image blog zend guide php 7-2
July 16, 2020

Guide to PHP 7.2

PHP Development
State of PHP

PHP 7.2 brought a number of incremental improvements to PHP, providing more consistency and predictability as well as a continued focus on security.

In this article, we look at the details of the PHP 7.2 release, including release date, EOL dates, features, improvements, deprecations, and performance.

Editor's Note: PHP 7.2 is now EOL. Explore PHP LTS options here >>

What Is PHP 7.2?

PHP 7.2 was the second major release on the PHP 7 series and included a variety of new features and deprecations, as well as performance and security improvements.

PHP 7.2 Release Date

PHP 7.2.0 was released to the public on November 30, 2017. 

PHP 7.2 EOL Dates

PHP 7.2 received active support until November 30, 2019, and is now receiving security updates only until it reaches end-of-life on November 30, 2020. Considering a migration from PHP 7.2? Be sure to watch this webinar on enterprise PHP upgrades.

PHP 7.2 Features

The features of PHP 7.2 can be lumped into several categories: syntax improvements and enhancements, security improvements, and deprecations.

Syntax Improvements and Enhancements

The first major enhancement is to the rules used to allow or disallow type widening or narrowing when overriding a method signature. In previous versions of PHP:

  • You could not change type hints for method arguments, even if the new type hint allowed the original type (contravariance, or type widening).
  • You could only add a return type hint if the original had not defined one (implying “mixed”; this is covariance, or type narrowing).

With PHP 7.2, you can now change the type hint for an argument so long as a value honoring the original type hint is accepted, and change the return type hint so long as the value returned satisfies the original type hint. As an example:

interface Animal
{
    public function vocalize(string $sound);
}

class Canine implements Animal
{
    public function vocalize($sound): string
    {
    }
}

In the above example, the overridden “vocalize” method will no longer raise PHP errors because: a “string” argument (as defined in the interface) passed to it is still accepted, and a “string” return value still satisfies the original return value (“mixed”, which includes “string”).

Also of note: when an abstract class extends another abstract class, they can now override abstract methods from the parent abstract class. This allows modifying the signature per the above rules, creating in effect two signatures, valid in different contexts.

Speaking of methods and type hints, PHP 7.2 also introduces the object type. This type can be used to indicate an object of any type is accepted as an argument or will be returned from the method:

function reflectAnObject(object $object): object
{
    return $object instanceof Reflector ? $object : new ReflectionObject($object);
}

When your method has a lot of arguments, you may find yourself splitting them into multiple lines, one per line. A common practice when defining arrays is to have the last item include a trailing comma, which allows for simpler “diff” results when re-ordering items (as adding an item at the end only results in adding a line, versus adding a line and changing the line previous). However, prior to PHP 7.2, if you did this with an argument list — or interface list, or trait list, or grouped namespaces — this would result in a parser error. PHP 7.2 allows you to provide the trailing comma in each of these contexts.

public function acceptManyValues(
    $value1,
    $value 2,
    $value3, // NOTE: trailing comma!
): void {
}

Finally, a number of improvements were made to usage of the “count()” function. First, the ZipArchive class now implements the Countable interface, allowing you to call count() on it in order to determine the number of items it contains. Second, when passing a value that is scaler, null, or an object not implementing Countable, count() now raises a warning; previously, it did not, which could lead to unexpected results.

Security

PHP has been gaining a reputation for using cutting-edge security practices in recent years. The 7.2 release continues this trend.

First, this release bundles the libsodium cryptography library, making PHP the first language to do so. Libsodium provides high-speed, secure encryption, decryption, and signing algorithms; having it bundled in PHP allows the language to use these directly to support its cryptography solutions.

Second, this release adds the Argon2 algorithm for password hashing, which is considered the state-of-the-art for such operations at the time of release.

Third, the language officially dropped the mcrypt extension. The extension had been essentially abandoned years ago, and with new features such as libsodium, bcrypt, and others, obsolete.

Deprecations

As languages evolve, some features become obsolete, or better solutions arise; PHP is no different! In 7.2, the following items were each deprecated:

  • The _autoload() function is superseded by spl_autoload_register(), and will throw a deprecation notice if used.
  • When raising a non-fatal error, PHP has always set a $php_errormsg value in the current scope. You should use error_get_last() to retrieve this value instead.
  • parse_str() will now raise a deprecation error if called without its second argument (which provides a variable reference into which to store results).
  • assert() with a string argument is now deprecated, as it can lead to a remote code execution vulnerability.
  • gmp_random() is considered platform-dependent, and deprecated in favor of gmp_random_bits() and gmp_random_range().
  • each() is now deprecated in favor of foreach() (which is 10 times faster).
  • create_function() is deprecated due to a combination of poor performance and security issues; users should migrate to usage of closures instead.

PHP 7.2 Performance

As has become common in the PHP 7 series, PHP 7.2 increases runtime performance. Baseline performance increases 11-12% over PHP 7.1. For Wordpress applications you will see around an 11% increase in the number of requests per second handled, Drupal users will see a 3% increase, and Magento users will see a 7% increase.

Additional Resources

Want to learn more about the latest in PHP versions? Our on-demand webinar on PHP 7.4 looks at the latest features, performance improvements, and changes to PHP in this latest release.

If you want to learn more about the PHP 7.2 release, including the changelog, migration notes and new features, or view performance benchmarks, these resources are a great place to start

Keep Your PHP Supported Beyond the Community Support Lifecycle

Are you running an application on EOL PHP? Zend offers supported and secure PHP runtimes that can help keep your application compliant and safe. Learn more by clicking the button below.

Learn More About Zend PHP Runtimes