PHP in 2013

Branches

PHP 5.3: security fixes only
PHP 5.4: old stable
PHP 5.5: stable
PHP 5.6: the mysterious future

PHP 5.4

Released March 1, 2012
Now at PHP 5.4.21

PHP 5.4

Added traits
Added the [short, array, syntax]
Added a CLI Web server

PHP 5.4

Removed safe mode
Removed magic quotes
Removed register_globals

PHP 5.5

Released June 20
Now at PHP 5.5.5

Generators

Easy way of implementing iterators
Simplified syntax with yield

Generators

Example: implement a forward-only xrange()

Generators


class RangeIterator implements Iterator {
    private $start;
    private $limit;
    private $step;
    private $current;

    public function __construct($start, $limit, $step = 1) {
        $this->start = $start;
        $this->limit = $limit;
        $this->step = $step;
        $this->current = $start;
    }

    public function current() {
        return $this->current;
    }

    public function key() {
        return ($this->current - $this->start) / $this->step;
    }

    public function next() {
        $this->current += $this->step;
    }

    public function rewind() {
        $this->current = $this->start;
    }

    public function valid() {
        return ($this->current >= $this->start && $this->current <= $this->limit);
    }
}

function xrange($start, $limit, $step = 1) {
    return new RangeIterator($start, $limit, $step);
}

Generators


function xrange($start, $limit, $step = 1) {
  for ($i = $start; $i <= $limit; $i += $step) {
    yield $i;
  }
}

Generators


function xrange($start, $limit, $step = 1) {
  for ($i = $start; $i <= $limit; $i += $step) {
    yield $i;
  }
}

foreach (xrange(1, 9, 2) as $number) {
  echo "$number\n";
}

Generators


(yield $key => $value);
yield;

Generators


function xrange($start, $limit, $step = 1) {
  for ($i = $start; $i <= $limit; $i += $step) {
    $command = (yield $i);
    if ($command == 'stop') {
      return;
    }
  }
}

Generators


$gen = xrange(1, 9, 2);
foreach ($gen as $number) {
  echo "$number\n";
  $gen->send('stop');
}

Generators


function this_week() {
  $date = new DateTimeImmutable('6 days ago');
  $now = new DateTimeImmutable;
  while ($date <= $now) {
    $formatted = $date->format('Y-m-d');
    (yield $date => $formatted);
    $date = $date->add(new DateInterval('P1D'));
  }
}

Generators


foreach (this_week() as $dt => $formatted) {
  echo $dt->format(DateTime::ISO8601)."\n";
}

Generators


function this_week() {
  $date = new DateTimeImmutable('6 days ago');
  $now = new DateTimeImmutable;
  while ($date <= $now) {
    $formatted = $date->format('Y-m-d');
    (yield $date => $formatted);
    $date = $date->add(new DateInterval('P1D'));
  }
}

Generators


2013-11-02T07:18:59-0700
2013-11-03T07:18:59-0800
2013-11-04T07:18:59-0800
2013-11-05T07:18:59-0800
2013-11-06T07:18:59-0800
2013-11-07T07:18:59-0800
2013-11-08T07:18:59-0800

Finally, finally

Example: removing temporary files

Finally, finally


function do_something() {
  $temp = tempnam('/tmp', 'foo');

  try {
    ...
    unlink($temp);
  } catch (FrameworkException $e) {
    ...
    unlink($temp);
  } catch (Exception $e) {
    unlink($temp);
    throw $e;
  }
}

Finally, finally


class TemporaryFile {
  function __construct($directory, $prefix) {
    $this->file = tempnam($directory, $prefix);
  }

  function __destruct() { unlink($this->file); }
  function __toString() { return $this->file; }
}

function do_something() {
  $temp = new TemporaryFile('/tmp, 'foo');
  try { ... }
  catch (FrameworkException $e) { ... }
}

