
Upcoming changes in PHP 7.1 - debrabyrd
https://dotdev.co/upcoming-changes-in-php-7-1-76ebea53b820?gi=72c111144946#.gdl1ig553
======
TazeTSchnitzel
I'm more excited by some features not detailed in the article.

Return type declarations, which were introduced in PHP 7.0, are being enhanced
somewhat.

First, it's now possible to declare nullable return types (previously all
return types did not permit null):

    
    
      public function getFoo(): ?int;
    

(You can also use ? on parameter and property types.)

Second, we now have a void return type for functions where there is no useful
return value:

    
    
      public function handle(): void;
    

(Disclaimer: I wrote the void return type RFC and implementation, so I'm
biased here.)

We're also getting type declarations for class properties:

    
    
      class Person
      {
          public string $name;
          public int $age;
          public bool $isEmployee;
      }
    

There's a few other things as well. The list() syntax (destructuring
assignment) has been shortened to [] and now lets you specify keys
(disclaimer: I was involved in both of these). Also, trying to add non-numeric
strings together with + now produces a warning (disclaimer: also me).

~~~
elgenie
It's pretty amusing to read some of the PHP RFCs and see the verbal gymnastics
taken to avoid saying "look, we're just taking this directly from Hack" :)

~~~
TazeTSchnitzel
There's certainly a lot of stuff inspired by Hack. If Hack did something well,
sometimes PHP copies it. The syntax of all PHP 7's new type stuff is very
close to Hack's.

Though the details may differ significantly. Hack and PHP's type systems are
only superficially the same (AOT rather than runtime validation, disabling or
ignoring type checks versus using "weak" type checks, type inference vs. no
type inference, etc.), for example.

------
maaaats
This is just an excerpt from [https://dotdev.co/upcoming-changes-in-
php-7-1-76ebea53b820#....](https://dotdev.co/upcoming-changes-in-
php-7-1-76ebea53b820#.yjkkwzdtx)

~~~
pori
My favorite feature is definitely the square bracket destructuring syntax.
This is great for bringing tuple-esque operations to the language.

~~~
elgenie
It doesn't bring tuple-esque operations to the language; it's a shorter
alternate syntax for the already existing "list()" destructuring syntax.

~~~
spdionis
But honestly with the shorter syntax it feels much more natural, compared to
the weird "list" construct. Just an opinion though.

------
xiaq
> Catching multiple exception types

> Support class constant visibility

Reminds me of what Rob Pike once said, "[Java, JavaScript (ECMAScript),
Typescript, C#, C++, Hack (PHP), and more] are converging into a single huge
language".

~~~
blowski
As someone who works predominantly with PHP and JavaScript, but has spent some
time with Java, Ruby and Python - I actually agree with you!

Bob says "I wish PHP had this thing from Java" and Alice says "I wish Java had
this thing from PHP". I don't think it's necessarily a bad thing.

~~~
xyience
It makes me really envious of those who went deep down the Lisp path and
haven't had to look back. They don't have to spend time keeping up with the
latest developments instead of pursuing some other goal, they have it all
already.

------
ericbarnes
Here is the real link: [https://dotdev.co/upcoming-changes-in-
php-7-1-76ebea53b820#....](https://dotdev.co/upcoming-changes-in-
php-7-1-76ebea53b820#.8lix9htbv)

------
naranha
PHP looks more and more like Java.

~~~
arenaninja
It can, though it doesn't have to, at all. PHP still has a very low entry
barrier compared to Java. You can opt in to all of the syntactic sugar, or
none at all, which is the way it should be.

------
CiPHPerCoder
Not mentioned in the article: Several RFCs being voted on or discussed right
now.

Also, [https://wiki.php.net/rfc/libsodium](https://wiki.php.net/rfc/libsodium)

------
sideproject
Off topic, but curious - Is there any discussion on whether there will be a
support for a good concurrent programming in PHP in the future? (e.g. channels
in Go & Elixir) - of course, you might say "you're using the wrong tool.."

~~~
m4tthumphrey
React has been around for a while -
[http://reactphp.org/](http://reactphp.org/)

~~~
goldbrick
This is not really concurrency, though, it just makes PHP resemble NodeJS.

------
mrweasel
I haven't touched PHP in a long time, but the later releases makes me want to
try it for a couple of small projects.

Is there any good introduction for people how "know" PHP4 and want to get
started with PHP7, using best practises?

~~~
regularjack
[http://www.phptherightway.com](http://www.phptherightway.com) might be of
some help

------
lsaferite
Nested try/catch/finally blocks won't lose return values anymore. Yay.

[https://bugs.php.net/bug.php?id=72188](https://bugs.php.net/bug.php?id=72188)

------
chatmasta
Supporting http/2 SERVER_PUSH seems cool at first glance, but doesn't it
significantly increase the attack service for RCE vulnerabilities, being that
it accepts arbitrary content from remote servers and passes it into a callback
function?

It looks like PHP implemented SERVER_PUSH [0] via libcurl [1], openly
described as a "work in progress."

I'm sure all the code is "well written", both in PHP and libcurl, but I can't
shake the feeling that we'll see at least one significant vulnerability as a
result of this new feature. The two github issues on the feature, one
referencing a segfault caused by a double-free [2], and one caused by server-
specific protocol issues [3], do not help to assuage my worry.

[0]
[https://wiki.php.net/rfc/curl_http2_push](https://wiki.php.net/rfc/curl_http2_push)

[1] [https://daniel.haxx.se/blog/2015/06/03/server-push-to-
curl/](https://daniel.haxx.se/blog/2015/06/03/server-push-to-curl/)

[2]
[https://github.com/curl/curl/issues/529](https://github.com/curl/curl/issues/529)

[3]
[https://github.com/curl/curl/issues/530](https://github.com/curl/curl/issues/530)

------
joesmo
Deprecating mcrypt this way is clearly a mistake regardless of how ineffective
it is as an extension or how unmaintained it is. Almost every framework I've
seen makes use of it. In almost 9 years, it was not communicated to the
community at all that this was based on unmaintained, buggy code, and now they
just want to yank it in a minor upgrade? WTF? At the very least, there should
be collaboration with people who maintain frameworks that use mcrypt as pretty
much every major framework (ZF, Symfony, Laravel, etc.) does. This should be
done in a major version upgrade like the one that just happened.

