PHP online
You can test PHP MySQL with PDO, and also test PHP Sodium (PHP 7.4.8 and PHP 8 Only).
To execute your code, you must copy and paste, drag and drop a PHP file or directly type in the «PHP code» online editor below, and click on «Run» button.
You can see the user guide to help you to use this php sandbox tool.
User guide
- First, Drag and drop your PHP file or copy / paste your PHP text directly into the editor above.
- Finally, you must click on «Run» button to display the result.
- Click on the menu button «Save & share».
- Choice a password to protect your share, so only you can change it.
- Note the URL to access your share.
- Click on the menu button «Load example» > «PDO / MySQL».
- Click on the menu button «Load example» > «Sodium / Generate public and secret keys».
- Click on the menu button «Load example» > «MongoDB».
PHP tester
PHP code tester is a web-based tool, it allows to test PHP code online directly in your browser. You can write, test, and run PHP code. Your code is executed on our server, it is only stored for the time to execute it.
This PHP playground can be useful to make online test to save time (deployment . ). You can also share your code, this can be useful for example when you have a problem and want to share it on a forum.
You can test different version of PHP (5.6.40, 7.4.8 and 8). Doing PHP online allows you not to have lots of versions of PHP on your computer.
You can use the PDO module (MySQL database). If you need to test a particular module or another database, you can specify it in a comment (I will study the request).
With an online PHP editor, developers can quickly write and test code without needing to install and set up a local development environment.
Note: Some functions have been disabled for security reasons.
Choice a password to modify/delete this PHP snippet later Enter password to modify this PHP snippet. Enter password to delete this PHP snippet. Enter the new password for the fork.
Action
$keys = sodium_crypto_box_keypair(); $secretKey = sodium_crypto_box_secretkey($keys); $publicKey = sodium_crypto_box_publickey($keys); echo "Your base64 encoded public key: ".base64_encode($publicKey)."\n"; echo "Your base64 encoded secret key: ".base64_encode($secretKey)."\n";
$dsn = «mysql:host=mysql;dbname=php_tester»; $user = «php_tester»; $passwd = «password»; $pdo = new PDO($dsn, $user, $passwd); $stm = $pdo->query(«SELECT ‘1’ as id, ‘Albert’ as name UNION SELECT ‘2’ as id, ‘Isaac’ as name UNION SELECT ‘3’ as id, ‘Marie’ as name «); $rows = $stm->fetchAll(PDO::FETCH_NUM); foreach($rows as $row)
// Connect to phpTester database $manager = new MongoDB\Driver\Manager("mongodb://php-tester:123@localhost:27017/phpTester"); // Insert a document $bulkWrite=new MongoDB\Driver\BulkWrite; $doc=array("title" => "PHP Tester", "description" => "Test PHP code online"); $bulkWrite->insert($doc); $manager->executeBulkWrite('phpTester.example', $bulkWrite); // Get all documents $query = new MongoDB\Driver\Query(array()); $cursor = $manager->executeQuery('phpTester.example', $query); // Convert to Array and print result print_r($cursor->toArray()); // Delete all documents $bulkDelete = new MongoDB\Driver\BulkWrite; $bulkDelete->delete(['title' => 'PHP Tester' ], ['limit' => 0]); $manager->executeBulkWrite('phpTester.example', $bulkDelete); PHP Code Checker
Check your PHP code security before your next Pull Request commit and get immediate insights on critical bugs using our free online PHP code checker — powered by Snyk Code.
Sign up for free to unlock the the full power of Snyk, no credit card required.
How to use the free code checker
Copy and paste your PHP code into the editor.
Select your language from the dropdown.
Click the Check code button.
Use the results to improve your PHP code.
Get your PHP code bug-free and secure right from the IDE
This free code checker can find critical vulnerabilities and security issues in PHP code bases with a click. To take your application security to the next level, we recommend using Snyk Code for free right from your IDE.
- Call to undefined functions
- Cannot redeclare (function)
- Fatal error: Function name must be a string
- File I/O corruptions
- API contract violations
- Null dereferences
- Process/threading deadlock problems
- Incorrect type checking
- Expression logic mistakes
- Regular expression denial of service
- Invalid time/date formatting
- Resource leaks
- Ambiguous isset() behavior
- Unsanitized data in $_GET or $_POST
- Insecure use of $_SERVER
- Insecurely serializing PHP objects
- Missing input data sanitization
- Insecure password handling
- Protocol insecurities
- Indefensive permissions
- Man-in-the-Middle attacks
- Weak cryptography algorithms
- Information disclosure
- Code injection
- SQL injection
Improved PHP code security powered by Snyk Code
This free web based PHP code checker is powered by Snyk Code. Sign up now to get access to all the features including vulnerability alerts, real time scan results, and actionable fix advice within your IDE.
Human-in-the-Loop PHP Code Checker
Snyk Code is an expert-curated, AI-powered PHP code checker that analyzes your code for security issues, providing actionable advice directly from your IDE to help you fix vulnerabilities quickly.
Scan and fix source code in minutes.
Fix vulns with dev friendly remediation.
Find vulns early to save time & money.
Integrates into existing workflow.
