Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Lorna Mitchell:
Generating a File List for Phan
Nov 27, 2015 @ 10:38:33

Lorna Mitchell has shared a tip she's found helpful when using the phan static analysis tool for finding only PHP files via a simple grep.

Phan is the PHP Analyzer for PHP 7 code. I've been using it, partly out of curiosity, and partly to look at what the implications of upgrading my various projects will be. [...] I generated my filelist.txt files with a little help from grep - by looking for all files with opening PHP tags in, and putting that list of filenames into a file.

The phan tool is still pretty young but it provides a good example of how to use the new php-ast handling to parse and analyze PHP code.

tagged: phan file list generate quick tip grep static analysis tool

Link: http://www.lornajane.net/posts/2015/generating-a-file-list-for-phan

SitePoint PHP Blog:
Writing PHP Git Hooks with Static Review
Sep 01, 2015 @ 11:16:01

On the SitePoint PHP blog Matthew Setter introduces the use of git hooks to help with automatic static analysis of your application's code, integrating it directly into your current workflow. He shows how to use this library to make creating and installing them as easy as a single command (and they're written in PHP).

If you’ve been using Git for more than a short length of time, you’ll hopefully have heard of Git hooks. [...] There are hooks for pre- and post-commit, pre- and post-update, pre-push, pre-rebase, and so on. The sample hooks are written in Bash, one of the Linux shell languages. But they can be written in almost any language you’re comfortable or proficient with. [...] Thanks to Static Review, by Samuel Parkinson, you can now write Git hooks with native PHP, optionally building on the existing core classes. In today’s post, I’m going to give you a tour of what’s on offer, finishing up by writing a custom class to check for any lingering calls to var_dump().

He walks you through the installation of the library and helps you create a simple working example that ensures you've correctly set up your (Composer) dependencies. He explains a bit about what's involved in the StaticReview package and the three "introspection" objects initialized for each run. He ends the post by walking you through the creation of a custom, more real-world check that evaluates your code (via a simple grep) to ensure no var_dump statements were left in.

tagged: static review git hook analysis tutorial

Link: http://www.sitepoint.com/writing-php-git-hooks-with-static-review/

Community News:
Launching Today: The Code Climate Platform
Jun 22, 2015 @ 09:57:56

Code Climate, the popular static code analysis service, has made an announcement that will definitely help make checking your PHP application for quality and security issues easier - the release of the Code Climate Platform. This platform provides, among other things, a command line tool that you can use to run their analysis rules on your own systems.

Today, we’re thrilled to launch the Code Climate Platform − the first open, extensible platform for all types of static analysis. [...] What does this mean exactly? First, we’re open sourcing our analysis tools, including the engines and algorithms we use to evaluate code. We’re also enabling anyone to write static analysis engines that run on our servers by following a simple specification. [...] Finally, using our new Code Climate CLI, you can now run any Code Climate-compatible static analysis on your laptop – for free.

This is a great step forward to helping ensure the overall quality of your codebase and makes it even easier than having to rely on a fully external service for the results. Plus, with the specification you can write rules and customize the checks according to your application or framework of choice. They have a developer program you can register for to find out more information about that.

tagged: codeclimate static analysis tool commandline platform opensource specification developer program

Link: http://blog.codeclimate.com/blog/2015/06/19/code-climate-platform/

Efficient Chinese Search with Elasticsearch
Dec 19, 2014 @ 11:56:41

On the SitePoint PHP blog a new tutorial has been posted showing you how to effectively search Chinese content with ElasticSearch. ElasticSearch is a "powerful open source search and analytics engine that makes data easy to explore" and plays nice with PHP via a JSON based query format.

If you have played with Elasticsearch, you already know that analyzing and tokenization are the most important steps while indexing content, and without them your pertinency is going to be bad, your users unhappy and your results poorly sorted. Even with English content you can lose pertinence with a bad stemming, miss some documents when not performing proper elision and so on. And that’s worse if you are indexing another language; the default analyzers are not all-purpose. When dealing with Chinese documents, everything is even more complex, even by considering only Mandarin which is the official language in China and the most spoken worldwide.

He starts by explaining exactly what the problem is with searching Chinese content including the fact that some words can actually be a combination of two or more characters (words). He then lists out a few plugins and tools that can be integrated with ElasticSearch to help with analyzing the content. He goes through each of them and provides instructions on installation and usage. He ends the post with a sample of the results for a set of three search terms, comparing the matches each found.

tagged: chinese search elasticsearch tutorial tokenization analysis

Link: http://www.sitepoint.com/efficient-chinese-search-elasticsearch/

SitePoint PHP Blog:
Analyzing a PHP Project with Jenkins
Dec 05, 2014 @ 10:58:32

The SitePoint PHP blog has posted the latest part in their Jenkins+PHP series today. In this new article (the final part in the series) they use the Jenkins setup they've walked you through already and actually run the analysis on the PHP project and the resulting information.

The results of Jenkins come from different tools and will be placed in different locations within the Jenkins GUI. [...] Within this article, we will be going through each tool and have a look at what it reports back to us. In the end, we will also look at some extra details Jenkins collects for us. Since we build the same project several times, we will get straight lines within our graphs. In a real project, the graph would fluctuate.

