PHP download

Download the PHP package yd-shomer/php-shomer without Composer

On this page you can find all versions of the php package yd-shomer/php-shomer. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download yd-shomer/php-shomer
More information about yd-shomer/php-shomer
Files in yd-shomer/php-shomer

Vendor yd-shomer
Package php-shomer
Short Description SQL Query Guardian (שומר) - Runtime validation and security for PHP development
License MIT
Homepage https://github.com/yd-shomer/php-shomer

Keywords sql security mysql debugging validation pdo development mysqli guardian prepared-statements sql-injection shomer

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of yd-shomer/php-shomer

Informations about the package php-shomer

🛡️ PHP Shomer (שומר)

Version Downloads License

Shomer (שומר) means "Guardian" in Hebrew

Your SQL Query Guardian - Runtime validation and security for PHP development. Catch SQL errors and security issues before they reach production.

🎯 Why "Shomer"?

French citation : "Il ne dort ni ne sommeille le Gardien ..."

Just as a guardian protects and watches over, Shomer vigilantly protects your application by validating SQL queries during development, catching errors and security issues before they reach production.

In the Hebrew tradition, a Shomer (שומר) is a vigilant guardian who watches and protects. PHP Shomer applies this same vigilance to your SQL queries, acting as a silent guardian during development, ready to alert you at the slightest danger.

✨ Features

🛡️ Guards against SQL injection patterns
👁️ Watches for syntax errors
⚔️ Protects with prepared statement validation
📧 Alerts via email for critical issues
🎓 Teaches best practices
💡 Suggests secure query fixes (verbose mode)
🚀 Zero performance impact in production
💯 100% compatible with PDO and MySQLi
📍 Auto-captures execution context (file, line, URL, function) for instant debugging

📦 Installation

🚀 Quick Start

Disable in Production

📚 Usage Examples

Example 1: Validate Prepared Statement (PDO Style)

Example 2: Detect Parameter Mismatch

Example 3: Detect SQL Injection Attempts

Example 4: Classic Query (Non-Prepared) - Not Recommended

Example 5: Email Notifications

🔧 Configuration

Basic Configuration

Advanced Usage

🎓 What Shomer Validates

Prepared Statements

✅ Placeholder count matches parameter count
✅ No mixing of ? and :named placeholders
✅ No hardcoded values in prepared queries
✅ No unescaped PHP variables in query string

Syntax Validation

✅ Balanced parentheses
✅ Balanced quotes (single and double)
✅ Proper INSERT field/value count matching
✅ WHERE clause presence in UPDATE/DELETE

Security Checks

✅ SQL injection pattern detection
✅ Dangerous SQL keywords in parameters
✅ Superglobal variables in queries
✅ Unescaped user input

Best Practices

✅ Encourages prepared statements over raw queries
✅ Warns about SELECT * usage
✅ Detects missing WHERE in UPDATE/DELETE
✅ Educational error messages

📊 Validation Report Structure

📍 Execution Context (Auto-Captured)

Shomer automatically captures where the query validation was called:

File & Line: Exact location in your code
Function/Method: Which function or method called the validation
URL: The request URL (in web context)
HTTP Method: GET, POST, etc. (in web context)
Script: The CLI script path (in CLI context)

This means debugging is instant - no need to search through your codebase! The error report comes "ready to use" with all the information you need.

Example email alert:

💡 Secure Query Suggestions (Verbose Mode)

When verbose mode is enabled, Shomer doesn't just tell you what's wrong—it shows you how to fix it!

For each detected issue, Shomer provides:

✅ Secure SQL - The corrected query
✅ PHP Code Example - Ready-to-use implementation
✅ Explanation - Why this approach is better

Example:

Suggestions are provided for:

Non-prepared queries → Convert to prepared statements
Parameter count mismatches → Fix parameter arrays
Missing WHERE clauses → Add proper conditions
SELECT * usage → Specify columns explicitly
Hardcoded values → Use placeholders
Field count errors → Match fields and values

This makes Shomer not just a validator, but a teaching tool that helps you learn secure SQL practices!

🔒 Security Note

Shomer is a development tool, not a replacement for proper security practices:

✅ DO: Use Shomer during development to catch issues early
✅ DO: Always use prepared statements in production
✅ DO: Disable Shomer in production (SHOMER_ENABLED = false)
✅ DO: Validate and sanitize user input

❌ DON'T: Rely solely on Shomer for production security
❌ DON'T: Use raw SQL queries in production
❌ DON'T: Trust user input without validation

🚀 Performance

Development Mode (SHOMER_ENABLED = true):

Full validation and analysis
Detailed error reporting
~0.001-0.005 seconds per query

Production Mode (SHOMER_ENABLED = false):

Instant bypass with single condition check
~0.0000002 seconds per query (negligible)
Zero memory overhead

🤝 Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

Fork the project
Create your feature branch (git checkout -b feature/AmazingFeature)
Commit your changes (git commit -m 'Add some AmazingFeature')
Push to the branch (git push origin feature/AmazingFeature)
Open a Pull Request

📝 Testing

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

🙏 Acknowledgments

Inspired by the Hebrew concept of Shomer (שומר) - Guardian
Built with ❤️ for the PHP community
Special thanks to all contributors

📞 Support

Shomer: Because your database deserves a guardian.
שומר - Protecting your queries, one validation at a time.

All versions of php-shomer with dependencies

PHP Build Version

Package Version

Version v1.0.0 Release 22. Dec 2025
create-project require 0 people chose require and
0 people chose create-project.

Download

Download latest version of php-shomer from vendor yd-shomer

Requires php Version >=7.4

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package yd-shomer/php-shomer contains the following files

Loading the files please wait ...