The new release of PHP 7.2.0 includes lots of great additions. It offers more features, new improvements, and better functionality. It enables the user to write better code and to use several interesting language features like never before. In this post, we will look at the newest aspects introduced in the latest iteration of PHP.
The update offers plenty of new improvements. It comes with many features that ensure better coding. The new features in PHP 7.2.0 include:
- Object typing hint
- Counting of various non-countable objects
- Conversion of numeric keys in array casts/object
- Mcrypt extension removed
- Argon2 in password hash
- HashContext as object
- Better TLS constants to various sane values
- New sodium extension
As we know, web developers generally either love or hate using PHP language. Anyone who truly enjoys using PHP will definitely love this new coding solution.
If you are a web developer who likes to work with PHP, then read on as we discuss the most important new features of the PHP 7.2.0 update.
Core Improvements in PHP 7.2.0
Here are some of the core improvements in the latest update of PHP.
The Solution for Trait Properties Bug
Until the release of PHP 7.2.0, there was an unfixed trait property bug. In the latest update, if a trait defines a property, a class cannot define a property having the same name unless it is more compatible (same initial value and visibility). Otherwise, it issues a fatal error.
So unlike PHP 7 and PHP 7.1, we can now expect to receive a fatal error. This behavior has been fixed in the recent update of PHP, and it is now working like it says it should in the PHP documentation. Now you can do a strict comparison. As you run the script in PHP 7.2, you will be notified of a fatal error.
Return Type Declaration
The recent update of PHP 7 adds further support for return type declarations. Just like argument type declarations, this declaration type also states the type of the value that is likely to return from a function. For return type declaration, the same types are offered as they are for the argument type declarations.
In PHP 7.2.0, a user is enabled to use the return type declaration in terms of object data type.
Moreover, strict typing also poses an impact on the return type declarations. Considering the default weak mode, all the returned values are coerced to the accurate type (in the case they are different and not already of that type). However, in strong mode, all the returned values must be of the accurate/correct type. Otherwise, a TypeError is received.
However, a child method should match the return type declaration with that of the parent method when you override a parent method. But if a return type is not defined by the parent method, then a child method may define it.
Generator Return Expressions
This feature of PHP is built upon a functionality released in PHP 5.5 called generator functionality. It allows for a return statement to be utilized in the generator and to allow the final expression to get returned. However, return by reference is restricted. The value can be obtained by using a new Generator “getReturn()” method that is only used when the generator is done yielding values.
Nevertheless, the ability to clearly return a final value using a generator is definitely a handy ability to possess. This is because it allows for a final value to fully return, by a generator, which can be particularly handled by a client code carrying out the generator. In comparison, this is a lot simpler than forcing a client code to first check if the final value is yielded or not and then handle the value particularly.
Session_start() now recognizes plenty of options which override the various session configuration directives set in php.ini.
These options have also been expanded to facilitate session.lazy_write, which remains on by default and makes PHP overwrite any session file with the change of session data only and read_and_close. This is an option which is only passable to session_start() to confirm that the session data must be read and then the session must be immediately closed while staying unchanged.
Security Improvements in PHP 7.2.0
Here are the recent security improvements implemented in PHP 7.2.0.
Argon 2 Algorithm in Password Hash
Argon 2, the winner of the Password Hashing Competition in 2005, is a strong hashing algorithm. Argon2 is in the midst of being recognized as the universal internet standard. Currently, the algorithm is considered to be more cost-effective and secure than Bcrypt, another hashing algorithm. The newly incorporated Argon2 can be used via the function – password_hash().
While Bcrypt takes into account only one cost factor, the new Argon2 takes into account the following three cost factors-
- A time cost- defines the iterations’ numbers of the hashing algorithm
- A memory cost- defines the KiB numbers that must be used during hashing.
- A parallelism factor- sets the number of parallel threads that will be consumed during hashing.
The default cost factors are defined by the three new constants as follows:
Lib-sodium Replaces Mcyrpt
Mcrypt was considered to be abandonware and a restriction to language growth. That is why it has been replaced with Libsodium in PHP 7.2.0. Libsodium is an advanced cryptography library which provides authentic encryption along with efficient elliptic curve cryptography.
