Audit required: Use of insecure `eval()` function foundPHP-A1000Syntax errorPHP-E1111Invalid use of `implements` keywordPHP-W1008Call with inconsistent number of parametersPHP-W1025Undefined function call detectedPHP-E1000Exception being raised is not from a valid exception classPHP-E1001Method is called but not definedPHP-E1002Invalid static method call detectedPHP-E1003Missing return statement in method/functionPHP-E1004Invalid use of class method overridingPHP-E1005Invalid typehint detected in arrow functionPHP-T1000Literal array with empty item(s)PHP-W1001Use of an empty `[]` to read from an arrayPHP-W1002Use of deprecated `(unset)` castPHP-W1003Bad class attribute(s)PHP-W1004Invalid usage of class constant fetch expressionPHP-W1006Duplicate declaration foundPHP-W1007Interface doesn't inherit from another interfacePHP-W1009Invalid use of `extends` keywordPHP-W1010Invalid use of `use`PHP-W1011Invalid property promotionPHP-W1013Invalid attribute classPHP-W1015Trait as attribute is not allowedPHP-W1016Function call parameters are inconsistentPHP-W1020`break` / `continue` used outside of a loopPHP-W1027Abstract method found outside of an abstract classPHP-W1030Undefined static properties must not be accessedPHP-W1034Undefined constants must not be usedPHP-W1038Detected use of `@` to suppress errorsPHP-W1078Attribute class cannot target class constantsPHP-W1005Access to an undefined static propertyPHP-E1007Audit required: Presence of debug function foundPHP-A1012Audit required: Use of an insecure cipherPHP-A1007Audit required: Include statements might be vulnerable to injection attacksPHP-A1001Audit required: SQL query might be vulnerable to injection attacksPHP-A1002Audit required: Sensitive cookie without `HttpOnly` attributePHP-A1003Audit required: Use of an insecure hashing functionPHP-A1004Audit required: Sensitive cookie without `secure` attributePHP-A1005Directory created with insecure permissionsPHP-A1006Manual generation of session ID detectedPHP-A1008Audit required: Function may be vulnerable to arbitrary commands executionPHP-A1009Audit required: Entity substitution can be vulnerable to XXE attacksPHP-A1010Found class constants inside a traitPHP-E1113`switch` statement contains multiple `default` casesPHP-E1114Invalid `options` array while creating a cookiePHP-E1116Abstract method has definitionPHP-E1118Use of compute intensive function in loop conditionPHP-P1000Use of duplicate type in Union types detectedPHP-T1005Use of nullable `mixed` is forbiddenPHP-T1006Nested function declaration is discouragedPHP-W1023Invalid typehint detected in functionPHP-W1029`echo` called with an invalid valuePHP-W1041Type casting is not validPHP-W1042`print` called with a value which isn't a `string`PHP-W1044Audit required: Insecure use of loggerPHP-A1011Class constants don't comply with PSR standardsPHP-C1000Invalid use of increment/decrement operatorsPHP-E1006Array contains duplicate keysPHP-W1000Undefined properties must not be accessedPHP-W1033`use` statement has no effectPHP-W1069Dead code found after `return`PHP-W1074Variable assigned to itselfPHP-W1077Parameter with a default value is not lastPHP-W1079Variable is used but not definedPHP-W1066Class method doesn't comply with PSR standardsPHP-C1001Invalid type used inside string literalPHP-W1043Use of deprecated `libxml_disable_entity_loader()`PHP-W1086Visibility should be explicitly declaredPHP-W1088Function comparison is always positivePHP-W1089Useless post increment/decrementPHP-W1090Missing native return type declaration for closure/anonymous functionPHP-T1003Unused private class property foundPHP-W1075Unused private class method foundPHP-W1076Invalid class instantiationPHP-W1012Invalid assignmentPHP-W1032`throw` expression used in PHP < 8.0PHP-W1017Invalid return typehint for functionPHP-T1002Unsafe usage of `new static()`PHP-W1014Invalid arrow functionPHP-W1018Invalid return typehint for closurePHP-T1001Abstract method defined in a non-abstract classPHP-E1115Unused variable in the closure `use`PHP-W1039Unused constructor parameterPHP-W1037Bad argument passed to `isset`PHP-W1040Typed property accessed before initializationPHP-E1008Class used with `instanceof` is not of valid typePHP-E1009`nullsafe` returned by referencePHP-W1019Invalid closure attributePHP-W1021Attribute class can not be used with functionPHP-W1022Attribute class can not be used with parameter/propertyPHP-W1024`nullsafe` expression returned by referencePHP-W1026Attribute class can not be used with methodPHP-W1031Attribute class can not be used with propertyPHP-W1035Useless `unset` callPHP-W1036Inaccessible propertyPHP-W1067Empty function/method foundPHP-W1080Empty block of code foundPHP-W1085Defining case-insensitive constants is deprecatedPHP-W1083Use of nested `switch` statements foundPHP-W1091`match` expression is returning `void`PHP-W1045Unknown magic method detectedPHP-W1081`final` keyword is redundantPHP-W1082Use of deprecated filter constantPHP-W1084`string` casting in concatenation is redundantPHP-W1087Missing class doc commentPHP-D1001Missing function/class method doc commentPHP-D1002Use of `FIXME`/`XXX`/`TODO` encounteredPHP-W1073Class property provided with an invalid typePHP-T1004Unresolvable use statementPHP-W1068`compact()` called with undefined variablesPHP-W1070Invalid regex pattern foundPHP-W1071Invalid symbol in group `use` statementPHP-W1072Consider using `func_num_args`PHP-P1001Function with cyclomatic complexity higher than threshold foundPHP-R1006
PHP logoPHP/
PHP-W1042

