PHP 6, the next major revision of the popular Web application development language, looms on the horizon and promises many changes. Learn what's new and what's obsolete and how to prepare your code for tomorrow.
It’s no secret that PHP has changed significantly since the earliest versions of PHP 4 were released almost a decade ago. Indeed, each major revision of PHP has required code changes, as language features were added, modified, and obsoleted. Depending on your PHP code, PHP 6 will be no exception.
Although PHP 6 isn’t yet available as a pre-built package, you can download and install a development snapshot of PHP 6 now to check out the new features and verify your scripts remain functional. Since PHP 6 removes some backwards-compatibility features (which, in the long term, is a good thing), you should test your existing code thoroughly.
Downloading and Building PHP 6
To compile, install, and run PHP 6, you must have the GNU make utility, a compiler such as gcc, some additional libraries to power new PHP features, and a Web server. Compiling and installing PHP 6 requires:
-
Apache with development headers, such as apache-prefork-dev. The threaded MPM version of Apache is not recommended for use by the PHP group for production use.
-
An International Component for Unicode (ICU) library, like libicu-dev
-
The XML2 development headers, libxml2-dev
These dependencies can be installed instantly on Ubuntu by typing:
$ sudo apt-get install apache-prefork-dev libicu-dev libxml2-dev
These few dependencies enable a bare-bones installation of PHP 6, without database, image, or FreeType 2 support.
You can get the latest PHP 6 source package from
"http://snaps.php.net">http://snaps.php.net. Save the source package as a file in your home
folder and unpack it:
$ tar -xzvf php6.0-[TSTAMP].tar.gz
(In the latter command, [TSTAMP] is the time stamp of the build you
downloaded.)
Change to the new directory created by tar and run the configure script:
$ cd php6.0-[TSTAMP]
$ ./configure --exec-prefix=/usr \
--with-apxs2=/usr/bin/apxs2 \
--with-config-file-path=/etc/php6
Since PHP 6 enables Unicode support, you must have an International
Component for Unicode library and headers. If necessary, the location of your ICU can specified with
the --with-icu-dir option to the configure script.
The --with-apxs2 option builds the Apache module. In this example,
the --exec-prefix and --with-config-file-path options
install the PHP files in locations more consistent with those of PHP 5, just for convenience.
After running the configure script, compile, test, and install the PHP 6 distribution:
$ make
$ make test
$ sudo make install
The tests take some time to run (as of the time of this writing, there are over 7,000 tests), but you will get better results if you verify the build. Since these are development snapshots and not intended for production, you should make sure the code doesn’t contain problems that will cause you issues later.
Verfiy the command line interpreter is installed correctly by typing:
$ php --version
If PHP 6 has been successfully installed and is in your execution path, you will see something
like this:
PHP 6.0.0-dev (cli) (built: Jun 30 2009 08:02:29)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v3.0.0-dev, Copyright (c) 1998-2009 Zend Technologies
After you’ve installed the PHP 6 binaries, you’ll need to verify that PHP 6 has been successfully installed as a module or extension to your web server. To make sure your web server is pointed to PHP 6, put the phpinfo() function in a file and point to it from the browser.
<?php phpinfo(); ?>
You should see the PHP 6 version at the top. Review the unicode section to make sure that unicode support is enabled and is the proper version.
Things to Change
Since PHP 6 removes some backwards compatibility features, your main concern is to make sure that your PHP scripts are up to date before upgrading your system. Following the tips in this section—like discontinuing the use of register_globals and magic_quotes—will not only help you get ready for PHP 6 but will also help you to make your code more secure.
In PHP versions prior to version 6, the register_globals setting allowed you to register “EGPCS” (Environment, GET, POST, Cookie, and Server) variables as global variables. For many reasons, using register_globals is a poor security practice that could lead to cross-site scripting holes. An attacker could populate a variable using a query string parameter (GET) where your script was originally looking for cookie values or POST variables. As a developer, you should be sure where your variables are coming from, whether it’s from a GET or POST method or from a cookie. As of PHP 5.3.0, the register_globals feature is deprecated, and as of PHP 6 it is completely removed.
Hence, code that used to look like this…
$myvar = $value // where did this come from, anyway?