~~~
CiPHPerCoder
The release process specifically allows an extension to be deprecated and then
punted to PECL.

As for frameworks, I and others have already been going around (for years
before the mcrypt deprecation came up) switching things to use OpenSSL (and,
for that matter, authenticated encryption) instead of mcrypt.

[https://paragonie.com/blog/2015/05/if-you-re-typing-word-
mcr...](https://paragonie.com/blog/2015/05/if-you-re-typing-word-mcrypt-into-
your-code-you-re-doing-it-wrong)

To date: ZF, CodeIgniter, Symfony, Laravel, and CakePHP all support OpenSSL
instead of Mcrypt, as do many, many more.

You get E_DEPRECATED in 7.1 then in 7.2 you can still

    
    
        pecl install mcrypt
    

...if you really have a need to support abandonware.

------
Navarr
Can we replace this with the link to the article it stole?

------
vesak
Anyone know if they are planning to fix ==, < and >? I kinda feel that
declare(strict_types=1) could and should fix those without too much trouble.

------
JonoBB
Can we please change the link to the original article
([https://dotdev.co/upcoming-changes-in-
php-7-1-76ebea53b820#....](https://dotdev.co/upcoming-changes-in-
php-7-1-76ebea53b820#.gdl1ig553))

"Learning Laravel" is a known plagiarist, who has a habit of ripping off
content from other Laravel sites.

~~~
peterbixa
It's just a summary of the post. Are Facebook and other sites doing something
wrong as well?

~~~
krapp
It's not a summary of the post, it's just part of the actual post copied and
pasted in.

Facebook and other sites make it clear that what you're looking at is a
_summary_ meant to lead you to another site - they don't disguise it as
content.

------
conmarap
I'm saying this in the nicest possible way: I hate PHP and hope the project
dies tomorrow. And it's funny because I use it at my job everyday. I suppose
that's why I've grown to loath it that much. I should say that it is great for
some things and it is very easy to stage and cheap to maintain, but it is a
language from the previous century that has massively failed to adapt to
current programmatic trends and patterns. And I shouldn't even start on its
API, which to this day seems like the equivalent of a two year old child's
drawing. Laravel and Eloquent made things a bit better, but still... Man, this
language is a hot mess.

------
codeulike
_... Note the syntax isn’t the usual double pipe || operator that we associate
with or, rather a single pipe | character ..._

 _... PHP 7.1 introduces visibility modifiers to constants ..._

 _... With PHP 7.1 it is now possible to specify that a function has a void
return type, i.e. it performs an action but does not return anything ..._

 _... Example four contains numeric values, so everything else is stripped
out, and the sum of those are used to calculate the total of 10. But it would
still be nice to see a warning, as this may not be intended behaviour ..._

Good to see PHP continues to introduce new inconsistencies while striving to
break existing code by fixing old ones. Best of both worlds!

edit: OK this was uncharitable and technically some of them are not
inconsistencies, just things I thought were weird. I know PHP is widely used
and considered useful and will stay with us forever. But I found those
snippets interesting.

~~~
Mithaldu
I don't like PHP either, but that doesn't mean kneejerk reactions are
excusable, and at the least on the first point you are wrong. Using | instead
of || is not an inconsistency, but actually quite consistent.

|| is a short-cutting or comparison operator which returns the first true
thing it encounters.

| is a bitwise or combinator, which takes two sets of flags, and combines them
into one set of flags that has all flags activated which were also active in
the input sets.

Semantically, | is absolutely the correct choice here.

A better question would be why there's a $2 there, though i hope that's just a
typo and means $e.

~~~
oneeyedpigeon
> || is a short-cutting or comparison operator which returns the first true
> thing it encounters.

I _wish_. The fact that it actually doesn't is one of the things that really
bugs me about PHP:

    
    
        <?php
        var_dump(0 || 42);
    

The above example will output:

    
    
        bool(true)

~~~
TazeTSchnitzel
PHP does have the shorthand ternary operator `?:`, though, which does what you
want here:

    
    
      $ php -r 'var_dump(0 || 42);'
      bool(true)
      $ php -r 'var_dump(0 ?: 42);'
      int(42)

~~~
oneeyedpigeon
Wow. OK, I am a _big_ user of the ternary operator, but I hadn't come across
omission of the middle part until now. To be honest, it's not the most
accessible syntax (especially if you're coming from another language), but at
least I have the option now - thanks!

edit: Just to clarify for anyone else unfamiliar with it:

    
    
        $ php -r 'var_dump(42 ?: 0);'
        int(42)

~~~
rbritton
Depending on how far back you have to support (e.g., WordPress is still
supporting 5.2), omission of the middle part wasn't supported until PHP 5.3.

~~~
TazeTSchnitzel
5.3 came out seven years ago and isn't even officially supported by the PHP
project now, let alone 5.2.

~~~
rbritton
I know all too well, and you'd never catch me running that on any of my own
systems. With a large enough install base, it's not uncommon to have a decent
number of people on those older versions though.

