You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Usage of slow functions from within loops could lead to performance problems. Often times, database queries in
loops can be removed from the loop and rewritten to grab the data in a single query.
Built In Database Methods
Moodle comes with its own database layer. The base class is moodle_database
and it is accessed by the $DB global variable. This layer takes care of supporting
various database backends. All interactions with the database must go through this class.
Database Table Prefix
SQL written for Moodle should not include the table prefix. The table name should just be passed into the
moodle_database class method or if using raw SQL, the table name should be surrounded by curly brackets.
Valid: Not using the prefix.
Invalid: Using the prefix.
$DB->get_records('user', ['id' => 1]);
$DB->get_records_sql('SELECT * FROM {user} WHERE id = ?', [1]);
$DB->get_records('mdl_user', ['id' => 1]);
$DB->get_records_sql('SELECT * FROM mdl_user WHERE id = ?', [1]);
## Request Variables
Some request variables are not reliable or have been removed in later versions of PHP. Usage of them should
be avoided.
## Deprecated Parameter Constants
The constants prefixed with *PARAM_* within Moodle are used for cleaning parameters. Deprecated constants should not be used.
Always try to use the most specific constant possible, EG: PARAM_TEXT instead of PARAM_CLEAN.
## Modifying PHP Configuration Settings
Cannot use the *ini_set* PHP function. This can cause unexpected behavior.
Valid: Use Moodle method to modify PHP settings.
Invalid: Directly calling ini_set.
raise_memory_limit(MEMORY_HUGE);
ini_set('memory_limit', '1G');
## Superglobals
Not allowed to read values from PHP superglobals like *$_GET*, *$_POST*, etc.
## Warn About Raw SQL Functions
Moodle provides a number of helper functions for accessing the database, including some functions that allow
the use of raw SQL. This can be problematic if the SQL is complext, inefficient, or includes parameters
correctly. For this reason, this sniff warns about the use of these functions for further investigation.
Valid: Use placeholders for parameters.
Invalid: Using string concatenation for parameters.
$DB->get_records_sql('SELECT * FROM {course} WHERE shortname = ?', [$get]);
$DB->get_records_sql('SELECT * FROM {course} WHERE shortname = '.$get);
Valid: Make use of indexes when dealing with large data sets.
Invalid: There is no index on just username.
$DB->get_records_sql('
SELECT c.*
FROM {user_enrolments} ue
JOIN {enrol} e ON e.id = ue.enrolid
JOIN {course} c ON e.courseid = c.id
JOIN {user} u ON ue.userid = u.id
WHERE u.username = ?
AND u.mnethostid = ?
', [$USER->username, $CFG->mnet_localhost_id]);
$DB->get_records_sql('
SELECT c.*
FROM {user_enrolments} ue
JOIN {enrol} e ON e.id = ue.enrolid
JOIN {course} c ON e.courseid = c.id
JOIN {user} u ON ue.userid = u.id
WHERE u.username = ?
', [$USER->username]);
## Manual Inclusion of jQuery
Including jQuery and associated libraries manually can cause issues. The versions bundled with Moodle should be used.
Valid: Use Moodle's JQuery library.
Invalid: Using your own JQuery library.
$PAGE->requires->jquery();
$PAGE->requires->js('/mod/foo/jquery.js');
## Unconditional If Statements
If statements that are always evaluated should not be used.
Valid: An if statement that only executes conditionally.
Invalid: An if statement that is always performed.
if ($test) {
$var = 1;
}
if (true) {
$var = 1;
}
Valid: An if statement that only executes conditionally.
Invalid: An if statement that is never performed.
if ($test) {
$var = 1;
}
if (false) {
$var = 1;
}
## Todo Comments
FIXME Statements should be taken care of.
Valid: A comment without a fixme.
Invalid: A fixme comment.
// Handle strange case
if ($test) {
$var = 1;
}
// FIXME: This needs to be fixed!
if ($test) {
$var = 1;
}
## Todo Comments
TODO Statements should be taken care of.
Valid: A comment without a todo.
Invalid: A todo comment.
// Handle strange case
if ($test) {
$var = 1;
}
// TODO: This needs to be fixed!
if ($test) {
$var = 1;
}
## Byte Order Marks
Byte Order Marks that may corrupt your application should not be used. These include 0xefbbbf (UTF-8), 0xfeff (UTF-16 BE) and 0xfffe (UTF-16 LE).
## Multiple Statements On a Single Line
Multiple statements are not allowed on a single line.
Valid: Two statements are spread out on two separate lines.
Invalid: Two statements are combined onto one line.
$foo = 1;
$bar = 2;
$foo = 1; $bar = 2;
## Space After Casts
Spaces are not allowed after casting operators.
Valid: A cast operator is immediately before its value.
Invalid: A cast operator is followed by whitespace.
$foo = (string)1;
$foo = (string) 1;
## Lowercase Keywords
All PHP keywords should be lowercase.
Valid: Lowercase array keyword used.
Invalid: Non-lowercase array keyword used.
$foo = array();
$foo = Array();
## Line Endings
Unix-style line endings are preferred ("\n" instead of "\r\n").
## Deprecated Functions
Deprecated functions should not be used.
Valid: A non-deprecated function is used.
Invalid: A deprecated function is used.
$foo = explode('a', $bar);
$foo = split('a', $bar);
## PHP Code Tags
Always use <?php ?> to delimit PHP code, not the <? ?> shorthand. This is the most portable way to include PHP code on differing operating systems and setups.
## Silenced Errors
Suppressing Errors is not allowed.
Valid: isset() is used to verify that a variable exists before trying to use it.
Invalid: Errors are suppressed.
if (isset($foo) && $foo) {
echo "Hello\n";
}
if (@$foo) {
echo "Hello\n";
}
## Closing PHP Tags
Files should not have closing php tags.
Valid: No closing tag at the end of the file.
Invalid: A closing php tag is included at the end of the file.