Lets Talk PHP 5.5

I was just looking into PHP 5.5 and I have to say, a couple of the new features impress me. You can take a look at the new features here: http://www.php.net/manual/en/migration55.new-features.php

So what's new? Well we have a new password hash API that looks great! Some of the in-built functions include:

• password_get_info — Returns information about the given hash
• password_hash — Creates a password hash
• password_needs_rehash — Checks if the given hash matches the given options
• password_verify — Verifies that a password matches a hash

New foreach changes! They have included lists in foreach loops. As an example:
The old way:

Source
The new way:

Source
So what do you think about the new changes?

 

I really like the password hash API. Anything that helps us create and manage better encrypted passwords is awesome.

The generators functionality is cool too. No array created or returned when creating simple iterators, which in turn saves memory? Crazy.

Using lists in foreach statements makes the code more compact and efficient, but I just liked how the old way looked on the screen, since the variable and the position in the array were right next to each other. I'll get used to it and like it in the future I bet.

Who cares if some of the new features have been around in other languages for a long time. At least they're always working to make PHP better.

 

the password hash API has to be said it is somewhat a great feature

 

I agree, the more extendable PHP becomes especially with the API hashing (albeit, I haven't looked too much into this maybe DeathShadow could have some input with the security of it?) the easier our lives become.

I have to say, it'll probably be 5 years before a majority of developers start using it. The amount of times I see people still using mysql_query is unreal. People are still giving out help/advise to newbies using the old deprecated functions. Even preg_replace is deprecated in 5.5 in replace of preg_replace_callback()

Also, I've just read here about OPCash

 

Even 5 years is a little generous. I saw some stats for Wordpress installs and the breakdown was something like:

68% PHP 5.2
30% PHP 5.3
2% PHP 5.4

Looking at about the year 2020 when "maybe" PHP 5.5 will be in use.

 

Unless you're sleazing along out of date insecure systems, there is NO reason to be running old versions 8 years behind the curve if you are a web developer or a host. This isn't like browsers with dipshit users who don't know anything more than "I click on the big blue E" -- if you have any business writing code, deploying code, or maintaining hosting, you should be keeping things like PHP up to date to avoid security holes.

It's SCARY so many crappy sleazeball hosts are still on 5.2, since it's "end of life" was TWO YEARS AGO. (6 Jan 2011) -- That means no new security bugfixes or improvements have been made to that branch -- you might as well BOHICA.

Though really, most people crapping out sites in turdpress don't know enough about a blasted thing to even HAVE a website in the first place -- given what inaccessible broken halfwit insecure rubbish 99.9999% of such sites are. There's a reason turdpress won the Pwnie back in '08 for vulnerabilities.

I've already stopped writing new code to run on anything less than PHP 5.4. Short array syntax, traits for real class prototyping instead of the goofball 'all classes are singletons you make copies of', session based upload progress, expression based methods, binary numbers -- these are all things I was shocked the language lacked A DECADE AGO. It's like various 5.3 things I use -- for example $data = explode(',',$inString) ?: []; -- that people scratch their heads when they see, when it's four years old stuff.

I'm of the opinion that if we as developers keep up and write 'killer apps' for 5.4, and very soon 5.5, hosts will NEED to install it. It's that simple. It's like the stupid malfing deprecated and soon to be removed ENTIRELY from PHP mysql_ functions... We've been told for eight years to get them the **** out of our code, they FINALLY added big red warning boxes saying same -- and people STILL sleaze out new applications using it, and refuse to update their crappy old insecure code to either mysqli or PDO. (and I really think the 'procedural' mysqli needs a good swift kick in the junk while we're at it! -- to be fair I say the same thing about <?php ?> -- get rid of it, it's pointless crap that makes security holes)

As to the topic at hand, I like a lot of the new stuff... though what I'm excited about differs from most others. The new password functions for example really don't blow my skirt up compared to the already existing hash function. Adding a PREDICTABLE FORMAT and embedding the salt UNENCODED in the SAME STORAGE as the hash is more secure how exactly?!? But to be fair I'm NOT convinced the normal method for salting a hash is actually any more secure -- if you use the same hash for all of them, it gives you a consistent data pattern in all of them. If you use a unique, most people end up storing the unique with it -- so how the hell is that secure since you're PROVIDING PART OF THE DATA SIGNATURE?!? Might make rainbows take longer (Rainbows? I hate those things, they crawl up your leg and bit the inside of your...) but it makes actual reverse engineering simpler. (particularly if you KNOW the result). That's why I prefer high entropy encodings (SHA256, SHA512, whirlpool) with as many unique data points as you can extract from the user. I'm actually playing with making my own entropic pre-encoder to then feed to SHA512

I am much more excited about generators which will simplify many tasks that return large data sets. That's FAR more impressive to me than adding four new hashing functions that don't do anything the existing ones cant -- apart from people's ignorance on how to use the existing ones. (which starts to sound like HTML 5's new allegedly semantic and ultimately uselessly redundant tags)

Adding 'finally' to try/catch is a major piece of functionality that was just plain missing -- present in most other languages. While technically you could just close both and put it after, it provides a bit clearer a structure.

