
PHP 7.2.0 Released - pgl
http://php.net/releases/7_2_0.php
======
devwastaken
One of the biggest improvements is that Libsodium is now built-in.
[https://dev.to/paragonie/php-72-the-first-programming-
langua...](https://dev.to/paragonie/php-72-the-first-programming-language-to-
add-modern-cryptography-to-its-standard-library)

No more Mcrypt, less cases of having to use OpenSSL and using it wrong. This
is a huge security step towards the future.

~~~
drostie
The other thing is that they have partially fixed the most "wat" bug in PHP:
for some arrays that aren't even all that hard to come by when interacting
with JS, the following code could change `count($arr)`:

    
    
        foreach ($arr as $key => $val) {
            $arr[$key] = f($key, $val);
        }
    

The issue is that `$key` could be a string describing an integer, but
`$arr[$key]` will automatically see that you're using a string-int and convert
it to an int-int, setting a different key than the internal one.

It's only a partial fix but it hits the most common case: you have a JSON
payload that happens to have an index of objects which happens to have been
given numeric keys:

    
    
        {
          "abcdef": {"prop1": "hello", "prop2": 123}, 
          "987132": {"prop1": "world", "prop2": 456}
        }
    

If your framework hands JSON to you as a StdClass object then you would
typically convert this to an associative array since that's semantically what
it is: as opposed to the internal entities, which in this case appear to be
full-fledged objects. (The difference is that the keys of a full-fledged
object should be known in advance at a data-schema level and have a control
structure of getting/setting `->prop_name`; the keys of a dictionary should be
user-settable and have a control structure of `foreach ($dict as $key => $val)
{}`.)

So the bug still maybe exists in some fringe cases as the underlying cause is
not treated, but it is now autofixed by the common idiom of casting `$dict =
(array) $params->dict`.

~~~
megous
I would typically write:

    
    
       foreach ($arr as $key => &$val)
            $val = f($key, $val);
    

This would avoid this issue, while bing simpler.

------
theodorejb
One of the most significant changes in PHP 7.2 is actually the list of
features that it deprecates. Among other things, this includes:

\- Unquoted strings

\- The __autoload() method

\- The track_errors ini setting and $php_errormsg variable

\- create_function()

\- each()

\- The $errcontext argument

Numerous internal optimizations and language improvements will become possible
in PHP 8 when these features are removed.

[http://php.net/manual/en/migration72.deprecated.php](http://php.net/manual/en/migration72.deprecated.php)

------
velmu
Seems like a solid gradually improving release and according to some
benchmarks [1] and notes from the development team, improved performance as
well. Nothing like the jump the ecosystem enjoyed from 5.6 to 7.0, but still
around 10% on average.

[1] [https://symfony.fi/entry/php-7-1-vs-7-2-benchmarks-with-
dock...](https://symfony.fi/entry/php-7-1-vs-7-2-benchmarks-with-docker-and-
symfony-flex)

------
ChrisSD
What is PHP like nowadays? I know it has a bad reputation and a history of
kitchen sink design but have they managed to tame it into something more
sensible? Do the docs help steer developers away from legacy issues and common
bad patterns?

Would anyone recommend it for new projects?

~~~
arkh
Four words : composer, symfony, laravel and php-fig.

The php ecosystem is not what it was 4 years ago. Although due to backward
compatibility the languages still has a lot of cruft. But this means old code
often works directly with the last version and benefits from its performance
improvement.

If your new project is about receiving an http request and send a response
like a REST API I think it is a good tool for the job. If you want long lived
process (kafka/rabbitmq consumers for example) or sockets it is possible to do
it in php but you'll have a better experience with other stacks.

~~~
porker
I don't get the love for Laravel. Things like validation, specifying
validators in strings like it's 2003 grate with me. Symfony's a pain in the
butt for over-engineering things (DataTransformers are a good place to start)
but at least it's well thought through.

What are the reasons to love Laravel?

~~~
EdwinHoksberg
Apparently the creater modeled it after Ruby on Rails, so I guess it's easier
to use if you are used to that platform.

------
TazeTSchnitzel
It's weird for a _bug fix_ I wrote to be top of the list of features. PHP 7.2
is not the most eventful release.

~~~
Narutu
Yes, strange for a bug fix to be top of a list of features, however...

I don't agree that it's "not the most eventful" release:- libsodium being
included into the core is a big tick in the box in terms of maturing as a
language; modern - secure - cryptography out of the box.

~~~
weberc2
I'm surprised PHP hasn't had this for a while. Isn't PHP nearly 20 years old?
Is it common for web languages to grow so old before they get crypto in the
standard library?

~~~
Can_Not
> PHP 7.2: The First Programming Language to Add Modern Cryptography to its
> Standard Library

[https://dev.to/paragonie/php-72-the-first-programming-
langua...](https://dev.to/paragonie/php-72-the-first-programming-language-to-
add-modern-cryptography-to-its-standard-library)

~~~
weberc2
Ok, but that's different from including crypto at all. I'm surprised Go uses
those algorithms in its standard library TLS stack, but they're not made
available as part of the standard crypto packages...

~~~
Can_Not
OpenSSL and Mcrypt have been available for the longest time, I don't know if
that counts if we word-lawyer "Standard Library" but it definitely felt like
that way.

------
cletus
I use Hack now (I work for Facebook) and i kinda like it, at least in
comparison to any untyped languages.

So, serious question... Is there really any reason to use PHP over Have?

~~~
muglug
Yes. HHVM has now explicitly diverged from PHP, so compatibility with PHP 7
code is not guaranteed, and so too any given PHP 7 library.

If you work for Facebook (or Slack), this is not a problem. You still have
talented engineers working to improve the language. But there also isn't the
guarantee that those improvements will benefit the average use case.

Also PHP is available _everywhere_. HHVM, not so much.

~~~
jrs95
This has been a huge disappointment for me. Hack seemed really promising, but
some of the decisions they've made really seem to have strangled any hope of
there being much of an ecosystem outside a few companies that are heavily
invested in it.

------
JepZ
> Counting of non-countable objects

Sounds like fun :D

But actually, the RFC suggests to add warning, so nothing too special :-/

------
pabl0rg
I will use PHP 7.2 on projects I maintain.

However, starting a web project with Kotlin in 2017 has a minimally larger
set-up cost (have to understand gradle or kobalt) than PHP, but is definitely
a better option. Check out http4k or ktor and squash (orm)

------
aviso5
Awesome

------
rurban
Literally only object as new typehint, not the classname of the object? This
doesn't really help much. [https://wiki.php.net/rfc/object-
typehint](https://wiki.php.net/rfc/object-typehint)

Looks like they went back into perl-mode

~~~
tylerjwilk00
Class based type hinting has already been available since _2004_ with 5.0 [1]
This release adds support for the general standard object type.

[1]
[http://php.net/manual/en/functions.arguments.php#functions.a...](http://php.net/manual/en/functions.arguments.php#functions.arguments.type-
declaration)

~~~
rurban
Ok, that makes sense. Thanks

