What’s New in PHP 7.3 (Coming Soon)
- Updated on: 2018-12-14
- Read original article here
What’s New in PHP 7.3 (Coming Soon)
By Carlo Daniele • Updated on August 29, 2018
5
0
PHP 7.3 is knocking on our door and with it comes new useful features, functionalities, deprecations, and a good number of bug fixes. This release is all about web developers. The current Beta 2 version was released on August 16, coming perfectly on time with the PHP 7.3 timetable.
You can download the current PHP 7.3 version for your development and testing, but keep in mind that, this shouldn’t currently be used in production environments.
PHP 7.3 timetable (source: PHP 7.3 Preparation Tasks )
In this post, we’ll provide an overview of the features and changes that we personally consider most relevant. But you can always check the full list of features, changes and bug fixes in PHP 7.3 upgrade notes and PHP 7.3 Requests For Comments .
What’s new in PHP with PHP 7.3?
In this post we’re covering the following PHP 7.3 changes:
Deprecations
Flexible Heredoc and Nowdoc Syntaxes
This is probably one of the most relevant improvements coming with PHP 7.3, and we think it deserves a little more attention. So, before diving into PHP 7.3 heredoc/nowdoc changes, we’ll provide a quick overview of this useful core feature. If you are already confident with nowdoc and heredoc, feel free to jump to the PHP 7.3 changes.
PHP 7.3: Remove the Trailing New Line Requirement From the Closing Marker
An overview of heredoc and nowdoc syntaxes
The heredoc syntax provides a way of adding a large amount of text without the need to escape things like double quotes. A heredoc starts with <<< followed by a marker, and ends with the same marker followed by a semicolon. Here is an example:
print <<
A nowdoc behaves much like a heredoc, with some exceptions:
The identifier is enclosed in single quotes (<<<'EOT')
No parsing is done inside a nowdoc
Here is an example of nowdoc:
print <<<'EOT' Nowdocs are to single-quoted strings what heredocs are to double-quoted strings. EOT;
Heredocs and nowdocs share the same rules regulating the usage of the closing marker:
The closing marker must begin in the first column of the line
The marker must follow the same naming rules as any other label in PHP: it must contain only alphanumeric characters and underscores, and must start with a non-digit character or underscore.
The PHP Manual warns:
It is very important to note that the line with the closing identifier must contain no other characters, except a semicolon (;). That means especially that the identifier may not be indented, and there may not be any spaces or tabs before or after the semicolon. It’s also important to realize that the first character before the closing identifier must be a newline as defined by the local operating system. This is \n on UNIX systems, including macOS. The closing delimiter must also be followed by a newline.
PHP 7.2 invalid syntax:
To keep it short, in PHP 7.2:
The closing marker may not be indented
The line with the closing marker may not contain characters like spaces or tabs
The first character before the closing marker must be a newline
The closing marker must be followed by a newline
It’s clear enough that heredoc and nowdoc syntaxes are quite restrictive, but PHP 7.3 may change this a little with the following improvements.
1. Allow for the closing marker to be indented and for the leading whitespace to be stripped
With PHP 7.3 we are allowed to indent the closing marker, and we can safely write the following code:
class foo catch (\JsonException $exception)
Throwing an exception upon error would give several advantages that you’ll find listed on the RFC .
Note: an invalid depth parameter passed to json_decode() outputs a warning and returns NULL. This behaviour will not be affected by JSON_THROW_ON_ERROR. Similarly, parameter parsing errors are not affected by JSON_THROW_ON_ERROR and continue to produce warnings.
This proposal passed with 23 to 0 votes.
PHP 7.3 RFC
What Does Reference Assignment Mean?
Consider the following line:
$b = &$a;
Here $b gets the value of $a, but that value is not copied from $a to $b. In PHP we can assign a value by reference, meaning that two variables may point to the same data, and every change to any variable affects the original data. Here is an example from the PHP manual :
This proposal would change this scenario by adding two new functions to PHP core:
array_key_first()
array_key_last()
As of PHP 7.3, array_key_first() and array_key_last() allow to retrieve the first and the last key of a given array without affecting the internal array pointer. These new functions would allow us to write less complex code and in some cases avoid errors. See the RFC for further information and several examples.
array_key_first() and array_key_last() have been approved with 18 to 14 votes.
Note: the original RFC proposed two more functions, array_value_first() and array_value_last(), which were voted in a different poll, but haven’t been approved and won’t become parte of PHP core.
