phpinfo() should not be used in production

Why you should care

For security purpose, developers should not leave phpinfo() in production code, as it displays information which can be used to compromise the server that your site is running on.

How we detect

CAST Highlight counts one occurrence each time phpinfo() is found into the source code.



About CAST and Highlight’s Code Insights

Over the last 25 years, CAST has leveraged unique knowledge on software quality measurement by analyzing thousands of applications and billions of lines of code. Based on this experience and community standards on programming best practices, Highlight implements hundreds of code insights across 15+ technologies to calculate health factors of a software.