1. Improved Performance: PHP 7.3 offers improved performance over previous versions, with an average of 25% faster execution time.
2. Improved Error Handling: PHP 7.3 introduces a new error handling mechanism, allowing developers to better handle errors and exceptions.
3. Improved Security: PHP 7.3 includes a number of security enhancements, including improved password hashing and better protection against cross-site scripting attacks.
4. Improved Syntax: PHP 7.3 introduces a number of new syntax features, including the ability to define scalar type declarations, return type declarations, and the null coalescing operator.
5. Improved Support for Unicode: PHP 7.3 adds support for the Unicode 10.0 standard, allowing developers to use the latest Unicode characters in their applications.
6. Improved Support for PHP Extensions: PHP 7.3 adds support for a number of new extensions, including the Sodium cryptography library, the Libsodium extension, and the Libsodium PECL extension.
As of December 6th, 2018, the latest and greatest version, PHP 7.3 is here! With it comes new useful features, functionalities, deprecations, a good number of bug fixes, and a boost in performance. PHP 7.3 is also now available to all Kinsta clients in the MyKinsta dashboard. ?
Update: PHP 8.1 (official release) is now available to all Kinsta clients. PHP 7.3 is no longer supported at Kinsta. Please note that we support PHP versions 8.0 and 8.1.
In this post, we’ll provide an overview of the features and changes that we personally consider most relevant. But you can always check the full list of features, changes and bug fixes in PHP 7.3 upgrade notes and PHP 7.3 Requests For Comments.
What’s New in PHP with PHP 7.3?
In this post we’re covering the following PHP 7.3 changes:
Flexible Heredoc and Nowdoc Syntaxes
This is probably one of the most relevant improvements coming with PHP 7.3, and we think it deserves a little more attention. So, before diving into PHP 7.3 heredoc/nowdoc changes, we’ll provide a quick overview of this useful core feature. If you are already confident with nowdoc and heredoc, feel free to jump to the PHP 7.3 changes.
An overview of heredoc and nowdoc syntaxes
The heredoc syntax provides a way of adding a large amount of text without the need to escape things like double quotes. A heredoc starts with <<<
followed by a marker, and ends with the same marker followed by a semicolon. Here is an example:
print <<<EOT
Heredoc text behaves just like a double-quoted string, without the double quotes.
EOT;
A nowdoc behaves much like a heredoc, with some exceptions:
- The identifier is enclosed in single quotes (
<<<'EOT'
) - No parsing is done inside a nowdoc
Here is an example of nowdoc:
print <<<'EOT'
Nowdocs are to single-quoted strings what heredocs are to double-quoted strings.
EOT;
Heredocs and nowdocs share the same rules regulating the usage of the closing marker:
- The closing marker must begin in the first column of the line
- The marker must follow the same naming rules as any other label in PHP: it must contain only alphanumeric characters and underscores, and must start with a non-digit character or underscore.
The PHP Manual warns:
It is very important to note that the line with the closing identifier must contain no other characters, except a semicolon (;). That means especially that the identifier may not be indented, and there may not be any spaces or tabs before or after the semicolon. It’s also important to realize that the first character before the closing identifier must be a newline as defined by the local operating system. This is
\n
on UNIX systems, including macOS. The closing delimiter must also be followed by a newline.
PHP 7.2 invalid syntax:
class foo {
public $bar = <<<EOT
bar
EOT;
}
// Identifier must not be indented
PHP 7.2 valid syntax:
class foo {
public $bar = <<<EOT
bar
EOT;
}
To keep it short, in PHP 7.2:
- The closing marker may not be indented
- The line with the closing marker may not contain characters like spaces or tabs
- The first character before the closing marker must be a newline
- The closing marker must be followed by a newline
It’s clear enough that heredoc and nowdoc syntaxes are quite restrictive, but PHP 7.3 may change this a little with the following improvements.
1. Allow for the closing marker to be indented and for the leading whitespace to be stripped
With PHP 7.3 we are allowed to indent the closing marker, and we can safely write the following code:
class foo {
public $bar = <<<EOT
bar
EOT;
}
The indentation of the closing marker sets the amount of whitespace (or tabs) that will be stripped from each line of the body. But be careful: the closing marker should never be indented further than any other line of the body.
