1.2.1649. var_dump()… Usage¶
var_dump(), print_r() or var_export() should not be left in any production code. They are debugging functions.
They may be tolerated during development time, but must be removed so as not to have any chance to be run in production.
<?php
if ($error) {
// Debugging usage of var_dump
// And major security problem
var_dump($query);
// This is OK : the $query is logged, and not displayed
$this->log(print_r($query, true));
}
?>
1.2.1649.1. Suggestions¶
Remove usage of var_dump(), print_r(), var_export() without second argument, and other debug functions.
Push all logging to an external file, instead of the browser.
1.2.1649.2. Specs¶
Short name |
Structures/VardumpUsage |
Rulesets |
|
Exakat since |
0.8.4 |
PHP Version |
All |
Severity |
Critical |
Time To Fix |
Instant (5 mins) |
Precision |
Very high |
Features |
debug |
ClearPHP |
|
Examples |
|
Available in |