Guide to PHP 5.6
July 8, 2020

Guide to PHP 5.6

PHP Development

In this blog, we'll give a basic overview of PHP 5.6, including release and end of life dates, a breakdown of notable features, and notes on performance and security. Let's get started with the basics. 

What Is PHP 5.6?

PHP 5.6 was the last release branch in the PHP 5 series of releases. It brought in a number of new features, as well as deprecations in preparation for the 7.0 release.

PHP 5.6 marked the end of the road for PHP 5 versions and paved the way for PHP 7. Alongside some notable deprecations, it also introduced a handful of new features and a modest performance improvement over PHP 5.4. However, at over 6 years old, the release is out of long term support and has more than a handful of critical vulnerabilities and exceptions worth mentioning.

PHP 5.6 Release Date and EOL

PHP 5.6.0 was released on August 28, 2014, and the last version community supported version, 5.6.40, was released January 10, 2019. Zend by Perforce provides extended LTS support for 5.6 through at least December 2023.

PHP 5.6 Features

PHP 5.6 introduced a handful of new and improved features, including constant scalar expressions, variadic functions and argument unpacking, exponentiation, function and constant importing, and the addition of the (now largely abandoned) phpdbg debugger.

Constant Scalar Expressions

Prior to 5.6, constants could only be assigned scalar or array values. With 5.6, the language introduced the ability to assign a constant to the result of a scalar expression (I.e., an expression that uses only scalar values). This can be particularly useful when creating a constant value based on bitwise operations. As an example, if you wanted to set a constant to represent a union of JSON encoding flags, you could do the following:

public const ENCODING = JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE;

 

Variadic Functions and Argument Unpacking

Sometimes it makes sense to allow an unspecified number of arguments to a function or method; this sort of function is called a variadic function as it varies the number of arguments it accepts. A classic example is PHP’s own “array_merge()” function, which can take two or more arrays to merge. Another is when preparing a database statement, where you may want to allow zero or more placeholder replacements. Prior to PHP 5.6, you would need to use the “func_get_args()” function, along with “array_splice()”, in order to pull out any undefined arguments:

public function prepare($sql)
{
    $placeholders = func_get_args();
    $placeholders = count($placeholders) > 1 ? array_splice($placeholders, 1) : $placeholders;
    // … do some work
}

 

With version PHP 5.6, this becomes:

public function prepare($sql, …$placeholders)
{
    // … do some work
}

In the above example, “$placeholders” will be an array, and contain any additional arguments passed to the function.

Related to variadic functions syntactically is the concept of argument unpacking. Argument unpacking refers the idea of expanding an array to fill the defined arguments of a function. As an example, let’s say you have an array of arrays:

$setOfArrays = [
    $array1,
    $array 2,
    $array 3,
];

 

And now you want to merge them into a single array using “array_merge()”. Further, let’s say that the set of arrays is created dynamically, so you do not know how many will be present. Prior to PHP 5.6, you would have had to resort to either a loop or a recursive function:

$merged = [];
foreach ($setOfArrays as $array) {
    $merged = array_merge($merged, $setOfArrays);
}

 

With version 5.6, you can use argument unpacking. Argument unpacking uses the same syntax as variadic functions, but instead of using it in the signature of a function, it is used when calling the function:

$merged = array_merge(…$setOfArrays);

 

Exponentiation

If you ever needed to create an expression indicating X to the Yth power, you had to use the “exp()” function to do so. With 5.6, we now have a dedicated operator, “**”, and a related arithmetic assignment operator, “**=”:

$x = 2 ** 3;
$x = 2;
$x **= 3; // 2 to the 3rd power

 

Function and Constant Importing

PHP 5.3 gave the language namespaces. These allow developers to ensure that class names do not conflict, by allowing classes to be declared within a namespace. Namespaces also allow the definition of constants and functions. When you wish to use a namespaced class, you either refer to it by its fully qualified name (which is the results of concatenating the namespace and class name with the namespace separator (“\”)), or you import the namespace or class in your script:

use Laminas\Filter\StringTrim;

 

Before PHP 5.6, you could only import classes, though. With 5.6 came the power to also import functions and constants from namespaces. In each case, you add the keyword “function” or “constant” after “use”, and the recommendation is to group imports for classes, functions, and constants separately.

use Laminas\Filter\StringTrim;

use function trim;

use const JSON_PRETTY_PRINT;

 

phpdbg

PHP has largely relied on third-party extensions to supply debugger capabilities. In version 5.6, the language adds a native gdb-like debugger bundled as an alternative Server API (SAPI) by default.

PHP 5.6 Performance

Benchmarks demonstrate approximately 12% improvements across the board between PHP 5.5 and 5.6; these kind of numbers are definitely noticeable when your application is under load. That said, they trail significantly behind PHP 7, which consumes roughly half the memory and CPU resources, and responds roughly twice as fast.

PHP 5.6 Vulnerabilities

PHP 5.6 has been around for six years and accumulated a large number of security vulnerability reports along the way. More than two dozen of these reports are critical, involving remote code execution vulnerabilities. The PHP project actively mitigated these vulnerabilities until the version reached its end-of-life, and Zend continues to do so for newly discovered vulnerabilities in its Zend Server and ZendPHP Enterprise products.

Additional Resources

Want to get insight into more recent PHP releases? The links below are worth a look.

Keep Your PHP 5.6 Application Safe and Secure

For some companies, migrating their application to the latest PHP version doesn't make financial sense. But running an outdated and unsupported PHP version can mean exposing your application and your company to substantial security risks.

For teams who need to maintain security and compliance on PHP 5.6, Zend offers fully-supported and secure PHP runtimes. Want to learn more?

Learn More About Secure PHP 5.6 Runtimes