As Ivo Jansch pointed out on the Ibuildings blog, there’s barely a month left till security fixes are discontinued for PHP 4. While support for PHP 4 officially ended last December, security updates were offered until 08-08-08. Most major web hosts have been phasing out PHP 4 support, but many legacy applications built with PHP 4 in mind are currently in use, and the more intricate will take quite some time to move to PHP 5. Here are some tips and resources for managing the migration process.
PHP 5 supports most of the legacy syntax features of PHP 4. Most code written for PHP 4 should function fine under PHP 5, and a comprehensive test suite could check this. However, many of the backwards-incompatible changes in PHP 5 were in regard to language quirks, and quite a few hacks rely on these in order to function. Here are some issues to watch out for:
- Class names provided by language features – get_class(), get_parent_class() and get_class_methods() now return the name of the classes/methods exactly as declared; earlier, they were lowercased first
- The new object model is quite different – an empty object is no longer considered “empty” by empty(), among other changes
- Files with functions cannot be included twice; PHP 5 throws an error as the function is being redeclared
- Illegal uses of string offsets (e.g. $somestring) will throw an error
- On Windows servers, the include/require_once functions are case insensitive – “SomeFile.php” and “somefile.php” will only be included once
Legacy applications making use of the CLI, especially under Windows, should be aware of the new names for binaries. The CGI binary has been renamed to php-cgi (previously php), while the CLI binary has been moved back into the main directory as php. Other applications calling PHP scripts may also want to look at php-win on Windows, which serves the same function as the CLI except without the black “DOS box”.
Finally, there are some new reserved keywords. If you are upgrading straight to PHP 5.3, watch out for the new namespace keywords, including “namespace”, “use” and __NAMESPACE__. The new OOP features introduce quite a few keywords popular in enterprise applications – “public”, “private”, “protected”, “clone”, “try” and “this” come to mind (more available here). Error checking every file (run “php -l /path/to/file.php”) can pick these up fair quickly.
PHP 4 has been discontinued for some time; indeed, the latest release, 4.4.8, is from early January. Major legacy applications should be ported as quickly as possible to avoid security issues; existing code should be thoroughly checked for syntax and language feature changes as well. The PHP manual has some handy documentation on migrating, and the PHP 5 features are clearly noted all around the manual – check the revision history of functions as well.