PHP 7.3 RFC
array_key_last
Argon2 Password Hash Enhancements
Argon2 is a hashing algorithm implemented in PHP 7.2 as an alternative to the Bcrypt algorithm. PHP 7.2 introduced the PASSWORD_ARGON2I constant, available to be used in password_* functions:
password_hash('password', PASSWORD_ARGON2I);
Since its first implementation, a new variant of Argon2 has been added, so, at the time of this writing, Argon2 comes in three variants:
Argon2d maximizes resistance to GPU cracking attacks. It is faster and uses data-depending memory access.
Argon2i uses data-independent memory access, which is preferred for password hashing. It is slower as it makes more passes over the memory to protect from tradeoff attacks.
Argon2id is a hybrid version that combines the Argon2i approach for the first pass over memory, and the Argon2d approach for subsequent passes.
Argon2id is recommended on the Internet, except when there are good reasons to specifically prefer another variant.
The new RFC proposes the implementation of Argon2id within the password_* functions with the new PASSWORD_ARGON2ID constant:
password_hash('password', PASSWORD_ARGON2ID);
The implementation is identical to the Argon2i implementation, and will accept the same cost factors:
A memory cost which defines the number of KiB that should be consumed during hashing (default values are 1<<10, or 1024 KiB, or 1 MiB)
A time cost that defines the number of iterations of the hashing algorithm (defaults to 2)
A parallelism factor, which sets the number of parallel threads that will be used during hashing (defaults to 2)
See the following code:
$options = ['memory_cost' => 1<<11, 'time_cost' => 4, 'threads' => 2]; password_hash('password', PASSWORD_ARGON2ID, $options);
More information and examples on the RFC .
PHP 7.3 RFC
The following functions/functionalities will be deprecated with PHP 7.3 and removed not later than PHP 8.0.
Deprecate and Remove image2wbmp()
The image2wbmp() function outputs or save a WBMP version of a given image. This function takes three arguments: an image resource, a filename (the path to the saved file), and a foreground color.
As of PHP 5.0, it is identical to imagewbmp() , so this RFC proposes to deprecate and remove it.
Since PHP 7.3, each call to image2wbmp() would issue a deprecation warning. After the removal, each call would throw a fatal error.
PHP 7.3 RFC
Deprecate and Remove image2wbmp()
Deprecate and Remove Case-Insensitive Constants
PHP currently supports both case-sensitive and case-insensitive constants. Anyway, case-insensitive constants are supported but considered subject to inconsistencies in functionalities and to be complex to use.
This proposal begins with the following premises:
class constants are always case-sensitive
global constants declared with const are always case-sensitive
constants defined with define() are case-sensitive by default
In addition, the PHP Language Reference explicitely states:
A constant is case-sensitive by default. By convention, constant identifiers are always uppercase.
That being said, this RFC proposes the following changes:
Deprecate calling define() with third parameter set to true – PHP 7.3
Deprecate accessing case-insensitive constants with a casing different from the declaration (with the exception of true, false and null) – PHP 7.3
Remove the possibility to declare case-insensitive constants – PHP 8.0
Convert true, false and null from special-cased constants into reserved keywords – PHP 8.0
PHP 7.3 RFC
Deprecate and Remove Case-Insensitive Constants .
Additional Deprecations for PHP 7.3
Here is a quick list of functionalities being deprecated in PHP 7.3. It’s not exhaustive, they’re just the deprecation proposals I personally consider more relevant. For a full list of proposed deprecations, see Deprecations for PHP 7.3 .
Undocumented mbstring function aliases: there’s a number of undocumented mbstring function aliases that are duplications of equivalent functions using mb_ prefix. For example, mbereg is an alias of mb_ereg.
All these functions would be marked as deprecated and a deprecation notice would be thrown when they are encountered during compilation.
String search functions with integer needle: these functions usually operate on string needles. If a non-string needle is given, it is converted to an integer and applied as the ordinal value of a character (read more on the PHP manual ). Here is an example from the RFC :
$str = "There are 10 apples"; var_dump(strpos($str, "10")); // int(10) var_dump(strpos($str, 10)); // bool(false)
This is considered to be confusing and cause unpredictable issues because the type can change with the user data source. For this reason, the RFC proposes the issue of a deprecation warning if a non-string needle is passed to one of the following functions:
strpos
strrchr
stristr
In PHP 8.0, the deprecation warning should be removed and the needles should be automatically converted into strings.
Looking for ways to improve your WordPress development workflow?