See the code below:
class foo {
public $bar = <<<EOT
bar
EOT;
}
The code above would issue the following parse error:
Parse error: Invalid body indentation level (expecting an indentation at least ...) in %s on line %d
Stripping tabs and whitespaces allow us to indent the body of the heredoc/nowdoc to the same level of the code around, and without unnecessary whitespace before each line of the body.
We can use both tabs and spaces for indentation, but we are not allowed to use them intermixed. This means that we must use the same indentation characters for the closing marker and any lines of the body. In case of different indentation characters, we’d expect a different type of parse error (invalid indentation).
2. Remove the Trailing New Line Requirement From the Closing Marker
Currently, a new line must follow the marker in order to terminate the heredoc/nowdoc. PHP 7.3 would change this and would allow us to terminate the heredoc/nowdoc on the same line. Here is an example from the RFC:
PHP 7.2 valid syntax:
$values = [<<<END
a
b
c
END
, 'd e f'];
PHP 7.3 valid syntax:
$values = [<<<END
a
b
c
END, 'd e f'];
Anyway, be careful when choosing the name of your marker because “occasionally” you may expect an error if it matches a word you used in the body of the heredoc/nowdoc (read more on this on the RFC and GitHub).
Both proposals passed with more than 2/3 votes.
PHP 7.3 RFC
Additional Resources
Allow a trailing comma in function calls
Trailing commas (or “final commas”) are commas appended to a list of elements, parameters or properties and they come in handy in contexts where new values are appended frequently because they prevent errors due to a missing comma. In PHP trailing commas are allowed in arrays, and as of PHP 7.2 they are allowed in grouped namespaces.
As of PHP 7.3, trailing commas would be allowed in function declarations. Variadic functions provide an example of context where trailing commas are extremely useful:
foo(
$bar,
$baz,
);
We can use a trailing comma when we are creating an array with compact()
, in order to return a formatted string with sprintf()
, or when merging an array:
$newArray = array_merge(
$arrayOne,
$arrayTwo,
['foo', 'bar'],
);
Also, trailing commas would be useful for debugging:
var_dump(
$foo,
$bar,
$baz,
);
And they are powerful with unset()
and isset()
:
unset(
$foo,
$bar,
$baz,
);
isset(
$foo,
$bar,
$baz,
);
Trailing commas will be allowed in method calls and enclosures, as well.
Note: This change would affect function calls only. Function declaration syntax will not change. Moreover, free-standing commas, multiple trailing commas, and leading commas will not be allowed.
Additional examples can be found on the RFC page. This RFC passed with a 30 to 10 vote.
PHP 7.3 RFC
JSON_THROW_ON_ERROR
One of the most appreciated functionalities coming with PHP 7.3 provides a new way of handling JSON errors. This is not a core feature, but an addition to the JSON extension that would change the error behaviour of json_decode() and json_encode().
Currently, json_decode()
returns null
on error, but null
can also be a valid result. This could be confusing, because
It is only possible to know if an error occurred by calling
json_last_error()
orjson_last_error_msg()
, which return the global error state in machine-readable and human-readable forms respectively. – PHP RFC
json_encode()
returns FALSE
on error. This is clearer because there is a specific error value. Anyway, both functions neither halt program execution on error, nor throw any warning.
With that being said, here is the proposal for PHP 7.3:
This RFC instead proposes adding a new option flag value for
json_decode()
andjson_encode()
,JSON_THROW_ON_ERROR
. When passed this flag, the error behaviour of these functions is changed. The global error state is left untouched, and if an error occurs that would otherwise set it, these functions instead throw aJsonException
with the message and code set to whateverjson_last_error()
andjson_last_error_msg()
would otherwise be respectively.
Here is an example showing a simple way of throwing a JSON error:
try {
json_decode("{", false, 512, JSON_THROW_ON_ERROR);
}
catch (\JsonException $exception) {
echo $exception->getMessage(); // echoes "Syntax error"
}
Throwing an exception upon error would give several advantages that you’ll find listed on the RFC.