Finally, finally


function do_something() {
  $temp = tempnam('/tmp', 'FOO');

  try {
    ...
  } catch (FrameworkException $e) {
    ...
  } finally {
    unlink($temp);
  }
}

Finally, finally


function f() {
  try {
    return 'try';
  } finally {
    return 'finally';
  }
}

echo f();

Password hashing

Previous advice was to use crypt()
Easy to misuse

Password hashing


echo crypt('foo', '$2a$01234567890123456789a');

Password hashing


password_hash($password, $algo, $options)
password_verify($password, $hash)
password_get_info($hash)
password_needs_rehash($hash, $algo, $options)

Password hashing


// Creating a hash:
$hash = password_hash($passwd, PASSWORD_DEFAULT);

// Verifying a password:
if (password_verify($passwd, $hash)) {
  // do stuff
}

Password hashing


$2y$10$6z7GKa9kpDN7KC3ICW1Hi.fdO/to7Y/x36WUKNPOIndHdkdR9Ae3K

Password hashing


$2y$10$6z7GKa9kpDN7KC3ICW1Hi.fdO/to7Y/x36WUKNPOIndHdkdR9Ae3K

Hash type

Password hashing


$2y$10$6z7GKa9kpDN7KC3ICW1Hi.fdO/to7Y/x36WUKNPOIndHdkdR9Ae3K

    Hash options

Password hashing


$2y$10$6z7GKa9kpDN7KC3ICW1Hi.fdO/to7Y/x36WUKNPOIndHdkdR9Ae3K

       Randomly generated salt

Password hashing


$2y$10$6z7GKa9kpDN7KC3ICW1Hi.fdO/to7Y/x36WUKNPOIndHdkdR9Ae3K

                             Hashed data

Password hashing

PASSWORD_DEFAULT is equivalent to PASSWORD_BCRYPT right now
password_hash() hashes are forward compatible
PASSWORD_DEFAULT may change in new versions

Password hashing


// Verifying a password:
if (password_verify($passwd, $hash)) {
  // do stuff

  if (password_needs_rehash($hash, PASSWORD_DEFAULT)) {
    // rehash with password_hash() and save
  }
}

Password hashing

Compatibility library on GitHub for PHP 5.3.7 and later
Search for password_compat

OPcache

Opcode caching
Bundled with PHP 5.5
Based on Zend Optimizer+

OPcache


zend_extension=${extension_dir}/opcache.so

OPcache


opcache.memory_consumption=128
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=4000
opcache.revalidate_freq=60
opcache.fast_shutdown=1
opcache.enable_cli=1

http://php.net/opcache.installation

OPcache

	5.4	5.5	5.5 + OPcache
php.net	78.77	77.23	134.09
Laravel 4.0.9	30.07	29.51	161.83
WordPress 3.7.1	9.27	9.44	31.66

Requests per second
mod_php on Apache 2.2.16

foreach unpacking


$array = [[1, 2], [3, 4]];
foreach ($array as $item) {
  list($a, $b) = $item;
  // ...
}

foreach unpacking


$array = [[1, 2], [3, 4]];
foreach ($array as list($a, $b)) {
  // ...
}

empty()


empty(my_function());

Literal dereferencing


var_dump([1, 2, 3][0]);
var_dump('PHP'[0]);

Literal dereferencing


var_dump([1, 2, 3][0]);
var_dump('PHP'[0]);


1
P

::class


namespace Name\Space;
class ClassName {}

echo ClassName::class;

::class


namespace Name\Space;
class ClassName {}

echo ClassName::class;


Name\Space\ClassName

Immutable DateTime

Called DateTimeImmutable
Mutator methods such as add(), modify() and sub() return a new object
Otherwise works just like DateTime

Windows support

Windows XP and 2003 support dropped

Case insensitivity

PHP used to fold method and function names on a locale specific basis
Not such a good idea

Case insensitivity

ASCII rules are now used
May cause issues in non-English codebases that relied on accented or non-Latin case folding

