LowFile-scopePHP Plug & play

Do Not Use Deprecated or Removed Functions

Avoid functions or extensions deprecated in recent PHP versions (e.g., mysql_* or preg_replace without proper delimiters). Use modern supported alternatives like PDO/MySQLi for DB or PCRE functions (preg_match, preg_replace with correct syntax).

Add to Mesrai Open workspace

Why this matters

Deprecated functions may be removed in future PHP releases and often lack security updates. Using up‐to‐date functions ensures compatibility, features, and security fixes, improving code longevity.

Bad vs. good

Side-by-side examples engineers can pattern-match during review.

Avoid

<?php
// deprecated mysql_
$link = mysql_connect('localhost','user','pass');
?>

Prefer

<?php
// use PDO instead of mysql_
$pdo = new PDO('mysql:host=localhost;dbname=test','user','pass');
?>

More snippets

Bad

<?php
// deprecated mysql_
$link = mysql_connect('localhost','user','pass');
?>

Good

<?php
// use PDO instead of mysql_
$pdo = new PDO('mysql:host=localhost;dbname=test','user','pass');
?>

Related rules

From the same buckets as this rule.

Critical
Encrypt ePHI at rest with KMS-managed AES-256 and envelope keys
Before persisting ePHI, encrypt using a data key protected by a Key Management Service (KMS). Use authenticated encryption (AES-256-GCM or equivalent), rotate keys, and store the key id and algorithm with the record.
compliance-hipaasecurity-hardening+2
High
De-identify analytics and block PHI egress to third parties
Any PR that adds or modifies telemetry/analytics must prove that no PHI leaves the boundary. Use irreversible tokenization or hashing (HMAC with secret salt) for identifiers and document the data dictionary.
compliance-hipaaprivacy-pii+2
High
Disallow per-package registries and proxies
Registry configuration (e.g., .npmrc, .yarnrc.yml) must live at the monorepo root. Forbid .npmrc files inside workspace packages overriding registry auth or URL.
monorepo-hygienedependency-supply-chain+1

Bad vs. good

Side-by-side examples engineers can pattern-match during review.

Avoid

<?php
// deprecated mysql_
$link = mysql_connect('localhost','user','pass');
?>

Prefer

<?php
// use PDO instead of mysql_
$pdo = new PDO('mysql:host=localhost;dbname=test','user','pass');
?>

More snippets

Bad

<?php
// deprecated mysql_
$link = mysql_connect('localhost','user','pass');
?>

Good

<?php
// use PDO instead of mysql_
$pdo = new PDO('mysql:host=localhost;dbname=test','user','pass');
?>

Related rules

From the same buckets as this rule.

Critical

Encrypt ePHI at rest with KMS-managed AES-256 and envelope keys

Before persisting ePHI, encrypt using a data key protected by a Key Management Service (KMS). Use authenticated encryption (AES-256-GCM or equivalent), rotate keys, and store the key id and algorithm with the record.

compliance-hipaasecurity-hardening+2

High

De-identify analytics and block PHI egress to third parties

Any PR that adds or modifies telemetry/analytics must prove that no PHI leaves the boundary. Use irreversible tokenization or hashing (HMAC with secret salt) for identifiers and document the data dictionary.

compliance-hipaaprivacy-pii+2

High

Disallow per-package registries and proxies

Registry configuration (e.g., .npmrc, .yarnrc.yml) must live at the monorepo root. Forbid .npmrc files inside workspace packages overriding registry auth or URL.

monorepo-hygienedependency-supply-chain+1