Linting PHP with PHP_CodeSniffer
If for some reason you need to use something that has been disallowed in phpcs.xml you should have good arguments in favor to it. You should comment the change accordingly:
// This rule is disabled in this file because...
// phpcs:disable WordPress.Security.ValidatedSanitizedInput.MissingUnslash
With phpcbf it's quick to fix the most common errors that are not right accoring to your project phpcs.xml.
phpcbf --standard=phpcs.xml page.php
You should always comment your code as thorough as possible. For indentation we use to char space. Always use the latest .editorconfig: