Vulnerabilities scanner

Call of this function may be unsafe.

Locating this inspection

By ID

Can be used to locate inspection in e.g. Qodana configuration files, where you can quickly enable or disable it, or adjust its settings.

PhpTaintFunctionInspection

Via Settings dialog

Path to the inspection settings via IntelliJ Platform IDE Settings dialog, when you need to adjust inspection settings directly from your IDE.

Settings or Preferences | Editor | Inspections | PHP | Taint analysis

Inspection ID: PhpTaintFunctionInspection

Inspection options

Here you can find the description of settings available for the Vulnerabilities scanner inspection, and the reference of their default values.

Is global variables influence on variables taint mark?

Option ID:

SHOW_FOR_GLOBAL

Default value:

Not selected

Show output statements?

Option ID:

SHOW_FOR_OUTPUT

Default value:

Not selected

Show for includes?

Option ID:

SHOW_FOR_INCLUDE

Default value:

Not selected

Max recursion depth

Option ID:

CALL_DEPTH_LIMIT

Default value:

Other available settings:

Suppressing Inspection

You can suppress this inspection by placing the following comment marker before the code fragment where you no longer want messages from this inspection to appear:

//noinspection PhpTaintFunctionInspection

More detailed instructions as well as other ways and options that you have can be found in the product documentation:

Inspection Details
By default bundled with:	Qodana for PHP 2025.3,

Last modified: 03 December 2025