Kinsta’s hosting solution was built by developers for developers. Git, PHP 7, SSH, and WP-CLI, along with powerful staging and cloning environments gives you the tools you need to build sites faster!
See our advanced features
fgetss() function and string.strip_tags stream filter: fgetss() and string.strip_tags strip tags from a stream as they read it. Both the function and the filter expose the strip_tags() functionality making the implementation of strip_tags() more complex, as a streaming state machine is required. Additionally, the RFC points out another disadvantage of these functions:
On the other hand, these functions seem to be of very little utility. strip_tags() itself, due to its limitations and known bugs, already has very few legitimate applications. There is no need to provide native support for streaming application on top of that.
So the RFC proposes to mark fgetss(), gzgetss() and SplFileObject::fgetss() as deprecated.
What Does PHP 7.3 Mean for WordPress Users?
According to the official WordPress Stats page , as of writing this, only 32.9% of WordPress users have upgraded to PHP 7 or higher. Just 4% are using PHP 7.2 . You can see that a large majority of users, over 38%, are still running on PHP 5.6. What’s even scarier is that over 28.5% of users are using unsupported PHP versions. As of December 2016, WordPress.org actually bumped up their official recommendation for users from PHP 5.6 to PHP 7 or greater.
WordPress PHP versions
The numbers above are especially discouraging coming from a performance point of view, as PHP 7 has shown to be significantly faster. Here are a few stats:
Official PHP benchmarks show that PHP 7 allows the system to execute twice as many requests per second in comparison with the PHP 5.6, at almost half of the latency.
Christian Vigh also published a PHP performance comparison in which he found that PHP 5.2 was 400% slower than PHP 7.
We also ran our own performance benchmarks in 2018 with PHP 5.6 vs PHP 7 vs HHVM . And similarly to the benchmarks above, we saw that PHP 7.2 could execute almost three times as many transactions (requests) per second as compared to PHP 5.6.
WordPress PHP benchmarks
WordPress 4.9.4 PHP 5.6 benchmark results: 49.18 req/sec
WordPress 4.9.4 PHP 7.0 benchmark results: 133.55 req/sec
WordPress 4.9.4 PHP 7.1 benchmark results: 134.24 req/sec
WordPress 4.9.4 PHP 7.2 benchmark results: 148.80 req/sec
WordPress 4.9.4 HHVM benchmark results: 144.76 req/sec
Many are slow to update simply because of the time involved with testing new all their third-party plugins and themes to ensure they function properly. But a lot of times, it comes down to they simply haven’t done it yet. Not sure what version of PHP you’re running? One of the easiest ways to check is to use a tool like Pingdom or Google Chrome Devtools. The first HTTP request header will typically show you the version.
Check version of PHP
This relies on the host not modifying the X-Powered-By header value. If they do, you might not see your PHP version, in which case you would need to upload a file via FTP . Or you can always reach out to your host and ask.
Updating to PHP 7.3
PHP 7.3 isn’t quite out yet, but once it is you can start testing. You could test your WordPress site locally or check your scripts in an environment like Docker , which allows you to test different versions of PHP from the command line.
Or you can utilize a staging environment, as this will more closely resemble a live production site. Kinsta will be releasing PHP 7.3 as soon as it’s available and has been fully tested by our sysadmin team. You can then easily create a staging environment with a single click.
Test PHP 7.3 in staging environment
Simply change the PHP Engine for the staging site under “Tools” and you can start testing to ensure compatibility of your third-party plugins and themes. Once you confirm everything works, you can either change your production site over to PHP 7.3 or push your staging site to live .
Change to PHP 7.3
Summary
As of this writing, PHP 7.3 is in its Beta 2 phase, and according to the Preparation Tasks Timetable, it will be officially released in mid-December. It will bring us gifts like flexible heredocs and nowdocs, trailing commas in function calls, list() reference assignments and more. In this post, we’ve provided an overview of our favorite improvements and changes, but we would also like to know which are your favorite ones, and in which ways you’ll take advantage of them. Let us know in the comments below.
You can find the full list of PHP 7.3 proposals on the Requests For Comments page and GitHub’s PHP 7.3 Upgrade Notes .
If you enjoyed this article, then you'll love Kinsta's WordPress hosting platform. Whether it's speeding up your website or getting 24x7 support from our veteran WordPress team, we're here to help your business succeed. Our Google Cloud powered infrastructure focuses on auto-scaling, performance, and security. Let us show you the Kinsta difference! Check out our features
