I co-organise the BrisPHP Meetup and at the start of every meetup I give a quick talk on recent news and other interesting things that have been happening in the PHP world. Here are the things I found intersting in the second quater of 2018.

PHP News

Version Stats

Time for the latest PHP version usage stats. Jordi Boggiano regularly trawls the logs to packagist.org to find the usage distribution of PHP versions. Here are some of the highlights:

PHP Version Usage

The greatest thing you can see here is that more than 20% of active projects are using PHP 7.2, and almost 95% are using a maintained version of PHP. That’s amazing.

PHP Versions Over Time

You can see here the version usage over time. You can see that all new versions are adopted pretty quickly, but old ones hang around for a very long time.

Ubuntu 18.04 uses PHP 7.2 by default

No longer will you have to add a separate repository to install the best PHP version. On the latest Ubuntu apt install php will give you 7.2 by default! Of course, 16.04 also shipped with 7.0 by default, and it wasn’t long we all wanted to install 7.1. So we’ll probably need that extra repository again soon, but this should really help the update of 7.2. You can find the announcement here.

What’s on the way for PHP 7.3?

Ayesh Karunaratne is maintaining a live document detailing all the changes we can expect in PHP 7.3. Here are some of my favourite features:

Better Heredoc syntax

At the moment any Heredoc you write has to break the flow of your code. Something like this:

<?php

class AnimalSentences
{
    
    public function jumpLazyFox(string $animal): string
    {
        $foo = <<<EOF
the crazy "%s"
    jumps over the lazy fox;
EOF

        return sprintf($foo, $animal);
    }
}

As you can see, this looks terrible and ensure that I avoid using it at all costs. However, with 7.3 we’ll be able to format it like:

<?php

class AnimalSentences
{
    
    public function jumpLazyFox(string $animal): string
    {
        $foo = <<<EOF
        the crazy "%s"
            jumps over the lazy fox;
        EOF

        return sprintf($foo, $animal);
    }
}

This works because you can have the ending EOF token not as the first thing on the line, and any whitespace before the ending EOF token will also be stripped from the start of every other line. This you cannot have other lines in the Heredoc indented less than the ending EOF token:

<?php

class AnimalSentences
{
    
    public function jumpLazyFox(string $animal): string
    {
        $foo = <<<EOF
        the crazy "%s"
    jumps over the lazy fox;                // Parse error
        EOF

        return sprintf($foo, $animal);
    }
}

The only backward compatibily issues that exist here is if you happen to have Heredoc somewhere that contains an indented EOF token like this:

<?php

class AnimalSentences
{
    
    public function jumpLazyFox(string $animal): string
    {
        $foo = <<<EOF
the crazy "%s"
    EOF                         // This will terminate the Heredoc in 7.3+
    jumps over the lazy fox;
EOF

        return sprintf($foo, $animal);
    }
}

Trailing comma in function calls

Something I really like doing is adding a trailing comma in multi-line array declarations:

<?php

$foo = [
    'bar',
    'baz',
    'bob',
];

Because if need to add another element, or remove the last element, it makes the git diff really tidy since you only modify a single line, and I see this:

$foo = [
    'bar',
    'baz',
+   'bob',
];

Instead of this:

$foo = [
    'bar',
-   'baz'
+   'baz',
+   'bob',
];

Which makes code reviews much easier since the actual change stands out. In 7.3 we’ll be able to do this with function calls as well:

<?php

foo(
    'bar',
    'baz',
    'bob',
);

Note: You’ll be able to do this with single line function calls as well, just like single line array declarations. However, I don’t really see the point in that.

json_encode and json_decode to throw exceptions

How much do you hate checking json_last_error every-damn-time you encode or decode something? Very soon, we’ll be able to have some great looking code like:

<?php

try {
  json_decode("{", false, 512, JSON_THROW_ON_ERROR);
} catch (\JsonException $exception) {
    echo $exception->getMessage(); // echoes "Syntax error"
}

Since this won’t be the default behaviour (ie. you have to pass the JSON_THROW_ON_ERROR option), there are no backwards compatibily problems!

PSR-12 - Extended Coding Style Guide

I love PSR-2 but it’s quite limited in it’s rules, leaving a lot open to interpretation and leading to inconsistent code. PSR-12 is an extended code style guide that’s currently proposed (it hasn’t been accepted yet), that provides code style rules for a lot of the new features and syntax that has come out since PSR-2 was released.

Framework news

Before I talk about all the new things in framework land, I’d like to mention this post by Kevin Smith about writing Modern PHP Without a Framework. It’s a very interesting read and in spite of the title Kevin’s not recommending you write PHP without a framework. He’s explaining how modern frameworks hang together and showing you how to piece your own lightweight framework together with a few open source parts. The main goal of the post is to teach people that frameworks aren’t magic and I think it does it very well.

Symfony 4.1

Symfony 4.1 was released yesterday, and there are a lot of very awesome things inluded. If you want to see all the changes and new features you can see a list of all the New in Symfony 4.1 blog posts which are mainly written by Javier Eguiluz and go into detail about each update. Or you can take a quick look at this curated list of new features Here are my favourite changes:

If you’re still unfortunately stuck on an older version of Symfony, here’s a great post about how to upgrade from 2.8 to 3.4 in only 6 steps.

Laravel - Laracon

Laracon is coming to Sydney on October 18-19 and early bird tickets are on sale now!

Phalcon 3.4.0

Phalcon 3.4.0 was released with some cool features:

  • Ability to use custom authorisation resolvers
  • A bunch of fixes and updates to the Crypt component

This is going to be the last big release in 3.x since the team is forging ahead on version 4.0.

Drupal

Drupal has had a tough start to the year with 3 critical vulnerabilities including 2 remote code execution vulnerabilities. One of them is called Druaplgeddon 2 (which is an awesome name) and here is a great post about how it was uncovered

Some new packages

Bref is a tool that allows you to deploy your PHP app to AWS Lambda and run it serverless. It seems a little crazy but it’s pretty cool. In order to run PHP on Lambda you have to:

  • Compile PHP for the OS used on lambdas
  • Add the compiled PHP binary to the lambda
  • Write a Javascript handler (the code executed by the lambda) that executes the PHP binary
  • Write a PHP handler (the code that will be executed by the Javascript handler)
  • Deploy the lambda

It’s pretty cool that the PHP community is pushing the boundaries of what we can do, this how is we progress PHP as a language!

TBDM is an ORM for people that hate ORM’s. I’ve heard many people complain about ORM’s because they don’t allow you to model your business data in the way that you want. TBDM allows you to model your data in the database exactly how you want to, then it generates your entities in code for you, not the other way around like a conventional ORM.

CipherSweet was released by the Paragon Initiative and is an implementiation of searchable field-level encryption. Which means you can store encrypted data in your database and search it without decrypting every row. I don’t know about you but this seems like utter magic to me. The example given by Paragon is storing a bunch of SSN’s in encrypted format and being able to search them to find a specific user.