PHP Lint API
PHP lint: POST {code}, get the bugs back with line numbers. Deterministic static analysis — code is never executed, no AI. Catches SQL injection (request data interpolated into query strings), the removed mysql_* API, unbalanced braces, '+' string concat, = vs == in conditions, type-juggling loose comparisons, eval/extract on request data, unused variables, leftover var_dump. Understands PHP tags, heredocs, interpolation. Max 128 KB.
Parameters
| Name | In | Description | |
|---|---|---|---|
code | body | required | PHP source to lint, max 128 KB |
Example request
curl -X POST "https://api.webbersites.com/api/lint/php" \
-H "Content-Type: application/json" \
-d '{"code":"<?php\n$q = \"SELECT * FROM users WHERE id = $_GET[id]\";\n$rows = mysql_query($q);"}'
# first call returns 402 + payment requirements; an x402 client pays and retries automaticallyExample response
{
"language": "php",
"syntax": {
"ok": true,
"errors": []
},
"issues": [
{
"line": 2,
"severity": "error",
"rule": "security/sql-injection",
"message": "request data ($_GET/$_POST/...) interpolated directly into an SQL string",
"hint": "use prepared statements with bound parameters (PDO/mysqli)"
}
],
"counts": {
"error": 2,
"warning": 0,
"info": 0
},
"verdict": "errors"
}How payment works
There is no signup and no API key. Call the endpoint; it replies 402 Payment Required with machine-readable payment requirements. Your client signs a USDC transfer authorization (EIP-3009, gasless) and retries with the X-PAYMENT header — @x402/fetch does this automatically. See the overview for a working snippet.