Five Lesser-Known Features of PHP 7

 

With the imminent release of PHP 7 on the horizon, I thought it would be cool to check out some of the lesser-known features coming with the 7.0.0 release:

1. Array constants in define()

PHP 5.6 added the ability to define array constants on classes by using the const keyword:

const LUCKY_NUMBERS = [4, 8, 15, 16, 23, 42];

PHP 7 brings this same functionality to the define() function:

define('LUCKY_NUMBERS', [4, 8, 15, 16, 23, 42]);

2. Division by Zero

Prior to PHP 7, dividing by 0 would emit an E_WARNING and return false. Returning a boolean value for an arithmetic operation doesn't make much sense, so PHP 7 will now return one of the following float values (in addition to emitting the E_WARNING):

  • +INF
  • -INF
  • NAN

For example:

var_dump(42/0);  // float(INF)  + E_WARNING
var_dump(-42/0); // float(-INF) + E_WARNING
var_dump(0/0);   // float(NAN)  + E_WARNING

When using the modulus operator (%), PHP 7 will instead throw a DivisionByZeroError:

var_dump(0%0); // DivisionByZeroError

Additionally, the new intdiv() function will throw an ArithmeticError whenever you provide a valid integer argument which would result in an incorrect result due to integer overflow:

var_dump(intdiv(PHP_INT_MIN, -1)); // ArithmeticError

3. Filtered unserialize()

Unserializing untrusted data is a risky practice as malicious users could potentially inject their own data and objects into applications. This is particularly dangerous for objects with destructors, as those methods will always be executed, even if you don't actually use the unserialized object.  Here's a great article demonstrating this potential vulnerability.

PHP 7 therefore adds an array $options parameter to the unserialize() function to control the unserialization process. It currently supports a single allowed_classes option to control the unserialization of objects. This can take the following values:

true
Allows all objects to be restored (default)
false
Prevents all objects from being restored
string[]
Provide an array of allowed class names

If a class is not allowed, PHP will unserialize it as an "incomplete class" object (__PHP_Incomplete_Class). This is the same behavior PHP already uses when you try to unserialize a class which doesn't exist.

Some examples of this new feature in action:


// These will unserialize everything as before
$data = unserialize($foo);
$data = unserialize($foo, ['allowed_classes' => true]);

// This will convert all objects into __PHP_Incomplete_Class object
$data = unserialize($foo, ['allowed_classes' => false]);

// this will convert all objects except ones of Foo and Bar into __PHP_Incomplete_Class object
$data = unserialize($foo, ['allowed_classes' => ['Foo', 'Bar']]);

4. IntlChar Class

PHP supports internationalization (i18n) and localization (l10n) via the intl extension. This extension is basically just a wrapper around the ICU library and therefore provides near-identical methods and features.

PHP 7 exposes ICU's Unicode character features via the new IntlChar class. This class contains 600 constants and 59 static methods, so we won't cover them all, but here are some examples you may find useful:

// Returns the Unicode allocation block that contains the character.
public static function getBlockCode(mixed $codepoint): int;

// Determines whether the specified code point is a letter character.
static public function isalpha(mixed $codepoint): bool;

// Determines whether the specified code point is a punctuation character.
static public function ispunct(mixed $codepoint): bool;

// Determines whether the specified code point is a "graphic" character
// (printable, excluding spaces).
static public function isgraph(mixed $codepoint): bool;

// Determines whether the specified code point is a "blank" or
// "horizontal space", a character that visibly separates words on a line.
static public function isblank(mixed $codepoint): bool;

// The given character is mapped to its lowercase equivalent; if the character
// has no lowercase equivalent, the character itself is returned.
static public function tolower(mixed $codepoint): mixed;

// Retrieve the name of a Unicode character.
static public function charName(mixed $codepoint, int $nameChoice = IntlChar::UNICODE_CHAR_NAME)

You can find the full list of methods here: IntlChar class documentation

5. Reflection Enhancements

PHP 7 also adds some new classes and methods to the Reflection API:

ReflectionGenerator
Provides information about generators and their state.
ReflectionType
Reports information about a function's parameters and return types (to support the new scalar and return type hints).
ReflectionParameter
Existing class which has two new methods to determine the defined parameter types.
ReflectionFunctionAbstract
Also has two similarly-named methods to determine the defined return types of a function.

Enjoy this article?

About Colin O'Dell

Colin O'Dell

Colin O'Dell is a Lead Software Engineer at SeatGeek. In addition to being an active member of the PHP League and maintainer of the league/commonmark project, Colin is also a PHP docs contributor, conference speaker, and author of the PHP 7 Migration Guide.