Type casting is not validPHP-W1042

Critical severityCritical
Bug Risk categoryBug Risk

The value you are trying to cast into another type cannot be done. This would lead to a runtime notice(E_NOTICE) before PHP 8.0 and a warning(E_WARNING) after PHP 8.0.

This issue will be raised in the following cases:

  • Trying to cast object to int(or integer) type.
  • Trying to cast object to float or double or real type.
  • Trying to cast array to string type.
  • Trying to cast object to string type.
  • Trying to use (unset) to cast a value to null. Casting to null has been DEPRECATED as of PHP 7.2.0, and REMOVED as of PHP 8.0.0. So relying on this feature is highly discouraged.

Bad practice

class Calc
{
    public function add(int|float $a, int|float $b): int|float
    {
        return $a + $b;
    }
}

function getValueAsInteger(Calc $calc)
{
    // invalid: $calc variable is object of class Calc which could not be converted to int
    return (int) $calc;
}

function getValueAsFloat(Calc $calc)
{
    // invalid: $calc variable is object of class Calc which could not be converted to float
    return (float) $calc;
}

function getValueAsString(Calc $calc)
{
    // invalid: $calc variable is object of class Calc which could not be converted to string
    return (string) $calc;
}

print_r(getValuesAsString([1, 2.5, 9, 100]));

function getValuesAsString(array $values)
{
    // invalid: cannot convert array to string
    return (string) $values;
}

function convertTextToNull(string $text)
{
    // invalid: avoid using unset as it is been deprecated as of PHP 7.2, and removed as of PHP 8.0
    return (unset) $text;
}

class Calc
{
    public function add(int|float $a, int|float $b): int|float
    {
        return $a + $b;
    }
}

function getValueAsInteger(Calc $calc)
{
    /**
     * Use a method which can return valid type that can be converted to integer.
     * To find out valid type, refer to "Converting to integer" link from resources section.
     */
    return (int) $calc->getValue();
}

function getValueAsFloat(Calc $calc)
{
    /**
     * Use a method which can return valid type that can be converted to float.
     * To find out valid type, refer to "Converting to float" link from resources section.
     */
    return (float) $calc->add();
}

function getValueAsString(Calc $calc)
{
    /**
     * Use a method which can return valid type that can be converted to string.
     * To find out valid type, refer to "Converting to string" link from resources section.
     */
    return (string) $calc->add();
}

print_r(getValuesAsString([1, 2.5, 9, 100]));

function getValuesAsString(array $values)
{
    // Loop through array to cast it into string
    $result = [];
    foreach ($values as $value) {
        $result[] = (string) $value;
    }

    return $result;
}

function convertTextToNull(string $text)
{
    // avoid using (unset) cast at all
    return null;
}

References