am looking for an effective Emacs setup for editing it. I'm already heavily invested in Emacs, so switching to another editor is not worthwhile.
Right now, I have nXhtml-mode, which provides a PHP mode with syntax highlighting (there are at least three different ones in the wild) as well as MuMaMo for editing PHP embedded in HTML. I just started using Auto-Complete and Anything for programming and general Emacs stuff, respectively.
What I'm really looking for is an effective way to get Emacs to really understand the project, beyond just highlighting. Etags looks like a good option, but it looks like the process for generating new tags is kind of arduous and manual (or at least not invisible). The nice thing about Etags is that they integrate well with Anything and Auto-Complete. Other potential options are gtags (though I'm hesitant to install non-elisp files, just for the complexity), vtags, or Semantic, which I've messed with before and seems complicated to set up, plus it doesn't look like it has support for PHP.
Another option is Imenu, but it only works for the current buffer, and I would like to be able to jump to function definitions in other files (preferably using Anything for completion of the name).
The projects I will be working on are not that big (about 30,000 lines total), so the overhead of Etags probably won't be that big of an issue, but I'd rather not use it if there is a better solution.
So what is your preferred PHP editing system?
In addition to features you are already familiar with, I suggest you the followings.
ETags
I do not use ETags, but there is a question already on SO How to programmatically create/update a TAGS file with emacs. No good answer was posted, though, but it may be a good entry point to get an idea.
Debugging
Flymake is a mode to get on the fly syntax checking. It has support for PHP as well. It hints at syntax errors immediately as you type. The Flymake version shipped with Emacs 23 contains PHP support. If you have previous version, check Sacha Chua's post on Emacs and PHP: On-the-fly syntax checking with Flymake.
Another useful package is Geben that allows you to debug your scripts interactively. For PHP, you can use XDebug. There is a detailed tutorial on how to do that, see Debug php in emacs with geben.
Documentation lookup
PHP Mode has a nice feature to lookup the function's definition in PHP's manual in your web browser (M-x php-search-documentation or C-c C-f). You can combine it with Emacs-W3M to get the relevant manual page without leaving Emacs.
web-model.el (available on web-mode.org) handles pretty well php blocks embedded in an html document. This major mode will also highlight js and css parts.
As an alternative to ETags, consider GNU Global, aka "GTags". Global is a lot smarter about finding tags tables, and is fairly fast to update. Emacs-fu has a nice post about doing this on-the-fly.
BTW, if you're using the Windows port of GNU Global with a Windows Emacs build, use the DJGPP ("DOS") version. The MinGW ("Win32") build seems to have a problem with path names.
In addition to the answer given on May 28 '09, I think I can add some packages to it which enhanced my PHP experience on Emacs.
Auto-completion
ac-php is in my opinion a good additions to Etags. All references to a tag will be found with etags, but the definition with ac-php. ac-php is also configurable to which directories should be included. For example, while developing a wordpress plugin, you can add a reference to the directory containing the wordpress files in .ac-php-conf.json (which resides in the project root) and it will auto-complete, jump to reference, etc. This package supports company-mode and auto-complete.
Here's an example configuration of ac-php:
(use-package ac-php
:ensure t
:bind (:map
php-mode-map
("M-+" . ac-php-find-symbol-at-point)
("M-]" . ac-php-location-stack-back)
("<menu> r" . ac-php-remake-tags)
("<menu> R" . ac-php-remake-tags-all)))
Another option would be to use phpactor, but the Emacs interface is at the time of writing still in alpha stage, with which I also hardly have any experience - except for the constructor completion, which works pretty well.
Error checking
In addition to syntax errors, Flycheck supports phpMessDetector and phpCodeSniffer out of the box. This enables you to have more enhanced notice/warning/error reporting based on supported coding standard and best practices.
Another package I like for static analysis is PHPStan Emacs interface, which reports potential errors in your code (including incorrect type hints).
Additional formatting
I also use phpcbf (which apparantly is archived). This package formats the buffer into the wanted coding standard.
Semantic
For anyone in the dark, Semantic is a built-in Emacs package and provides IDE like features. Here's an example how to include semantic for php-mode:
(add-hook 'php-mode-hook (lambda ()
(require 'semantic/symref/grep)
(add-to-list 'semantic-symref-filepattern-alist '(php-mode "*.php" "*.inc"))
(semantic-mode)))
Imenu
For including imenu jumping to definitions, another example configuration:
This is the sidebar for jumping to in-file methods and functions.
(use-package imenu-list
:ensure t
:config
(setq imenu-list-focus-after-activation t)
:bind (:map php-map
("<menu> \\" . imenu-list-smart-toggle)))
Example config for helm support in jumping to definitions in all project files:
(use-package imenu-anywhere
:ensure t
:after helm
:bind (:map php-map
("<menu> |" . helm-imenu-anywhere)))
Additional debugging
Besides geben, I like to use psysh, which by dropping in eval(\Psy\sh()); gives a repl on that line of code and gives access to all definitions and whatever else one would have access to (ofcourse, after requiring it in composer).
More generally handy packages
Snippets
Maybe a bit obvious for everyone already experienced with Emacs, but yasnippet is also very handy for writing your own templates. There are also packages that include a lot of predefined templates for all sorts of languages, but I write my own to keep Emacs a little less bloated than my set-up already is, it also helps me remember them more easily.
Project management
Excuse the obviousness again, but Projectile is also a very good package which by default includes git support for scoping the project.
Offline documentation
If you use Zeal for offline documentation browsing, there's also zeal-at-point. Example configuration, if you use, lets say: PHP, CodeIgniter and WordPress:
(use-package zeal-at-point
:ensure t
:bind (("<menu> z" . zeal-at-point))
:config
(add-to-list 'zeal-at-point-mode-alist '(php-mode . ("codeigniter" "wordpress" "php"))))
I'm using a pre-commit hook to lint-check PHP source submitted by our staff, and everyone's really happy with the results. The staff have agreed it would be useful to have the code re-formatted to follow (customizable) style rules on commit. Are there any FOSS scripts which can do this from the command-line?
PHP_CodeSniffer is a nice PEAR package, but it only sniffs the PHP documents for detecting violations of coding standards - it doesn't fix the violations or re-formats the documents. However, it's a great package that every PHP-developer should at least know about - and maybe you can get your fellow staff members to sanitize their code on their own.
You can edit the sniffing-filter in PHP_CS the way you want it to work. I on the other hand likes the default settings, which is at least a good start for writing better code.
Was looking for the same thing, just came across the PHP Beautfier package in the PEAR repository:
http://pear.php.net/package/PHP_Beautifier
Hope this helps!
Not quite an answer, but since you bring it up, there should be a command line PHP beautifier. Until then you're stuck with sed to fix tabs.
The problem is, its very difficult to write something like what you want without writing a parser for the PHP language. So, if someone were to write such a tool, it should also provide lint functionality, be platform independent and released under a very unrestrictive license.
Considering the above, I think that's why one doesn't (currently) exist (that I could find). I'm posting this as an answer to say thanks for the idea, which is also why this is CW.
Not on the command-line but perhaps useful: PHP/Eclipse can do auto source formatting and I think you can run it on an entire project in one go. http://www.phpeclipse.com/ .