PHP 6, the next major revision of the popular Web application development language, looms on the horizon and promises many changes. Learn what's new and what's obsolete and how to prepare your code for tomorrow.
It’s no secret that PHP has changed significantly since the earliest versions of PHP 4 were released almost a decade ago. Indeed, each major revision of PHP has required code changes, as language features were added, modified, and obsoleted. Depending on your PHP code, PHP 6 will be no exception.
Although PHP 6 isn’t yet available as a pre-built package, you can download and install a development snapshot of PHP 6 now to check out the new features and verify your scripts remain functional. Since PHP 6 removes some backwards-compatibility features (which, in the long term, is a good thing), you should test your existing code thoroughly.
Downloading and Building PHP 6
To compile, install, and run PHP 6, you must have the GNU make utility, a compiler such as gcc, some additional libraries to power new PHP features, and a Web server. Compiling and installing PHP 6 requires:
-
Apache with development headers, such as apache-prefork-dev. The threaded MPM version of Apache is not recommended for use by the PHP group for production use.
-
An International Component for Unicode (ICU) library, like libicu-dev
-
The XML2 development headers, libxml2-dev
These dependencies can be installed instantly on Ubuntu by typing:
$ sudo apt-get install apache-prefork-dev libicu-dev libxml2-dev
These few dependencies enable a bare-bones installation of PHP 6, without database, image, or FreeType 2 support.
You can get the latest PHP 6 source package from
"http://snaps.php.net">http://snaps.php.net. Save the source package as a file in your home
folder and unpack it:
$ tar -xzvf php6.0-[TSTAMP].tar.gz
(In the latter command, [TSTAMP] is the time stamp of the build you
downloaded.)
Change to the new directory created by tar and run the configure script:
$ cd php6.0-[TSTAMP]
$ ./configure --exec-prefix=/usr \
--with-apxs2=/usr/bin/apxs2 \
--with-config-file-path=/etc/php6
Since PHP 6 enables Unicode support, you must have an International
Component for Unicode library and headers. If necessary, the location of your ICU can specified with
the --with-icu-dir option to the configure script.
The --with-apxs2 option builds the Apache module. In this example,
the --exec-prefix and --with-config-file-path options
install the PHP files in locations more consistent with those of PHP 5, just for convenience.
After running the configure script, compile, test, and install the PHP 6 distribution:
$ make
$ make test
$ sudo make install
The tests take some time to run (as of the time of this writing, there are over 7,000 tests), but you will get better results if you verify the build. Since these are development snapshots and not intended for production, you should make sure the code doesn’t contain problems that will cause you issues later.
Verfiy the command line interpreter is installed correctly by typing:
$ php --version
If PHP 6 has been successfully installed and is in your execution path, you will see something
like this:
PHP 6.0.0-dev (cli) (built: Jun 30 2009 08:02:29)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v3.0.0-dev, Copyright (c) 1998-2009 Zend Technologies
After you’ve installed the PHP 6 binaries, you’ll need to verify that PHP 6 has been successfully installed as a module or extension to your web server. To make sure your web server is pointed to PHP 6, put the phpinfo() function in a file and point to it from the browser.
<?php phpinfo(); ?>
You should see the PHP 6 version at the top. Review the unicode section to make sure that unicode support is enabled and is the proper version.
Things to Change
Since PHP 6 removes some backwards compatibility features, your main concern is to make sure that your PHP scripts are up to date before upgrading your system. Following the tips in this section—like discontinuing the use of register_globals and magic_quotes—will not only help you get ready for PHP 6 but will also help you to make your code more secure.
In PHP versions prior to version 6, the register_globals setting allowed you to register “EGPCS” (Environment, GET, POST, Cookie, and Server) variables as global variables. For many reasons, using register_globals is a poor security practice that could lead to cross-site scripting holes. An attacker could populate a variable using a query string parameter (GET) where your script was originally looking for cookie values or POST variables. As a developer, you should be sure where your variables are coming from, whether it’s from a GET or POST method or from a cookie. As of PHP 5.3.0, the register_globals feature is deprecated, and as of PHP 6 it is completely removed.
Hence, code that used to look like this…
$myvar = $value // where did this come from, anyway?
… should now look like this:
$myvar = $_GET['value'];
The magic_quotes INI directive, when enabled, allowed PHP to do some level of escaping quotes in HTML input for you. Some developers use magic_quotes instead of SQL-implementation specific functions to avoid SQL injection attacks. However, doing so can lead to more problems than it solves. magic_quotes are rumored to be turned off completely in PHP 6, so functions like magic_quotes_gpc() won’t work as expected.
Review your code carefully to determine how you’re handling input. If you rely on magic_quotes, make sure to replace that code with the appropriate functions for your database implementation or other output—such as mysql_escape_string() (for a MySQL implementation) or addslashes() (for other implementations that require escaped strings).
