PHP has provided a simple yet capable web scripting language for as long as I can remember. In the last few years, it has matured from a home-brew scripting language to one with a formal specification. Part of this process included the adoption of PHP 7 where there are a number of critical changes to consider before migrating your PHP 5 applications.
During an upgrade earlier this year on one of my Ubuntu servers, there was a warning that my PHP 5 instance would not be included as part of the 16.04 install. Once the installation was complete it was simple to install PHP via apt; however, at this point it was PHP 7 and there are now functions in my application that no longer work.
This article is about the migration process of converting a legacy pre-PHP 5 application to support PHP 7 natively.
Short Tags. Previously it was possible to do something like this:
<? my_function(); ?>
This has been disabled by default. The easiest solution is to update multi-line blocks to look like this:
<?php my_function(); ?>
There is a configuration option short_open_tag in php.ini which may be toggled to allow this interpretation, but going forward you should anticipate this will be less predominant and using the qualified <?php tag makes more sense.
Arrays Must be Checked. Previously it was possible to do the following:
if($_POST{"do_x"}) {
$message = $_POST{"do_x"};
}
This use to be a popular technique for checking GET or POST variables. The correct way to do this now in PHP 7:
if(isset($_POST["do_x"])) {
$message = $_POST["do_x"];
}
Legacy mysql Replaced with MySQLi. The mysql functions have been replaced with MySQLi, which invariably means you can simply rename something like mysql_connect() to mysqli_connect(). There are also slight nuances to some of these commands; for example, when connecting you must specify the database to use.
The venerable mysql_escape_string() has been deprecated and should be replaced using mysqli_real_escape_string(). Here is how this might have looked previously:
$firstName = mysql_escape_string($_GET{'firstName'});
This now would read as follows:
$db = mysqli_connect($host, $username, $password, $database);
$firstName = mysqli_real_escape_string($db, $_POST{'firstName'})
For my particular application, it was easier to declare a function mysql_escape_string() and have this simulate the escape logic using the new MySQLi invocation.
Regular Expressions. The eregi() function has been replaced with preg_match(). So a typical invocation that may have looked like so:
if( eregi( "config.php", $_SERVER['PHP_SELF'] ) ) {
die_custom( "You can't access this file directly!" );
}
Now this reads as follows:
if(preg_match( "/config\.php/", $_SERVER['PHP_SELF'] ) ) {
die_custom( "You can't access this file directly!" );
}
There are many other aspects to consider during your PHP 7 upgrade, fortunately the PHP site offers a Migrating from PHP 5.6.x to 7.0.x guide which provides excellent details on the changes developers should expect to find during their 7.0 upgrade.
