On 20-Jun-2013, the PHP development team has announced the immediate availability of
PHP 5.5.0 and this release includes a large number of new features and bug fixes. The new features of
PHP 5.5.0 includes :
Generators :
Support for
generators has been added via the
yield keyword. Generators provide an easy way to implement simple iterators without the overhead or complexity of implementing a class that implements the
Iterator interface. For example:
function xrange($start, $limit, $step = 1)
{
for ($i = $start; $i <= $limit; $i += $step) {
yield $i;
}
}
// Note that an array is never created
// or returned, which saves memory.
echo 'Single digit odd numbers: ';
foreach (xrange(1, 9, 2) as $number) {
echo "$number ";
}
// Output :
/**
* Single digit odd numbers: 1 3 5 7 9
*/
It looks like that, the
yield keyword is working like the
return keyword but it's not terminating the execution of the current process, instead, it returns a value and continues.
New finally Keyword :
In PHP 5.5.0 the
finally block may also be specified after the catch blocks. Code within the finally block will always be executed after the try and catch blocks, regardless of whether an exception has been thrown, and before normal execution resumes. For example:
function inverse($x) {
if (!$x) {
throw new Exception('Division by zero.');
}
return 1/$x;
}
// First block no exceptions
try {
echo inverse(5) . "\n";
} catch (Exception $e) {
echo 'Caught exception: ', $e->getMessage(), "\n";
} finally {
echo "First finally.\n";
}
// Second block with an exceptio
try {
echo inverse(0) . "\n";
} catch (Exception $e) {
echo 'Caught exception: ', $e->getMessage(), "\n";
} finally {
echo "Second finally.\n";
}
// Continue execution
echo "Hello World";
// Output :
/**
* 0.2
* First finally.
* Caught exception: Division by zero.
* Second finally.
* Hello World
*/
New password hashing API :
A new
password hashing API that makes it easier to securely hash and manage passwords using the same underlying library as
crypt() in
PHP has been added. The new password hashing API allows you to use one line of code to generate a salted password hash using
Bcrypt. For example:
// The password will be automatically salted
$hash = password_hash('mypassword', PASSWORD_DEFAULT);
The
password_hash takes three arguments and the third one is optional. First argument is the plain password to be hashed, the second argument is a
password algorithm constant denoting the algorithm to use when hashing the password and the third one is an associative array containing options. Currently, two options are supported: salt, to provide a salt to use when hashing the password, and cost, which denotes the algorithmic cost that should be used. If omitted, a random salt will be created and the default cost will be used. For example, with options :
// Setting the option to increase the default cost for BCRYPT to 12
$options = [
'cost' => 12,
];
// The password algorithm is switched to BCRYPT
echo password_hash("mypassword", PASSWORD_BCRYPT, $options)."\n";
The current default encryption algorithm used is
Bcrypt (default as of PHP 5.5.0), although this is expected to change as new and stronger algorithms are added to
PHP. It is recommended to keep the password field length at least 60 characters in the database but 255 would be good.
This is another example with
cost and
salt (randomly generated salt) options :
// Setting the cost and salt manually
$options = [
'cost' => 11,
'salt' => mcrypt_create_iv(22, MCRYPT_DEV_URANDOM),
];
echo password_hash("mypasscword", PASSWORD_BCRYPT, $options);
It's recommended that, not to use a static
salt or one that is not randomly generated. For the VAST majority of use-cases, let
password_hash() generate the salt randomly for you.
The password could be verified using the
password_verify() function, for example :
if (password_verify('mypassword', $hash)) {
echo 'Password is valid!';
}
else {
echo 'Invalid password.';
}
Note that
password_hash() returns the algorithm, cost and salt as part of the returned hash. Therefore, all information that's needed to verify the hash is included in it. This allows the verify function to verify the hash without needing separate storage for the salt or algorithm information.
Other two related functions are
password_get_info($hashed_password), which returns an array of information about the hash that was created by an algorithm supported by
password_hash() function and
password_needs_rehash($hashed_password, $used_algorithm, $options), it checks to see if the supplied hash implements the algorithm and options provided. If not, it is assumed that the hash needs to be rehashed.
