With PHP 5.6 out and many production environments still running 5.2 or 5.3, it's time to paint a clear picture on why everyone should move to 5.5 and 5.6 and how to get code ready for the latest version of PHP. In this talk, we'll look at some handy tools and techniques to ease the migration.
2. Who am I ?
Wim Godden (@wimgtr)
Founder of Cu.be Solutions (http://cu.be)
Open Source developer since 1997
Developer of OpenX, PHPCompatibility, PHPConsistent, ...
Speaker at Open Source conferences
3. Why vs How
Part 1 : why upgrade ?
Bad reasons :
It's cool to have the latest version
Annoy sysadmins
Oh cool, a new toy !
Part 2 : how to upgrade ?
The nightmare of compatibility
The joy of automation
No miracles here !
6. 5.3 quick recap
Namespaces ()
Late static binding
Closures
Better garbage collection
Goto
Mysqlnd
Performance gain
7. 5.4 quick recap
Short array syntax
Function array dereferencing
Traits
Built-in webserver
SessionHandler
File upload extension
Binary notation
register_globals and magic_quotes_gpc removed :-)
Safe mode removed :-)
8. 5.3 – people are not even using it !
19.2% still on PHP 5.2
No :
Symfony 2
Zend Framework 2
Other frameworks that need namespaces
Problematic for developers
9. PHP 5.5/5.6 – what's changed ?
New features
Performance and memory usage
Improved consistency
Some things removed
10. New things – Generators (5.5)
Simple way of implementing iterators
Simply put : foreach over a function
Say what ?
11. Generators - example
<?php
function returnAsciiTable($start, $end) {
for ($i = $start; $i <= $end; $i++) {
yield $i => chr($i);
}
}
foreach (returnAsciiTable(97, 122) as $key => $value) {
echo $key . " - " . $value . "n";
}
Output :
97 - a
98 - b
99 - c
100 - d
101 - e
102 - f
103 - g
104 - h
105 - i
106 - j
107 - k
108 - l
109 - m
110 - n
111 - o
112 - p
113 - q
114 - r
115 - s
116 - t
117 - u
118 - v
119 - w
120 - x
121 - y
122 - z
14. Password hashing (5.5)
To create :
$hash = password_hash($password, PASSWORD_DEFAULT);
To verify :
password_verify($password, $hash);
Currently only supports Blowfish
Also has password_needs_rehash() → check if hash was strong enough
15. Zend Optimizer+ (5.5)
Name in PHP 5.5 : OPcache
Opcode cache (like APC, Xcache, ...)
APC users : no userland (variable) caching in OPcache
→ Use APCu
18. Other changes in 5.6
json_decode() strictness : true, false, null values
Constant expressions :
const ONE = 1;
const TWO = ONE * 2;
Exponent operator (**)
printf("2 ** 4 == %dn", 2 ** 4);
→ Output = 2 ** 4 == 16
use function and use const
Default charset is now UTF-8 → set in ini default_charset
__debuginfo() magic method for use with var_dump()
SSL/TLS security improvements (peer certificate verification,
TLS renegotiation attacks, …)
phpdbg : interactive debugger
19. Removed features in PHP 5.5
php_logo_guid()
php_egg_logo_guid()
php_real_logo_guid()
zend_logo_guid()
Windows XP and 2003 support
20. Removed features in PHP 5.6
$HTTP_RAW_POST_DATA and ini setting
always_populate_raw_post_data
iconv and mbstring encoding settings → default_charset in ini
21. Performance and memory usage from 5.3 to 5.6
Performance : 10 – 30%
How ?
Core optimizations
New internal caches (functions, constants, …)
Better (un)serialization
Inlining often-used code paths
…
Reduced memory usage : up to 50% !
Big impact on large frameworks
Even bigger impact on codebases such as Drupal
23. Upgrade : yes / no
Yes No
Using removed extensions x
Using removed functions x
Need extra performance / reduced memory x
Really need new feature x
Want to use recent framework x
No unit tests x
No package available (.rpm, .deb, ...) x
24. Postponing upgrades
End-Of-Life
In the past : we'll see
Now : minor release + 2 = out → EOL
5.5 = OUT → 5.3 = EOL
5.6 = OUT → 5.4 = EOL
Critical security patches : 1 year
No bugfixes
Framework support
Developer motivation
25. So you want to upgrade...
Option 1 : run your unit tests
Option 2 : visit each page (good luck !) + check error_log
Or : record visits, then replay log on test environment
Option 3 : automated static analysis
26. Unit tests on different PHP versions
Vagrant boxes
Integrate into your CI
Use Travis CI (http://travis-ci.org)
27. Why make it so hard ? A best-case scenario...
Development environment : 5.6
Production environment : 5.6
All is well, right ?