He goes through some examples of the results from his analysis including screenshots and explanations for:

  • PHP_CodeSniffer
  • PHP MD (Mess Detector)
  • PHP CPD (Copy & Paste Detector)
  • PHP Depend
  • PHPLOC (Lines Of Code)
  • PHPUnit
  • PHPDox

He also briefly mentions the "changes" information, showing you what changed in that particular build to help narrow down any issues that might have come up.

tagged: tutorial jenkins project analysis report output

Link: http://www.sitepoint.com/analyzing-php-project-jenkins/

Review of PHP Static Analysis Tools
May 09, 2014 @ 11:35:15

The Codacy.com blog has posted a review of various static analysis tools for PHP-based applications. These tools can help provided quality and consistency in your code in a more automated way.

Maintaining code quality over time is a hard challenge. It becomes even harder in large projects developed by many programmers. Each person has different code styles and different ways to approach problems. Over time, this may result in confusing and unmaintainable code. Static analysis tools can help developers solve this problem, they enforce coding standards, detect common errors and cleanup code blocks.

Tools mentioned in the post include: PHP_CodeSniffer, the PHP Mess Detector and the PHP Copy & Paste Detector. Each comes with an example of the command to execute it and some sample results. They also talk briefly about where and how these tools could fit into your current workflow, either during development or as a part of a full deployment process.

tagged: static analysis tool list review standards quality integration

Link: http://blog.codacy.com/2014/05/06/php-static-analysis-tools/

Carl Vuorinen:
Installing SonarQube with Jenkins integration for a PHP project
Sep 04, 2013 @ 10:50:25

Carl Vuorinen has posted a tutorial about getting SonarQube to run on your codebase (with the help of Jenkins). SonarQube runs statics on your application including lines of code, number of classes, enforcement of coding standards and duplicated code.

n this second part of my Continous Integration setup I will detail the steps required to install SonarQube (previously called just Sonar, renamed to SonarQube with 3.6 release just a few days ago) and integrate it with the Jenkins server from the previous post so SonarQube will run a daily analysis of our PHP project. In the previous post I covered the installation of Jenkins on a CentOS server and integrated it with GitHub, so if you do not have Jenkins set up you might want to start there.

He talks a bit about what SonarQube can do for you and the features it includes as well as links to a screencast and live demo. From there he gets into the setup and configuration, broken down into steps:

  • Installing SonarQube (with yum)
  • Creating the MySQL database it needs
  • Installing SonarQube Runner
  • Installing PHP environment for SonarQube
  • Integrating SonarQube with Jenkins

There's a quick note at the end about some things that can be done to optimize and clean up the installation too.

tagged: sonarqube jenkins code analysis project tutorial install configure

Link: http://cvuorinen.net/2013/07/installing-sonarqube-with-jenkins-integration-for-a-php-project/

Phil Sturgeon:
PHP Static Analysis in Sublime Text
Aug 21, 2013 @ 09:49:59

Phil Sturgeon has put together a new post for his site showing you how to set up static analysis of PHP code in the Sublime Text editor using various tools.

Coding Standards have been around for the longest time and recently they're starting to become more widespread in PHP. While learning Python I really enjoyed how Sublime Text 2 would shout at me for using too many empty lines, using tabs instead of spaces and even things like declaring unused local variables, importing modules that were never used, etc. This was pretty cool, and I was soon writing beautiful Python code without any concern over which way things should be done. I've been doing this with PHP for the last year, but trying to get a new-hire going with this stuff was hard. We smashed through it taking notes so now I've written it up for you guys.

He's broken it down into a few different steps (three of them) to get things like the right version of PHP, PHPMD and PHP_CodeSniffer installed and configured. There's a few config settings you'll need to change in Sublime to get things working correctly, but it's a relatively painless setup.

tagged: static code analysis phpmd phpcs sublimetext install configure

Link: http://philsturgeon.co.uk/blog/2013/08/php-static-analysis-in-sublime-text

Christopher Martinez:
Static code analysis tools for PHP
May 08, 2013 @ 12:38:22

Christopher Martinez has a recent post to his site that covers some of the static analysis tools available for PHP including the PHP Mess Detector, PHP CodeSniffer and the PHP Analyzer.

I believe in writing code that is easy to understand, easy to test, and easy to refactor. Yes, I realize that the statement above is pretty general and open to interpretation. Not everyone needs external tools to ensure quality in their code...but, I work on things from time to time that have absolutely no tests. [...] For whatever reason, this happens a lot more frequently in the PHP world. I'm guilty of not writing tests and checking how I write code, sometimes, too. Things are bright, though, for the PHP community - for quite some time now, we've had fantastic tools that assist us in writing better code.

He covers each of the tools, talks some about what they're good for and gives examples of their use, including output. He also talks some about the Pfff set of tools created by Facebook. He also talks some about how these tools fit into his daily work as a part of his pre-commit hooks in git.

tagged: static code analysis tools description example

Link: http://chrsm.org/2013/05/05/code-analysis-tools-for-php

PHPHint.org - Online PHP Code Analysis
Aug 08, 2012 @ 10:18:59

Klaus Silveira has submitted a project he's come up with to help PHP developers detect problems in their code via a web-based application - PHPHint.org.

PHPHint is a community-driven, quick and easy to use, online tool that analyzes your PHP code and looks for potential errors, lack of best practices and code smell. It also allows you to clean your code automagically.

It was created to spread the work about the PSR standards and the PHP-FIG group, the importance of getting rid of code smell and applying to standards.

Since it is an open source project, you can help contribute if you'd like to see improvements to the service. It's great that it takes the relatively new PSR standards (PSR-1 & PSR-2) into account when analyzing the code too.

tagged: phphintorg code analysis online psr1 psr2