Case insensitivity


function función() {}

FUNCIÓN();

pack() and unpack()

The a and A format codes behave like Perl now
Slight incompatibility; use Z for the old behaviour

mysql → PDO


$db = mysql_connect('localhost', 'user', 'pass');
mysql_select_db('db', $db);
$id = mysql_real_escape_string($_GET['id'], $db);
$st = mysql_query("SELECT name FROM user WHERE id = $id");

while ($row = mysql_fetch_assoc($st)) {
  echo "Hi, $row[name]!";
}

mysql → PDO


$db = mysql_connect('localhost', 'user', 'pass');
mysql_select_db('db', $db);
$id = mysql_real_escape_string($_GET['id'], $db);
$st = mysql_query("SELECT name FROM user WHERE id = $id");

while ($row = mysql_fetch_assoc($st)) {
  echo "Hi, $row[name]!";
}

mysql → PDO


$db = new PDO('mysql:host=localhost;dbname=db', 'user', 'pass');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$st = $db->prepare('SELECT name FROM user WHERE id = :id');
$st->execute(['id' => $_GET['id']]);

while ($row = $st->fetch(PDO::FETCH_ASSOC)) {
  echo "Hi, $row[name]!";
}

preg_replace() /e modifier


preg_replace(
  '(<h([1-6])>(.*?)</h\1>)e',
  '"<h$1>" . strtoupper("$2") . "</h$1>"',
  $html
);

preg_replace() /e modifier


preg_replace_callback(
  '(<h([1-6])>(.*?)</h\1>)',
  eval('"<h$1>" . strtoupper("$2") . "</h$1>"'),
  $html
)

preg_replace() /e modifier


preg_replace_callback(
  '(<h([1-6])>(.*?)</h\1>)',
  eval('"<h$1>" . strtoupper("$2") . "</h$1>"'),
  $html
)

preg_replace() /e modifier


preg_replace_callback(
  '(<h([1-6])>(.*?)</h\1>)',
  function (array $matches) {
    return "<h$matches[1]>"
          .strtoupper($matches[2])
	  ."</h$matches[1]>";
  },
  $html
)

Getting PHP 5.5

Shared hosting: ask your provider
(Maybe consider a VPS)

Getting PHP 5.5

Debian: available in Jessie and Sid, and in Dotdeb for both Squeeze and Wheezy
Ubuntu: available in Ubuntu 13.10 and Ondřej Surý's php5-experimental PPA
RHEL/CentOS: available in Remi Collet's remi-php55 repo

Getting PHP 5.5

Windows: builds available at http://windows.php.net/download/
OS X: in homebrew-php as php55

Getting PHP 5.5

Compile from source
Does require lots of library dependencies
apt-get build-dep php5 is your friend on Debian-based distros

PuPHPet

https://puphpet.com
Uses Vagrant and Puppet to provide PHP development VMs
Supports PHP 5.5 on Debian Wheezy and Ubuntu 10.04 and 12.04

Variadic functions


function query($query, ...$params) {
    foreach ($params as $param) {
        $this->setParameter($param);
    }
}

Variadic functions


function query($query, DateTime ...$params) {
    foreach ($params as $param) {
        $this->setParameter($param);
    }
}

Variadic functions


function query($query, DateTime &...$params) {
    foreach ($params as $param) {
        $this->setParameter($param);
    }
}

Variadic functions

Only one variadic parameter
Must be the last parameter

Calls from incompatible context


class A {
    function foo() { // $this is B, not A }
}

class B {
   function bar() { A::foo(); }
}

(new B)->bar();

Other hotness

File uploads >2 GB are supported
GMP uses objects instead of resources

Questions?

PHP 5.5 Migration Guide: http://php.net/migration55
password_compat: https://github.com/ircmaxell/password_compat
Generator examples: https://github.com/nikic/iter
Slides: http://www.adamharvey.name/tnphp/