Comprehensive semantic analysis.
Modern ML directed by security experts.
Automatically scan every PR and repo.
Integrate scans into the build process.
Frequently asked questions
Good quality PHP code is consistently formatted and contains minimal misuse of the language, violations of pre-set code standards, or bugs. Clean code is high-quality, meaning that it’s reusable, maintainable, easy to test, consistent, and reliable.
PHP code could be considered unreadable or unmaintained if it contains confusing errors such as poor formatting, inconsistent indentation, and one-letter variables. Using too many dependencies could also lead to poor-quality code, as it adds complexity, and potentially exposes you to function and security issues. These misformatting and dependency issues can lead to confusion when collaborating with other developers, and they can cause errors that are difficult to pinpoint and fix.
PHP code security focuses on ensuring that your own code has minimal vulnerabilities. Often enough, security and quality go hand-in-hand. This is because the less complex (and therefore, higher quality) your code is, the easier it will be to defend against potential attacks. But even though they can be improved in tandem, code security and quality are still two different things.
To reduce PHP code risks, it’s important to focus on securing HTTP session management, filesystem access, and SQL database queries. Proper PHP code security also means looking at the system from the user’s perspective. Ensure that any user-submitted data gets vetted for possible threats and keep error messages as vague and language-neutral as possible. This prevents malicious users from revealing the inner workings of your system or using submission fields to manipulate your data.
When it comes to using open source PHP code, specifically, your team should be vetting all components taken from open source communities. It’s unfortunate, but not everything available for public use is secure by default. So, it’s a good idea to use scanners like Snyk Open Source to ensure that the components and dependencies of components within your application have minimal risk.
A PHP code checker will statically analyze PHP source code and detect potential issues automatically, with the goal of surfacing issues in code quality and security. It measures the syntax, style, and documentation completeness of your source code.
In addition to uncovering code vulnerabilities and quality issues, a code checker will often provide in-depth insights to help teams fix the errors inside flagged lines of code. The key to using a code checker correctly is to include it as early as possible in your secure software development life cycle (SSDLC). This facilitates shared responsibility — a DevSecOps approach — and prevents your development team from becoming overwhelmed with remediation by enabling them to code securely from the start.
Many organizations use a PHP code checker to perform static application security testing (SAST). If your teams decide to go this route, it’s important to choose a tool with the following traits:
- Easily integrates into existing developer workflows
- Produces minimal false positives in scan results
- Takes a comprehensive approach to scanning source code
- Combines with linters, to thoroughly check code syntax and style
- References a comprehensive database of vulnerabilities
- Checks for security issues within your team’s proprietary PHP code and open source components
- Gives actionable recommendations for remediating found vulnerabilities or quality issues
- Pinpoints the source of the issue, as precisely as possible
A PHP code checker that’s focused on security, in particular, will check your system’s configuration, semantics, data flow, and structure for any areas that do not follow security best practices or that leave open doors for attackers to leverage.
If your team chooses to implement a PHP code checker, there’s a good chance that it will detect some common syntax and logical errors, such as:
- Calling on an external file that no longer exists in the directory
- Writing a function with the wrong parameters
- Calling on an undefined variable
- Creating a syntax error, such as unclosed brackets/quotes, incorrectly-written semicolons/parentheses, or mistyped variable names
- Failing to define a function or class and possibly causing a fatal error at startup, compilation, or runtime
These errors are best avoided by writing clean code from the start. This is done by keeping all lines of code minimally dependent on other components, straightforward, easily read by other team members, and tailored to the function they’re trying to perform (and nothing else).
A PHP syntax error occurs when the PHP parser reading your code cannot understand what you are trying to execute. This happens because a coder has failed to follow the correct rules of the PHP language.
Common syntax errors happen because a developer misspells something (especially when calling on a variable). They also occur when a symbol or punctuation mark is left out. A basic example of a syntax error could be when a PHP script starts with “” to close the script is not included, or vice versa. It’s also common to accidentally leave out semicolons or one end of a set of quotation marks.
A PHP code checker automates the code-checking process, saving immeasurable time and costs for an organization’s software development team. It enables them to shift security left, meaning that security and quality measures happen at the beginning of the software development cycle, rather than the end. This way, development teams don’t need to backtrack and search through poor quality or vulnerable PHP code that they wrote days — or even weeks — earlier to fix issues discovered at or near runtime.
An AI-powered PHP code checker can catch errors and vulnerabilities that the human eye could never detect during peer code reviews or pair programming. It’s not only more thorough but also saves time for developers and integrates well into other automated practices, such as a CI/CD pipelines. Instead of needing to check through code manually, they simply need to run their newly-written artifacts through the checker. An AI-powered PHP code checker is especially powerful because it’s been trained by hundreds of thousands of open source projects, and can tap into this knowledge as it discovers possible issues. Not only does it flag code errors, but an AI engine also has the ability to give remediation suggestions.
Check your PHP code, right within your IDE. Secure your code as you develop. Snyk’s free IDE plugins scan your PHP code for vulnerabilities instantaneously, then provide recommendations for remediation.
Secure your PHP code while you program
with static application security testing built by, and for, developers.