Note: an invalid depth parameter passed to json_decode()
outputs a warning and returns NULL
. This behaviour will not be affected by JSON_THROW_ON_ERROR
. Similarly, parameter parsing errors are not affected by JSON_THROW_ON_ERROR
and continue to produce warnings.
This proposal passed with 23 to 0 votes.
PHP 7.3 RFC
Additional Resources
list() Reference Assignment
What Does Reference Assignment Mean?
Consider the following line:
$b = &$a;
Here $b
gets the value of $a
, but that value is not copied from $a
to $b
. In PHP we can assign a value by reference, meaning that two variables may point to the same data, and every change to any variable affects the original data. Here is an example from the PHP manual:
<?php
$a = 3;
$b = &$a; // $b is a reference to $a
print "$a\n"; // prints 3
print "$b\n"; // prints 3
Now, let’s change the value of $a
:
$a = 4; // change $a
print "$a\n"; // prints 4
print "$b\n"; // prints 4 as well, since $b is a reference to $a, which has been changed
What Is The list() Construct and How It Changes With PHP 7.3
The list() language construct can be used to “assign variables as if they were in an array”, but with list()
we are not currently allowed to assign variable values by reference.
PHP 7.3 should change this allowing us to assign variables by reference also with the list()
construct, as shown in the following example:
$array = [1, 2];
list($a, &$b) = $array;
Which is the same as:
$array = [1, 2];
$a = $array[0];
$b =& $array[1];
The advantage of this proposal is that we could now assign multiple variables by reference, which was not currently allowed. More examples are available on the RFC. This proposal passed with 17 to 7 votes.
PHP 7.3 RFC
Additional Resources
is_countable Function
Another useful feature coming with PHP 7.3 is the is_countable()
function. Up to PHP 7.2, we get an error when attempting to count() something that is not countable. For this reason, in order to avoid a warning, we are forced to add the following code:
if (is_array($foo) || $foo instanceof Countable) {
// $foo is countable
}
This RFC proposes the function is_countable(), which returns true
if the given variable is an array or it is a countable variable, false
otherwise. So, the code above could be changed as follows:
if (is_countable($foo)) {
// $foo is countable
}
This proposal passed with 25 to 0 votes.
PHP 7.3 RFC
Additional Resources
array_key_first(), array_key_last()
Currently, we can retrieve the first and the last key of an array by using reset(), end() and key() functions. Unfortunately, with these functions, there’s no way to gather the first or the last index of an array without changing its internal state. Other options usually reduce code readability and performance.
This proposal would change this scenario by adding two new functions to PHP core:
array_key_first()
array_key_last()
As of PHP 7.3, array_key_first()
and array_key_last()
allow to retrieve the first and the last key of a given array without affecting the internal array pointer. These new functions would allow us to write less complex code and in some cases avoid errors. See the RFC for further information and several examples.
array_key_first()
and array_key_last()
have been approved with 18 to 14 votes.
Note: the original RFC proposed two more functions, array_value_first()
and array_value_last()
, which were voted in a different poll, but haven’t been approved and won’t become parte of PHP core.
PHP 7.3 RFC
Additional Resources
Argon2 Password Hash Enhancements
Argon2 is a hashing algorithm implemented in PHP 7.2 as an alternative to the Bcrypt algorithm. PHP 7.2 introduced the PASSWORD_ARGON2I
constant, available to be used in password_*
functions:
password_hash('password', PASSWORD_ARGON2I);
Since its first implementation, a new variant of Argon2 has been added, so, at the time of this writing, Argon2 comes in three variants:
- Argon2d maximizes resistance to GPU cracking attacks. It is faster and uses data-depending memory access.
- Argon2i uses data-independent memory access, which is preferred for password hashing. It is slower as it makes more passes over the memory to protect from tradeoff attacks.
- Argon2id is a hybrid version that combines the Argon2i approach for the first pass over memory, and the Argon2d approach for subsequent passes.
Argon2id is recommended on the Internet, except when there are good reasons to specifically prefer another variant.
