Using an unparenthesized expression containing a "." before a "+" or "-" has been deprecated in PHP 7.4 and removed in PHP 8.0

PHPCompatibility Code

PHPCompatibility.Operators.ChangedConcatOperatorPrecedence.Found

Recommendation

Manually add parentheses where appropriate.

Explanation

$response = '1234567890';
$header = 'Content-length: ' . strlen($response) + 1;
header($header);

In PHP 5.6, $header would contain 1. In PHP 7.0 to 7.4, it would contain the same, but will also emit a deprecation warning. In PHP 8.0+, it will contain Content-length: 11.

The original behavior is most likely faulty. We can guess that the dev meant to send the Content-length: 11 header, but in reality, the dev was sending 1. This is because the original code concatenated first, producing 0. Therefore, 0 + 1 = 1.

The straightforward solution is to systematically add parentheses around the + or - expressions that were flagged by PHPCompatibility. In most cases, it would fix a bug previously unknown to the customer, but in rare cases it can also introduce new bugs. Thorough testing is needed.

Example with parentheses

$response = '1234567890';
header('Content-length: ' . strlen($response) + 1);

We wrap the arithmetic expression in parentheses, so that to get the correct number is concatenated:

$response = '1234567890';
header('Content-length: ' . (strlen($response) + 1));

Although this fixes the warning, it could potentially change the behavior and have an impact later during execution, so it's important to thoroughly test the impact of these changes.