… should now look like this:
$myvar = $_GET['value'];
The magic_quotes INI directive, when enabled, allowed PHP to do some level of escaping quotes in HTML input for you. Some developers use magic_quotes instead of SQL-implementation specific functions to avoid SQL injection attacks. However, doing so can lead to more problems than it solves. magic_quotes are rumored to be turned off completely in PHP 6, so functions like magic_quotes_gpc() won’t work as expected.
Review your code carefully to determine how you’re handling input. If you rely on magic_quotes, make sure to replace that code with the appropriate functions for your database implementation or other output—such as mysql_escape_string() (for a MySQL implementation) or addslashes() (for other implementations that require escaped strings).
The best practice for running database statements is to prepare the statement, like this:
<?php
$statement = $dbh->prepare("DELETE FROM USERS WHERE USERNAME = ?");
$statement->execute(array($_GET['username']));
?>
The arrays HTTP_*_VARS, which are replaced by shorter array names, are completely removed in PHP 6. If the register_long_arrays setting is declared in the INI, PHP 6 emits an error of type E_CORE_ERROR.
To update your code to be ready for PHP 6, replace all instances of the long arrays with the shorter array names.
| Long Array |
Replace With |
$HTTP_GET_VARS |
$_GET |
$HTTP_POST_VARS |
$_POST |
$HTTP_ENV_VARS |
$_ENV |
$HTTP_SERVER_VARS |
$_SERVER |
$HTTP_COOKIE_VARS |
$_COOKIE |
Unicode Support
PHP 6 offers Unicode support for Unicode characters in input, output, processing files, and for PHP scripts themselves. The most common of the Unicode encodings is UTF-8, which is the default encoding for many of the PHP 6 functions.
Although Unicode support is a useful addition to PHP 6, it might not be required for your environment. If you want to disable Unicode, use the unicode.semantics key in the PHP INI:
unicode.semantics = Off
The Unicode encoding can be set by the INI keys:
| Unicode INI setting |
Purpose |
| unicode.output_encoding |
Sets the site-wide default encoding for text sent to standard output |
| unicode.filename_encoding |
Sets the encoding for file and directory names. |
| unicode.script_encoding |
Sets the encoding for the PHP scripts themselves. |
| unicode.runtime_encoding |
Sets the encoding used in the PHP runtime when converting binary strings |
Comments on "Get Ready for PHP 6"
Oh, great, another way for us to break our web applications. Boy, I can\’t wait to be first in line to have that happen.
It\’s about time. PHP has suffered from some of the cruft hanging around in its codebase for a long time. If people finally have to fix their crappy apps that were still using register_globals, then PHP 6 is worth the upgrade pains.
Backwards compatibility is great, but when old code is written in an inherently insecure way, the only solution is to break from the past, and suffer the short term pain. The long term gain is worth it.
PHP 6 may be a big upgrade, but it\’s not that huge of a shift in terms of language design. Python 3 was a bigger change, and don\’t even mention Perl 6 which is a completely new language (one which I support by the way.)
So stop moaning how PHP 6 is going to break your applications. If it does, then they weren\’t well written to begin with. Bring on the new!
+1 for getting rid of some of the more egregious legacy cruft from the PHP3/4 days.
-1 for the absolutely asinine namespace implementation; several other languages (Python, C#, Eiffel) do the equivalent much better.
-1 for making Mac OS X a third-class citizen (behind Linux and Windows); updates/upgrades are a hundred times more difficult/painful/risky than on any other platform.
Having nearly finished (yet another) book on PHP-based Web development, maybe I should go pick up mod_python again. I don\’t drink or do drugs, so Rails and mod_perl aren\’t things I\’d even poke at.
How does PHP6 make Mac OS X a third-class citizen? I don’t get it.
PHP 5.3 and PHP 6 drop the ZE1 compatibility mode. The PHP 4 code shown here works without even an E_STRICT complain in PHP 5, and should still work the same in PHP 6.
ZE1 compatability mode was off by default in php 5, so if your objects worked in php 5 they should still work in php 6.
See also my blog at: http://darrendev.blogspot.com/2009/08/php6-maybe-not-so-painful.html
Thak you for nice article on PHP6…..Its explain main feature of PHP6 which is understandable for beginner or any technical person.