rspec/rules/S1998/php/rule.adoc

== Why is this an issue?

In PHP, references allow you to create multiple names for the same variable, enabling you to access and manipulate its value through different identifiers.
They are denoted by the ampersand symbol & placed before the variable name during declaration or assignment.

Any modification a method makes to a function parameter passed by reference will also be made to the original value.

This feature can be difficult to use correctly, particularly if the callee is not expecting a reference.

The improper use of references in function calls can make code less efficient rather than more efficient.

=== What is the potential impact?

While references can provide flexibility and efficiency in certain scenarios, they can also introduce complexity and potential pitfalls.
Incorrect usage of references may lead to unexpected behavior, difficult-to-debug code, and unintended side effects.
It's important to exercise caution and fully understand the implications before employing references.

== How to fix it in Core PHP

Refactor your code to not pass a reference as a function parameter.

=== Code examples

==== Noncompliant code example

[source,php,diff-id=1,diff-type=noncompliant]
----
myfun(&$name);  // Noncompliant
----

==== Compliant solution

[source,php,diff-id=1,diff-type=compliant]
----
myfun($name);
----

== Resources

=== Standards

* https://cwe.mitre.org/data/definitions/374[MITRE, CWE-374] - Weakness Base Passing Mutable Objects to an Untrusted Method


ifdef::env-github,rspecator-view[]

'''

== Implementation Specification

(visible only on this page)

include::message.adoc[]

'''

== Comments And Links

(visible only on this page)

include::comments-and-links.adoc[]
endif::env-github,rspecator-view[]