The best practice for running database statements is to prepare the statement, like this:
<?php
$statement = $dbh->prepare("DELETE FROM USERS WHERE USERNAME = ?");
$statement->execute(array($_GET['username']));
?>
The arrays HTTP_*_VARS, which are replaced by shorter array names, are completely removed in PHP 6. If the register_long_arrays setting is declared in the INI, PHP 6 emits an error of type E_CORE_ERROR.
To update your code to be ready for PHP 6, replace all instances of the long arrays with the shorter array names.
| Long Array |
Replace With |
$HTTP_GET_VARS |
$_GET |
$HTTP_POST_VARS |
$_POST |
$HTTP_ENV_VARS |
$_ENV |
$HTTP_SERVER_VARS |
$_SERVER |
$HTTP_COOKIE_VARS |
$_COOKIE |
Unicode Support
PHP 6 offers Unicode support for Unicode characters in input, output, processing files, and for PHP scripts themselves. The most common of the Unicode encodings is UTF-8, which is the default encoding for many of the PHP 6 functions.
Although Unicode support is a useful addition to PHP 6, it might not be required for your environment. If you want to disable Unicode, use the unicode.semantics key in the PHP INI:
unicode.semantics = Off
The Unicode encoding can be set by the INI keys:
| Unicode INI setting |
Purpose |
| unicode.output_encoding |
Sets the site-wide default encoding for text sent to standard output |
| unicode.filename_encoding |
Sets the encoding for file and directory names. |
| unicode.script_encoding |
Sets the encoding for the PHP scripts themselves. |
| unicode.runtime_encoding |
Sets the encoding used in the PHP runtime when converting binary strings |
Comments on "Get Ready for PHP 6"
Oh, great, another way for us to break our web applications. Boy, I can\’t wait to be first in line to have that happen.
It\’s about time. PHP has suffered from some of the cruft hanging around in its codebase for a long time. If people finally have to fix their crappy apps that were still using register_globals, then PHP 6 is worth the upgrade pains.
Backwards compatibility is great, but when old code is written in an inherently insecure way, the only solution is to break from the past, and suffer the short term pain. The long term gain is worth it.
PHP 6 may be a big upgrade, but it\’s not that huge of a shift in terms of language design. Python 3 was a bigger change, and don\’t even mention Perl 6 which is a completely new language (one which I support by the way.)
So stop moaning how PHP 6 is going to break your applications. If it does, then they weren\’t well written to begin with. Bring on the new!
+1 for getting rid of some of the more egregious legacy cruft from the PHP3/4 days.
-1 for the absolutely asinine namespace implementation; several other languages (Python, C#, Eiffel) do the equivalent much better.
-1 for making Mac OS X a third-class citizen (behind Linux and Windows); updates/upgrades are a hundred times more difficult/painful/risky than on any other platform.
Having nearly finished (yet another) book on PHP-based Web development, maybe I should go pick up mod_python again. I don\’t drink or do drugs, so Rails and mod_perl aren\’t things I\’d even poke at.
How does PHP6 make Mac OS X a third-class citizen? I don’t get it.
PHP 5.3 and PHP 6 drop the ZE1 compatibility mode. The PHP 4 code shown here works without even an E_STRICT complain in PHP 5, and should still work the same in PHP 6.
ZE1 compatability mode was off by default in php 5, so if your objects worked in php 5 they should still work in php 6.
See also my blog at: http://darrendev.blogspot.com/2009/08/php6-maybe-not-so-painful.html
Thak you for nice article on PHP6…..Its explain main feature of PHP6 which is understandable for beginner or any technical person.
Hello! I simply want to offer you a big thumbs up for the great info you’ve got right here on this post. I am coming back to your site for more soon.
Wonderful blog! I found it while searching on Yahoo News.
Do you have any suggestions on how to get listed in Yahoo News?
I’ve been trying for a while but I never seem to get there! Thank you
I’ve been surfing online more than three hours today, yet I never found any interesting article like yours. It’s pretty worth enough for me.
In my opinion, if all website owners and bloggers made good content as you
did, the web will be a lot more useful than ever before.
I simply couldn’t leave your site prior to suggesting that I really loved the usual information an individual supply on your guests? Is gonna be back frequently in order to check out new posts
My weblog; exteen.com
Simply wish to say your article is as surprising. The clarity in your post is just great
and that i could think you’re an expert on this subject. Fine together with your permission allow me to snatch your RSS feed to stay updated with impending post. Thank you one million and please continue the gratifying work.
My family every time say that I am killing my time here at
net, but I know I am getting experience all the time by reading such pleasant
content.
Thank you for the good writeup. It in fact was a entertainment account
it. Look advanced to far delivered agreeable from you!
However, how can we communicate?
I got this site from my pal who informed me concerning this site and now this time I am browsing this web site and
reading very informative articles or reviews
at this time.
I have read so many posts concerning the blogger lovers except this piece
of writing is actually a fastidious piece of writing, keep it up.
Now I am going to do my breakfast, later than having my breakfast coming over again to read additional news.
whoah this blog is great i really like reading your articles.
Keep up the great work! You already know, a lot of people are looking round for
this info, you can aid them greatly.