Scott, your examples for foreach in list is a bad one... since they have NOTHING to do with foreach and both of them are how the list construct has worked since PHP 4.

Try this on for size:

$data = [
	[
		'name' => 'Elwood Blues',
		'address' => '1060 West Addison, Chicago, IL'
	],[
		'name' => 'Jake Blues',
		'address' => 'Joliet State Prison'
	]
];

foreach ($data as list($name,$address)) {
	echo '<h2>',$name,'</h2><div>',$address,'</div>';
}

Code (markup):

That's what's meant by "list inside foreach" -- I'm not sure what the code you posted even has to do with that... since your 'new way' code works all the way back to PHP 4.0

I'm not certain what good empty() on a static value is, but that's like the garbage code of things like while(true) -- stuff I was taught was sloppy half-assed spaghetti coding 30 years ago; since breaking out of a while might as well be a goto.

I'm the same way about string dereferencing -- to me it's sloppy code to do this:

echo 'PHP'[0];

When you could just write this:

echo 'P';

Not sure what the point of that is, but it seems REALLY stupid... though maybe it's the examples that's stupid since if you had:

echo 'PHP'[$t];

... and didn't know what the value of $t was going to be, THEN it's useful.

Getting the current classname by having a public static readonly ::class property on all classes is great -- since it saves you the hassle of calling get_class($this) -- particularly in things like static functions where $this is unavailable.

The most important feature in my mind though is the inclusion of OPCache as part of the engine. Byte-code caching software like eAccelerator, APC, etc, etc work great, IF you can get them working in the first place. I've had to handhold PROVIDERS through installing them (getting really sick of crappy hosts other people use), so having one built in that's as simple as changing a value in the PHP.INI? I'm on that like a pig on slop.

So yeah, I'm REALLY looking forward to using it -- BUT, notice I say looking forward... While I'm using it in local testing, I'm still coding for 5.4 only as my latest for anything deployed NOW -- because I know better than to EVER trust a point-zero release of ANYTHING in a production environment. (see the steaming pile known as Opera 15). First releases are sucker bait and even when they're called final, I like to wait a couple months to see how things turn out. Let other people be the guinea pigs.

Meanwhile we're on what, PHP 5.4.15 as the latest for that branch? THAT'S a stable production worthy release, and when writing new code I no longer bother avoiding all the new things of 5.4 or even the 5.3 stuff people STILL aren't using.

Realistically, once 5.5 is part of projects like XAMPP? I'm going to start using it in production code. You're on a garbage host run by idiots who can't stay more recent than the previous decade, GET A BETTER HOST!!!

That said -- "In house" my new custom CMS that's in major WIP-land is being written as 5.5 only since by the time I'm done writing it, 5.5 should be mainstream and be several revisions in.

All in all, I really like where PHP is going. Now if we could just swing an axe at the PHP tags (<?php <?= and ?>), force all integers to 64 bit even on 32 bit systems (or even better, true arbitrary precision), add "publicReadOnly' to classes (removing the need for 'getters' in a lot of cases), etc, etc...

But I've got a lot of crazy ideas on how things should work.

 

I'm pretty sure that code sets $data to an array of strings that are in $inString separated with a comma if it isn't an empty string, otherwise its sets it to an empty array.

If I'm wrong, sorry and please teach me

Also, PHP 5.5 on my local host, 5.4 on my VPS. I like the look of the new features in 5.5 - they will be useful

 

@scottpool2003: preg_replace is not deprecated, but rather the /e modifier of preg_replace.

@Deathshadow: Why are you on shared hosting? You seem to be the type of person who would prefer root access.

 

Where did they say they're on shared hosting? I can't find it...

 

"The most important feature in my mind though is the inclusion of OPCache as part of the engine. Byte-code caching software like eAccelerator, APC, etc, etc work great, IF you can get them working in the first place. I've had to handhold PROVIDERS through installing them (getting really sick of crappy hosts other people use), so having one built in that's as simple as changing a value in the PHP.INI? I'm on that like a pig on slop. "

I may have misinterpreted the line: "I've had to handhold PROVIDERS through installing them" *facepalm*

I can't tell what type of hosting Full Ambit is, though.