Libsodium is comprised of carefully chosen algorithms that are implemented by security experts to prevent side-channel vulnerabilities. In other words, Libsodium is a cross-language and cross-platform library for decryption, encryption, password hashing, signature, and more.
Deprecated Features and Functions
The following are some of the deprecated functions and features of PHP 7.2.0 which are expected to be removed before the release of PHP 8.0.
Gmp_random() is taken as a platform-dependent feature and is likely to deprecate. Instead, gmp_random_rage() and gmp_random_bits() will be used.
(unset) the cast is another expression that commonly returns null and is hence considered useless.
Each() is utilized to iterate over a foreach() like an array, but foreach() is preferred because of its higher speed.
The spl_autoload_register in PHP 5.1 has superseded the _autoload function. But now deprecation is likely to occur when the function is encountered during compilation.
mbstring.fucc_overload has also been set for deprecation.
The assert() function confirms the given assertion and takes adequate actions if there is a FALSE result. The use of assert() with string arguments will be deprecated because it causes an RCE vulnerability.
The $php_errormsg variable is built in the local scope while a non-fatal error is received. But now, with the releases of PHP 7.2.0, error_clear_last and error_get_last will be used instead.
$errcontext is likely to deprecate since this functionality is causing problems for optimization. Since the $errcontext is used to modify all objects and references in the current scope, this functionality is hardly used.
Create_function() has many security issues. Moreover, it also has memory usage and bad performance issues.
Why Should a WordPress Developer Use PHP 7.2.0?
The recent upgrades to PHP brings fresh features and improved security measures. This may include factors like modern cryptography, additions to core features, and faster load speed for various sites.
Benefits of Using PHP
PHP is a highly compatible language that can be used with almost all database and server global standards (i.e. PostgreSQL, MySQL, Sybase, Oracle, Microsoft SQL Server, and Informix). It offers fast performance that is backed by an open source community.
It is used for a variety of purposes like generating files and dynamic pages. PHP enables you to manage and store information in a site database. It lets users encrypt data using security features and restricts unauthorized access to websites.
PHP is used by many renowned websites such as Yahoo, Facebook, and Wikipedia.
Even more importantly, the latest update of PHP 7.2.0 offers important security improvements, exciting new features, and performance enhancements.
The Performance of PHP 7.2.0
According to Phoenix benchmarks, PHP 7.2.0 is 13% faster than 7.1 and almost 20% faster than 7.0. Compared to PHP 2.6 (still used by 40% of PHP users), it is almost 25% faster.
There are many tests which support these stats and findings. The official PHP benchmark reveals that PHP 7 is twice as efficient and twice as fast as 5.6. PHP 7 has half the latency. Also, other benchmarks like Kinsta suggest PHP 7 could be up to three times faster than previous versions.
As discussed above, the main reason for the improved performance of PHP 7.2.0 is the inclusion of advanced features and deprecations of old functions. That is exactly what makes this version of PHP a perfect fit for WordPress users. However, developers must check the code and update the deprecated functions to make sure everything is compatible.
The Security Support of PHP 7.2.0
PHP 7.2.0 no longer offers security support. However, critical support will be still available until the end of 2018. The PHP community is no longer offering support for minor issues and bugs. The good news is that the latest update of PHP 7.2.0 will ensure that advanced security updates work properly, and the project will be continuously supported by the PHP community.
Libsodium is both the most important and most improved feature that has migrated from the older PHP to PHP 7.2.0. Fortunately, Libsodium is very easy to update.
If you plan to update to PHP 7.2.0, make sure your code is comprised of integration and unit tests. Such tests will help in catching any application related issues before it appears as a bug in a live environment.
In a Nutshell
PHP 7.2.0 is definitely a major upgrade in comparison to previous versions such as PHP 5.6. As you upgrade the code from PHP 5.6 to PHP 7, you might come across some incompatibilities, both in the libraries on which the code depends and in the code itself. However, the benefits of adopting PHP 7.2 will make your efforts worthwhile.
Since PHP 7.2 is much faster than the older versions of PHP, this allows the user to offer an improved service to their website users by implementing the advanced codes of the PHP language.
So are you ready to switch to the new PHP 7.2? If you haven’t updated it yet, then it’s a good time to start your transition. It’s time to check the codes and upgrade your scripts.
Let us know how you found the new improved features and functions of PHP 7.2.0 in the comments section below!