Migrating to PHP7

Transcript

1. IT'S NOT SO SCARY

2. Or NIST PR.IP- 12 "A vulnerability management plan is developed

   and implemented." You are not compliant with PCI requirement 6.2 "Are all system components and software protected from known vulnerabilities by installing applicable vendor-supplied security patches?" PHP 5.6 and PHP 7.0 have reached their end of life No more security patches!

3. PHP is getting faster with each release Improved language features

   • Can actually improve the quality of your project! Improved security Native unicode support PHP weirdness is getting ironed out

4. PHP 7 IS FASTER • NEW AND IMPROVED ENGINE •

   HTTP://WWW.ZEND.COM/EN/RESOURCES/PHP7_INFOGRAP HIC • DO YOUR OWN BENCHMARKING, BUT YOU'LL FIND IT IS FASTER • SUPPOSEDLY FASTER THAN RUBY, PYTHON, AND PERL

5. • Scalar type hinting • Function return type declarations Less

   need for duck-typing: • Errors were previously different from Exceptions • Now they can both be handled sensibly and in a unified manner Improved error handling

6. Filtered unserialize Improved and more convenient randomness

7. • echo "\u{1F418}"; • echo json_decode('"\uD83D\uDC18"'); Easier to use Unicode:

   • IntlChar • http://site.icu-project.org/ Improved international class

8. Generator can return final value Group use declarations Anonymous classes

   Spaceship operator

9. •Refactoring requires manual confirmation of tool generated refactoring •How confident

   are you with your automated ("unit") testing? Some code is not backwards compatible •Need to refactor your docker files •Or change your ansible scripts •Or deploy it manually Ops

10. Test Run your unit tests Check Expect false positives and

    check everything manually Automate Use automated tools as a starting point •https://github.com/phan/phan •https://github.com/monque/PHP-Migration

11. foreach() has changed Changes in arithmetic PHP4 style constructors are

    deprecated Cannot assign new object by reference (was deprecated, now error) Indirect access to variables is always left-to-right

12. Cannot call non-static method statically JSON parsing incompatibility Error handling

    might break •Engine errors are now exceptions •Errors are throwables, but not exceptions so might not be caught All constructors fail equally now (so any snowflake code you have is broken) mcrypt() is deprecated
13. None

14. HAVE I : 1. REPLACED THE FUNCTIONALITY OF MY CUSTOM

    ERROR HANDLER? 2. MADE SURE I'M NOT USING A REGISTERED SHUTDOWN FUNCTION? 3. MADE SURE THAT ANY FUNCTION THAT USED TO EXPECT AN EXCEPTION IS NOW EXPECTING A THROWABLE? 4. USED ANY OF THE PHP CLASSES THAT USED TO BEHAVE DIFFERENTLY WHEN A CONSTRUCTOR FAILED? 5. CHECKED THAT I'M CATCHING PARSEERROR WHENEVER I USE EVAL()? 6. REMOVED ANY REFERENCE TO E_STRICT?

15. • HTTP://PHP.NET/MANUAL/EN/MIGRATIO N70.CHANGED-FUNCTIONS.PHP • • • •

16. • THIS IS NOT A SCIENTIFIC DEMONSTRATION • WE'LL SEE

    HOW EASY IT IS TO SWAP PHP VERSIONS • AND WE'LL SEE THAT PHP7 IS FASTER • ACTUALLY DIFFICULT TO FIND A PROJECT THAT STILL RUNS ON PHP5.6 SO I JUST TOOK A SCRIPT THAT GOOGLE SUGGESTED AS A BENCHMARKING SCRIPT • PHP5 = 8 TRANSACTIONS • PHP7 = 28 TRANSACTIONS • HTTPS://GIST.GITHUB.COM/ANDYBEAK/DFD334CBFD16F2 5A142AC0C7FC4AAF7C

17. • •