The 30th November 2017 is scheduled the relase of PHP 7.2. This new version becomes after 6 months of testing with 3 alpha, 3 beta, and 6 RC versions. In this post, I'll present some of the new features.
Performance
As we known, PHP 7 introduced a big performance improvement compared with PHP 5. The benchmarks reported an average improvement of 2x for the execution time and a great reduction of the memory consumption (10x in some cases).
This performance boost took PHP to be one of the fast interpreted language in the world (see Figure below).
PHP 7.2 introduces again some performance improvement. According to the benchmark published by Michael Larabel, PHP 7.2 is 20% faster than 7.0 and 10% faster than 7.1 (see Figure below).
Object type
PHP 7.2 introduces the usage of the object type. This new scalar type can be used to represent PHP objects. As an example:
function test(object $obj) : object
{
return new SplQueue();
}
test(new StdClass());
The function test accepts an object parameter ($obj) as input and returns an object value. In the example, we used a StdClass object as input and we returned a SplQueue object as output.
The introduction of the object type fills a previous PHP gap by adding object as scalar type of the language. This new type can be useful in all cases where we need to handle objects of different classes.
Abstract and interface method override
PHP 7.2 allows the overriding of methods in abstract classes and interfaces. In detail, we can omit the type declaration of a parameter in an abstract extended method (contravariance) and we can add the type hint for a return value (covariance).
As an example, using abstract:
abstract class A
{
abstract function test(string $s);
}
abstract class B extends A
{
abstract function test($s) : int;
}
In this example, we extended class A overriding the test function removing the type constrain of the parameter ($s). This overriding can be useful to extend an abstract class with more general input types.
As an example, using interface:
interface A
{
public function test(string $s);
}
class B implements A
{
public function test($s){}
}
This example shows how to change the implementation of an interface, removing the type hint of a parameter. This is called parameter type widening. The point of this feature for interfaces is to allow dropping a type when the underlying behavior is the same.
Argon2
PHP 7.2 introduces the support of the Argon2 algorithm for password hashing. This algorithm is the state of art for secure password storing. It's considered more secure of bcrypt, the default algorithm used by password_hash() function of PHP. Argon2 has been developed to prevent brute force attacks even if performed using parallel CPU architectures, like GPU.
PHP implemented the Argon2i version of the algorithm, that is considered the more secure for password hashing. In order to use it, we need to specify the PASSWORD_ARGON2I constant in the password_hash() function. As an example:
$password = 'test';
$hash = password_hash($password, PASSWORD_ARGON2I);
var_dump($hash);
The $hash variabile will contain the hash of the 'test' password, a string of 98 characters like the follows:
$argon2i $v=19 $m=1024,t=2,p=2 $TmxLemFoVnZFaEJuT1NyYg $4j2ZFDn1fVS70ZExmlJ33rXOinafcBXrp6A6grHEPkI
This string contains 5 sections divided by dollar character ($). The first section contains the name of the algorithm (argon2i), the second the version of the algorithm (v=19), the third contains the parameters algorithm: the memory cost (in kB), the execution cost (t) and the degree of parallelism (p). The fourth section contains a random salt value and the last section contains the hash value.
This string of 98 characters can be stored in a database. We can verify if a user password corresponds to the stored hash using the password_verify() function of PHP.
Modern cryptography support
PHP 7.2 introduces Sodium, a new extension in the standard library for modern cryptography.
This new extension uses the libsodium library for advanced cryptography, like the support of Elliptic-curve cryptography (ECC).
PHP 7.2 is the first programming language to add modern cryptography to its standard library. For more information about the Sodium extension, read this post by Scott Arciszewski.
Added debug info for ext/PDO
The function PDOStatement::debugDumpParams returns debug information for a PDO SQL statement. PHP 7.2 added the raw SQL string generated by PDOStatement.
This SQL string is very useful for debugging because it contains the real SQL query sent to the database. As an example:
$pdo = new PDO(
'mysql:dbname=test;host=localhost',
'user',
'password'
);
$sth = $pdo->prepare("SELECT * FROM user WHERE active=:active");
if (! $sth->execute(['active' => true])) {
print_r($sth->errorInfo());
exit(1);
}
$sth->debugDumpParams();
PHP 7.2 will generate an output as follows:
SQL: [39] SELECT * FROM user WHERE active=:active Sent SQL: [35] SELECT * FROM user WHERE active='1' Params: 1 Key: Name: [7] :active paramno=-1 name=[7] ":active" is_param=1 param_type=2
The raw SQL generated by PDO is the Sent SQL string, in the second line.
New functions
PHP 7.2 introduces some new functions. Some of these are: ftp_append(), hash_hmac_algos(), imagesetclip(), imagegetclip(), imageopenpolygon(), imageresolution(), imagecreatefrombmp(), imagebmp().
For the complete list of new functions, you can read this page from php.net website.
Deprecated functions
PHP 7.2 deprecates some functions, some of these are: __autoload(), create_function(), gmp_random(), each(), assert() with a string parameter, parse_str() without the second parameter, png2wbmp(), jpeg2wbmp().
Conclusions
The new features of PHP 7.2 are quite a lot and interesting. In my opinion, the most significant are the introduction of the object type, the support of the Argon2i algorithm and the new cryptographic extension Sodium.
We look forward to use these new features in our PHP projects! Let's wait some more days, until 30th November 2017.
For more information about PHP 7.2 you can read the Migrating from PHP 7.1.x to PHP 7.2.x page from php.net.