End 2015 : PHP 7 arrives
How can you test compatibility ?
→ Set up your test environment today
→ Even for new projects
28. Back in 2010...
PHP Architect @ Belgian Railways
8 years of legacy code
40+ different developers
40+ projects
Challenge :
migrate all projects from
PHP 5.1.x (on Solaris)
to
PHP 5.3.x (on Linux)
32. PHPCompatibility
New PHP_CodeSniffer standard
Only purpose : find compatibility issues
Detects :
Deprecated functions
Deprecated extensions
Deprecated php.ini settings and ini_set() calls
Prohibited function names, class names, …
…
Works for PHP 5.0 and above
33. PHPCompatibility – making it work
Via Composer : wimg/php-compatibility
From Github :
Download :
http://github.com/wimg/PHPCompatibility
Install in <pear_dir>/PHP/CodeSniffer/Standards
Run :
phpcs --standard=PHPCompatibility <path>
35. Important notes
Large directories → can be slow !
Use --extensions=php,phtml
No point scanning .js files
Static analysis
Doesn't run code
Can not detect every single incompatibility
Provides filename and line number
37. Some common apps – phpBB (latest)
FILE: /usr/src/phpBB3/adm/index.php
--------------------------------------------------------------------------------
FOUND 0 ERROR(S) AND 2 WARNING(S) AFFECTING 1 LINE(S)
--------------------------------------------------------------------------------
48 | WARNING | INI directive 'safe_mode' is deprecated in PHP 5.3 and forbidden in PHP 5.4.
48 | WARNING | INI directive 'safe_mode' is deprecated in PHP 5.3 and forbidden in PHP 5.4.
--------------------------------------------------------------------------------
38. Common apps - MediaWiki
FILE: /usr/src/mediawiki-1.19.8/includes/GlobalFunctions.php
--------------------------------------------------------------------------------
FOUND 0 ERROR(S) AND 1 WARNING(S) AFFECTING 1 LINE(S)
--------------------------------------------------------------------------------
2705 | WARNING | The use of function dl is discouraged in PHP version 5.3 and
| | discouraged in PHP version 5.4 and discouraged in PHP version
| | 5.5
--------------------------------------------------------------------------------
39. Common apps – Wordpress (latest)
FILE: /usr/src/wordpress/wp-admin/includes/class-pclzip.php
--------------------------------------------------------------------------------
FOUND 2 ERROR(S) AFFECTING 2 LINE(S)
--------------------------------------------------------------------------------
5340 | ERROR | The use of function set_magic_quotes_runtime is discouraged in
| | PHP version 5.3 and forbidden in PHP version 5.4 and forbidden
| | in PHP version 5.5
5371 | ERROR | The use of function set_magic_quotes_runtime is discouraged in
| | PHP version 5.3 and forbidden in PHP version 5.4 and forbidden
| | in PHP version 5.5
--------------------------------------------------------------------------------
FILE: /usr/src/wordpress/wp-includes/SimplePie/Item.php
--------------------------------------------------------------------------------
FOUND 0 ERROR(S) AND 1 WARNING(S) AFFECTING 1 LINE(S)
--------------------------------------------------------------------------------
125 | WARNING | INI directive 'zend.ze1_compatibility_mode' is deprecated in
| | PHP 5.3 and forbidden in PHP 5.4.
--------------------------------------------------------------------------------
FILE: /usr/src/wordpress/wp-includes/wp-db.php
--------------------------------------------------------------------------------
FOUND 16 ERROR(S) AFFECTING 16 LINE(S)
--------------------------------------------------------------------------------
641 | ERROR | Extension 'mysql_' is deprecated since PHP 5.5 - use mysqli
| | instead.
646 | ERROR | Extension 'mysql_' is deprecated since PHP 5.5 - use mysqli
| | instead.
40. Conclusion
No 100% detection
But : 95% automation = lots of time saved !
First : PHPCompatibility on local machine
Then : use your CI/test environment and run unit tests
Start upgrading !
part 2
look at difficulties you might encounter in upgrading.
I&apos;ll provide solutions
not a magician
can&apos;t solve everything ;-)
5.3.3 = Debian Squeezy = 12%
Wait a second... that means people aren&apos;t even on 5.3 ?
And there was 3 year gap between the release of 5.2 and 5.3, so 5.3 brought a lot of cool things.
- Compression disabled by default (CRIME attack)
- Ciphers have been updated
- Possible to select specific SSL/TLS version