CodeClarityLab / Glossary
Ctrl K
← Home ← Codex ← DEBT
Browse by Category
+ added · updated 7d
Pages
Terms of Use About Contribute 🧠Logic graph Contact
← Back to glossary

Reflection API

PHP PHP 5.0+ Advanced
debt(d7/e5/b5/t5)
d7 Detectability Operational debt — how invisible misuse is to your safety net

Closest to 'only careful code review or runtime testing' (d7). Blackfire (listed) can detect performance cost in hot paths, but no linter flags reflection misuse by default; phpstan won't catch unchecked reflection use. Usually requires profiling or review.

e5 Effort Remediation debt — work required to fix once spotted

Closest to 'touches multiple files / significant refactor in one component' (e5). Removing reflection from hot paths typically requires adding metadata caching layers or replacing with compiled containers — not a one-liner per quick_fix guidance.

b5 Burden Structural debt — long-term weight of choosing wrong

Closest to 'persistent productivity tax' (b5). applies_to spans web/cli/queue and reflection often becomes load-bearing infrastructure in DI/ORM layers; touches many work streams but doesn't fully define system shape.

t5 Trap Cognitive debt — how counter-intuitive correct behaviour is

Closest to 'notable trap, documented gotcha' (t5). The misconception (only for framework devs) plus the non-obvious performance cost and encapsulation-breaking behavior are well-known gotchas most PHP devs eventually learn.

About DEBT scoring → scored by claude-opus-4-7 · 2026-05-11 · reviewed by human

Also Known As

PHP Reflection ReflectionClass introspection PHP

TL;DR

PHP's built-in introspection system for examining classes, methods, properties, and parameters at runtime.

Explanation

The PHP Reflection API (ReflectionClass, ReflectionMethod, ReflectionProperty, ReflectionFunction, ReflectionParameter) enables runtime inspection of code structure — reading type declarations, attributes, docblocks, visibility, and default values without invoking the code. It underpins dependency injection containers (resolving constructor parameters), ORM hydration, serialisation libraries, and testing frameworks. Reflection is powerful but has a performance cost — production DI containers cache reflection results. PHP 8.0 Attributes provide a structured, performant alternative to docblock-parsed metadata.

Common Misconception

The Reflection API is only useful for framework developers. Reflection enables runtime code generation, attribute processing, dependency injection containers, test mocking, and documentation generation — it is the backbone of most modern PHP frameworks.

Why It Matters

The Reflection API gives runtime access to class structure, docblocks, and attributes — it powers dependency injection containers, ORMs, and testing frameworks, but has non-trivial performance cost.

Common Mistakes

  • Using Reflection in hot code paths without caching results — ReflectionClass instantiation is expensive.
  • Not caching reflected class metadata in a DI container — reflecting the same class on every request adds measurable overhead.
  • Using Reflection to access private members of other classes in production code — breaks encapsulation.
  • Not using PHP 8 Attributes instead of docblock parsing when possible — native attributes are faster and type-safe.

Code Examples

✗ Vulnerable 
// Uncached reflection in a hot path:
function resolve(string $class): object {
    $ref = new ReflectionClass($class); // Expensive — not cached
    $params = $ref->getConstructor()->getParameters();
    // ... inject dependencies
}
✓ Fixed 
// Inspect class structure at runtime
$ref = new ReflectionClass(OrderService::class);
echo $ref->getName();       // 'App\Domain\OrderService'
echo $ref->getShortName();  // 'OrderService'

$methods    = $ref->getMethods(ReflectionMethod::IS_PUBLIC);
$constructor = $ref->getConstructor();

// Read PHP 8.0+ attributes:
foreach ($ref->getMethods() as $method) {
    foreach ($method->getAttributes(Route::class) as $attr) {
        $route = $attr->newInstance();
        echo $route->path;
    }
}

// Instantiate without constructor (DI containers, test fixtures):
$instance = $ref->newInstanceWithoutConstructor();
Added 15 Mar 2026
Edited 22 Mar 2026
Views 45

Curated in Warsaw under one editorial standard. 1,506 terms, single voice.  About this reference →

Rate this term
No ratings yet
🤖 AI Guestbook educational data only
| |
Last 30 days
1 ping T 0 pings W 1 ping T 0 pings F 0 pings S 0 pings S 1 ping M 1 ping T 0 pings W 1 ping T 2 pings F 0 pings S 1 ping S 1 ping M 1 ping T 2 pings W 0 pings T 0 pings F 0 pings S 0 pings S 0 pings M 3 pings T 0 pings W 0 pings T 0 pings F 0 pings S 0 pings S 1 ping M 0 pings T 0 pings W
Agents 0
No pings yet today
No pings yesterday
Amazonbot 10 Scrapy 7 Ahrefs 4 Unknown AI 3 Bing 3 SEMrush 3 Perplexity 2 Google 2 Claude 2 Meta AI 1 PetalBot 1
Also referenced
Dependency Injection 85 Magic Methods (__get, __set, __call…) 51 Attributes / Annotations (PHP 8.0) 46
How they use it
crawler 34 crawler_json 3 pre-tracking 1
Related categories
php 13.1k quality 5.1k
DEV INTEL Tools & Severity
🟢 Low ⚙ Fix effort: High
⚡ Quick Fix
Use PHP's Reflection API for framework-level metaprogramming (DI containers, ORMs, test mocking) — avoid using it in application code as it bypasses encapsulation and is significantly slower
📦 Applies To
PHP 5.0+ web cli queue-worker
🔗 Prerequisites
🔍 Detection Hints
Reflection used in hot path per-request; accessing private methods in tests via reflection when Closure::bind() would be cleaner
Auto-detectable: ✗ No phpstan blackfire
⚠ Related Problems
🤖 AI Agent
Confidence: Medium False Positives: Medium ✗ Manual fix Fix: Medium Context: File Tests: Update
CWE-470
✓ schema.org compliant