The new RFC proposes the implementation of Argon2id within the password_* functions with the new PASSWORD_ARGON2ID
constant:
password_hash('password', PASSWORD_ARGON2ID);
The implementation is identical to the Argon2i implementation, and will accept the same cost factors:
- A memory cost which defines the number of KiB that should be consumed during hashing (default values are 1<<10, or 1024 KiB, or 1 MiB)
- A time cost that defines the number of iterations of the hashing algorithm (defaults to 2)
- A parallelism factor, which sets the number of parallel threads that will be used during hashing (defaults to 2)
See the following code:
$options = ['memory_cost' => 1<<11, 'time_cost' => 4, 'threads' => 2];
password_hash('password', PASSWORD_ARGON2ID, $options);
More information and examples on the RFC.
PHP 7.3 RFC
Additional Resources
Deprecations
The following functions/functionalities will be deprecated with PHP 7.3 and removed not later than PHP 8.0.
Deprecate and Remove image2wbmp()
The image2wbmp() function outputs or save a WBMP version of a given image. This function takes three arguments: an image resource, a filename (the path to the saved file), and a foreground color.
As of PHP 5.0, it is identical to imagewbmp(), so this RFC proposes to deprecate and remove it.
Since PHP 7.3, each call to image2wbmp()
would issue a deprecation warning. After the removal, each call would throw a fatal error.
PHP 7.3 RFC
Deprecate and Remove Case-Insensitive Constants
PHP currently supports both case-sensitive and case-insensitive constants. Anyway, case-insensitive constants are supported but considered subject to inconsistencies in functionalities and to be complex to use.
This proposal begins with the following premises:
- class constants are always case-sensitive
- global constants declared with
const
are always case-sensitive - constants defined with
define()
are case-sensitive by default
In addition, the PHP Language Reference explicitely states:
A constant is case-sensitive by default. By convention, constant identifiers are always uppercase.
That being said, this RFC proposes the following changes:
- Deprecate calling
define()
with third parameter set totrue
– PHP 7.3 - Deprecate accessing case-insensitive constants with a casing different from the declaration (with the exception of
true
,false
andnull
) – PHP 7.3 - Remove the possibility to declare case-insensitive constants – PHP 8.0
- Convert
true
,false
andnull
from special-cased constants into reserved keywords – PHP 8.0
PHP 7.3 RFC
Deprecate and Remove Case-Insensitive Constants.
Additional Deprecations for PHP 7.3
Here is a quick list of functionalities being deprecated in PHP 7.3. It’s not exhaustive, they’re just the deprecation proposals I personally consider more relevant. For a full list of proposed deprecations, see Deprecations for PHP 7.3.
Undocumented mbstring function aliases: there’s a number of undocumented mbstring function aliases that are duplications of equivalent functions using mb_
prefix. For example, mbereg
is an alias of mb_ereg
.
All these functions would be marked as deprecated and a deprecation notice would be thrown when they are encountered during compilation.
String search functions with integer needle: these functions usually operate on string needles. If a non-string needle is given, it is converted to an integer and applied as the ordinal value of a character (read more on the PHP manual). Here is an example from the RFC:
$str = "There are 10 apples";
var_dump(strpos($str, "10")); // int(10)
var_dump(strpos($str, 10)); // bool(false)
This is considered to be confusing and cause unpredictable issues because the type can change with the user data source. For this reason, the RFC proposes the issue of a deprecation warning if a non-string needle is passed to one of the following functions:
strpos
strrpos
stripos
strripos
strstr
strchr
strrchr
stristr
In PHP 8.0, the deprecation warning should be removed and the needles should be automatically converted into strings.
fgetss()
function and string.strip_tags
stream filter: fgetss()
and string.strip_tags
strip tags from a stream as they read it. Both the function and the filter expose the strip_tags() functionality making the implementation of strip_tags()
more complex, as a streaming state machine is required. Additionally, the RFC points out another disadvantage of these functions:
On the other hand, these functions seem to be of very little utility.
strip_tags()
itself, due to its limitations and known bugs, already has very few legitimate applications. There is no need to provide native support for streaming application on top of that.
So the RFC proposes to mark fgetss()
, gzgetss()
and SplFileObject::fgetss()
as deprecated.
What Does PHP 7.3 Mean for WordPress Users?
