PHP

PHP

By DeepSource

Audit required: Presence of debug function foundPHP-A1012

Security

Debugging functions such as var_dump, print_r or var_export should not be kept in production code. These functions display information about the variable, which can be helpful during development. However, if they contain any sensitive information, the presence of these functions in production code can expose that. Therefore, it is advised to avoid using it in production.

Examples

Bad practice

function getUser() {
    $query = buildQuery('users', ['*']);

    var_dump($query);
}

Recommended

function getUser() {
    $query = buildQuery('users', ['*']);

    Log::info(print_r($query, true));
}

References