 

The only person to mention Full Ambit is you according to find in page

Thank the diety I was right, I would've looked a right idiot if I wasn't

 

It's also plausible that deathshadow means hosts of client's websites (I don't know if he designs sites for other people, but with his skills, he should be).

I like the changes in PHP 5.5, but sadly my host isn't even on to PHP 5.4 yet (5.3.26). Mainly the password functions, but also the new GD functions are intriguing.

 

At least it's 5.3! Although, I would probably skim past a host if they had any less. I make sure my VPS is kept up to date. Just need to wait for cPanel to add 5.5, which won't be until its gone through a few minor versions.

Before anyone says anything about cPanel, my step dad blocked almost all outgoing ports so I can't use SSH, so cPanel is plausibler for me. Also its much easier

 

Whatever tool works. ;-) Are you not able to switch ssh port to 443 on your VPS (assuming it's not in use)? Or any other port he hasn't blocked? There are more complicated methods, but this would be a start.

It does suck how slow some hosts can be. Ashamed to say that I really only updated my PHP coding style this year, although I now set NetBeans projects to PHP 5.4 (for when it does it checks).

 

Don't laugh at me or anything, but I can't get Apache to stop using 443 or I'd switch it

Im the type of person that learns by looking at others work. I rarely read the documentation, except when I'm looking up a function

 

Got it in one. Most of the time I get the call, it's to go in and clean up someone else's mess. Hence: "getting really sick of crappy hosts other people use"

A lot of times you get clients who bit off years of service with a completely inept host (NetSol, GoDaddy, etc) long before you were brought in on the project... cleaning up the mess and working within the existing hosting space can be a real challenge -- especially when the person on the other end of the line speaks Farsi, and doesn't know enough about hosting to hold their job.

More so when the sites in question are often coded by people who have no business coding and content made by people who have no business writing... even more fun when said folks have doctrates in IT, English, Professional writing; many of whom couldn't conjugate a verb, much less a ...

Even more scary when said clients are government agencies or long established brick and mortars; as I often say look at the front end code -- if that's any indicator of what's going on underneath, it's a miracle 90% of the Internet isn't pwned by crackers daily.

... and yes, I prefer running my own hosting, but I'm winding down my web presence with my own sites. Apart from one project I'm for the most part 6+ years retired... which of course is why I keep helping people make sites and taking on new clients... retired, right... You'd think a medication induced Parkinsonism thanks to some lovely quackery on the part of the jokers who call themselves 'doctors' would slow me down... But NO...

That whole "I'm on doctors orders not to work but I have trouble sitting around with my thumb wedged up my backside" thing.

 

No, you got it. It's called the 'ternary operator'
http://www.php.net/manual/en/language.operators.comparison.php#language.operators.comparison.ternary

$var = $something ?: $somethingElse;

is the exact same thing as:

$var = $something ? $something : $somethingElse;

It's just a really nice/easy shorthand, particularly with the number of functions in PHP that return a value or false. It's one of the great things introduced with PHP 5.3 that nobody uses. (and is all over this new system I'm writing)

But as I said, with most developers dragging their heels on getting rid of things that are rapidly closing on a decade out of date, it's not surprising the cool/better stuff from php 5.3, 5.4 and now 5.5 aren't making their way into mainstream code. When most people are still sleazing out non-semantic presentational HTML 3.2 and slapping 4 tranny or 5 lip-service around it, blissfully unaware of two thirds the tags in HTML 4 much less how to use the ones they do know properly, you can't expect the back end code to be much better.

Much less the majority of people writing PHP not knowing enough HTML to be writing PHP in the first place either. Every time I hear someone say "I learned PHP first, still struggling with HTML" or "Oh we have a front end coder for that" I'm already whipping up the knife-hand with the veins bulging at the neck like a second rate R. Lee Ermey who just got a new load of civvie pukes into boot.

 

OH, wait... I bet xtmx thought that 'techTalkin' was my site. It isn't... that's a friends site I just wrote some content for to try and help jumpstart it. Though I am hosted with him for the time being since I've got pretty much unrestricted access.

... AND its a good testing environment for 'real world' deployment. While die hard geeks like us might have our own servers, if you are developing for other people it's good to know the restrictions of shared and how it effects your code. If you can make it speedy, reliable and secure on shared, it'll scream on dedicated.

 

I added that part I was curious what type of hosting Full Ambit was, because I noticed deathshadow's testimonial on full ambit's site.

I'm not really the best communicator, in real life or online.

 

Ah, good

I've used the ternary operator before, although the first time I saw it used I didn't have an idea what it was.

I've used it in Java as well though, so yeah. Anyhow, I didn't get your last remark <no good smiley>