According to the official WordPress Stats page, as of writing this, only 32.9% of WordPress users have upgraded to PHP 7 or higher. Just 4% are using PHP 7.2. You can see that a large majority of users, over 38%, are still running on PHP 5.6. What’s even scarier is that over 28.5% of users are using unsupported PHP versions. As of December 2016, WordPress.org actually bumped up their official recommendation for users from PHP 5.6 to PHP 7 or greater.
PHP 7 Performance
The numbers above are especially discouraging coming from a performance point of view, as PHP 7 has shown to be significantly faster. Here are a few stats:
- Official PHP benchmarks show that PHP 7 allows the system to execute twice as many requests per second in comparison with the PHP 5.6, at almost half of the latency.
- Christian Vigh also published a PHP performance comparison in which he found that PHP 5.2 was 400% slower than PHP 7.
We ran our own PHP performance benchmarks. And similarly to the benchmarks above, we saw that WordPress 5.0 on PHP 7.3 could execute almost three times as many transactions (requests) per second as compared to PHP 5.6.
- WordPress 5.0 PHP 5.6 benchmark: 91.64 req/sec
- WordPress 5.0 PHP 7.0 benchmark results: 206.71 req/sec
- WordPress 5.0 PHP 7.1 benchmark results: 210.98 req/sec
- WordPress 5.0 PHP 7.2 benchmark results: 229.18 req/sec
- WordPress 5.0 PHP 7.3 benchmark results: 253.20 req/sec ?
It’s also interesting to note that WordPress 4.9.8 on PHP 7.3 was slightly faster than WordPress 5.0.
- WordPress 4.9.8 PHP 5.6 benchmark: 97.59 req/sec
- WordPress 4.9.8 PHP 7.0 benchmark results: 221.42 req/sec
- WordPress 4.9.8 PHP 7.1 benchmark results: 233.78 req/sec
- WordPress 4.9.8 PHP 7.2 benchmark results: 250.36 req/sec
- WordPress 4.9.8 PHP 7.3 benchmark results: 276.31 req/sec ?
Many are slow to update simply because of the time involved with testing new all their third-party plugins and themes to ensure they function properly. But a lot of times, it comes down to they simply haven’t done it yet.
Checking Your PHP Version
Not sure what version of PHP you’re running? One of the easiest ways to check is to use a tool like Pingdom or Google Chrome Devtools. The first HTTP request header will typically show you the version.
This relies on the host not modifying the X-Powered-By
header value. If they do, you might not see your PHP version. In which case, you could also install a free plugin like Version Info which will show you some basic server information in the footer of your WordPress admin dashboard.
Alternatively, you could also upload a file via FTP to see your PHP version, or reach out to your host and ask.
Updating to PHP 7.3
The final version of PHP 7.3 is here and you can start testing it right away. You could test your WordPress site locally or check your scripts in an environment like Docker, which allows you to test different versions of PHP from the command line.
Or you can utilize a staging environment, as this will more closely resemble a live production site. Create a staging environment with a few simple clicks in the MyKinsta dashboard.
We always recommend testing thoroughly before using it on a production site. To do so, simply change the PHP Engine for the staging site under “Tools” and you can start testing to ensure compatibility of your third-party plugins and themes.
Once you confirm everything works, you can either change your production site over to PHP 7.3 or if you’ve made any changes, also push your staging site to live.
Summary
The latest and greatest version of PHP is here. It bring us gifts like flexible heredocs and nowdocs, trailing commas in function calls, list()
reference assignments and more. In this post, we’ve provided an overview of our favorite improvements and changes, but we would also like to know which are your favorite ones, and in which ways you’ll take advantage of them. Let us know in the comments below. And don’t forget PHP is not dead!
You can find the full list of PHP 7.3 proposals on the Requests For Comments page and GitHub’s PHP 7.3 Upgrade Notes.
Get all your applications, databases and WordPress sites online and under one roof. Our feature-packed, high-performance cloud platform includes:
- Easy setup and management in the MyKinsta dashboard
- 24/7 expert support
- The best Google Cloud Platform hardware and network, powered by Kubernetes for maximum scalability
- An enterprise-level Cloudflare integration for speed and security
- Global audience reach with up to 35 data centers and 275 PoPs worldwide
Get started with a free trial of our Application Hosting or Database Hosting. Explore our plans or talk to sales to find your best fit.