The list() construct is supported in foreach :
The
foreach control structure now supports unpacking nested arrays into separate variables via the
list() construct. For example:
$array = [
[1, 2],
[3, 4],
];
// Loop the Array using foreach
// while unpacking items using list
foreach ($array as list($a, $b)) {
echo "A: $a; B: $b\n";
}
// Output :
/**
* A: 1; B: 2
* A: 3; B: 4
*/
support for arbitrary expressions in empty() function :
Passing an arbitrary expression instead of a variable to
empty() is now supported. For example:
function always_false()
{
return false;
}
// Pass function to empty
if (empty(always_false())) {
echo "This will be printed.\n";
}
// Pass Boolean true to empty
if (empty(true)) {
echo "This will not be printed.\n";
}
// Output :
/**
* This will be printed.
*/
Support for array and string dereferencing :
Array and
string literals can now be dereferenced directly to access individual elements and characters, for example :
// Array dereferencing example
echo 'Array dereferencing: ';
echo [1, 2, 3][0];
echo "\n";
// String dereferencing example
echo 'String dereferencing: ';
echo 'PHP'[0];
echo "\n";
// Output :
/**
* Array dereferencing: 1
* String dereferencing: P
*/
Class name resolution via ::class :
It is possible to use
ClassName::class to get a fully qualified name of class
ClassName. For example:
namespace App\Controllers;
class MyClass {
// ...
}
// Get fully qualified name (with namespace)
echo MyClass::class;
// Output :
/**
* App\Controllers\MyClass
*/
Now foreach supports non-scalar keys :
The
Iterator::key function can currently return a value of any type, but the handling code in
foreach and several other places only allows integer and string keys to be used. This limitation makes some use-cases unnecessarily complicated. From the
SPL two examples are
MultipleIterator and
SplObjectStorage.
The
MultipleIterator allows you to traverse several Iterators at the same time. It's
::current method returns an array of values and the
::key method returns an array of keys. But due to the
foreach key type limitation the keys can not be directly fetched, for example :
// This is NOT possible prior to php 5.5.0
foreach ($it as $keys => $values) {
// ...
}
// Instead you have to use
foreach ($it as $values) {
$keys = $it->keys();
// ...
}
SplObjectStorage is a map/set implementation for object keys. Here the issue is circumvented by returning the keys as values and requiring a manual look up on the values :
// This is NOT possible prior to php 5.5.0
foreach ($objectStore as $key => $value) {
// ...
}
// Instead you have to use
foreach ($objectStore as $key) {
$value = $objectStore[$key];
// ...
}
But now
foreach supports keys of any type. While non-scalar keys cannot occur in native PHP arrays, it is possible for
Iterator::key() to return a value of any type, and this will now be handled correctly. Read more on ths
RFC link.
Improvements to GD
Various improvements have been made to the
GD extension, these include:
OPcache extension added
The Zend Optimiser+ opcode cache has been added to PHP as the new
OPcache extension. OPcache improves PHP performance by storing precompiled script bytecode in shared memory, thereby removing the need for PHP to load and parse scripts on each request. See
the installation instructions for more detail on enabling and using OPcache.
This extension is bundled with PHP 5.5.0 and later, and is
» available in PECL for PHP versions 5.2, 5.3 and 5.4.
Apache 2.4 handler supported on Windows
The Apache 2.4 handler SAPI is now supported on Windows. You can read more about
apache handler. Also, the handler(php5apache2_4.dll) for
PHP 5.4, 5.3 and 5.2 are available at
Apache Lounge. Read this if interested in
Developing modules for the Apache HTTP Server 2.4.
incompatibilities too and code should be tested before switching PHP versions in production environments. For users upgrading from
PHP 5.4,
a migration guide is available detailing the changes between 5.4 and 5.5.0.
Changes that affect compatibility:
- PHP logo GUIDs have been removed.
- Windows XP and 2003 support dropped.
- Case insensitivity is no longer locale specific. All case insensitive matching for function, class and constant names is now performed in a locale independent manner according to ASCII rules.