Cambios incompatibles hacia atrás
PHP Core
Array-style access of non-arrays
Intentar usar valores de tipo null, bool,
int, float o un resource como un
array (como $null["key"]
) ahora generará un aviso.
fn
keyword
fn
es ahora una palabra clave reservada. En particular,
ya no puede utilizarse como nombre de función o de clase.
Todavía se puede utilizar como nombre de método o constante de clase.
Etiqueta <?php
al final del fichero
<?php
al final del fichero (sin la nueva línea final)
se interpretará ahora como una etiqueta de apertura de PHP. Anteriormente se interpretaba
como una etiqueta de apertura corta seguida de php
y
resultaba un error de sintaxis (con short_open_tag=1
)
o se interpretaba como un string <?php
(con short_open_tag=0
).
Serialization
The o
serialization format has been removed.
As it is never produced by PHP, this may only break unserialization of
manually crafted strings.
Password algorithm constants
Password hashing algorithm identifiers are now nullable strings rather
than integers.
Applications correctly using the constants PASSWORD_DEFAULT,
PASSWORD_BCRYPT, PASSWORD_ARGON2I, and PASSWORD_ARGON2ID will continue to
function correctly.
htmlentities() will now raise a notice
(instead of a strict standards warning) if it is used with
an encoding for which only basic entity substitution is supported,
in which case it is equivalent to htmlspecialchars().
fread() y fwrite() ahora
devolverán false
si la operación ha fallado.
Anteriormente se devolvía un string vacío o un 0.
EAGAIN/EWOULDBLOCK no se consideran fallos.
Estas funciones ahora también lanzan un aviso en caso de fallo,
como cuando se intenta escribir en un recurso de archivo de sólo lectura.
BCMath Arbitrary Precision Mathematics
BCMath functions will now warn if a non well-formed number is passed, such
as "32foo"
. The argument will be interpreted as zero, as before.
CURL
Attempting to serialize a CURLFile class will now
generate an exception. Previously the exception was only thrown on unserialization.
Using CURLPIPE_HTTP1
is deprecated, and is no longer
supported as of cURL 7.62.0.
The $version
parameter of curl_version()
is deprecated. If any value not equal to the default CURLVERSION_NOW
is passed, a warning is raised and the parameter is ignored.
Date and Time
Calling var_dump() or similar on a
DateTime or DateTimeImmutable
instance will no longer leave behind accessible properties on the object.
Comparison of DateInterval objects
(using ==
, <
, and so on) will now generate
a warning and always return false
. Previously all DateInterval
objects were considered equal, unless they had properties.
MySQLi
The embedded server functionality has been removed. It was broken since
at least PHP 7.0.
The undocumented mysqli::$stat
property has been removed
in favor of mysqli::stat().
OpenSSL
The openssl_random_pseudo_bytes() function will now
throw an exception in error situations, similar to random_bytes().
In particular, an Error is thrown if the number of
requested bytes is less than or equal to zero, and an Exception
is thrown if sufficient randomness cannot be gathered.
The $crypto_strong output
argument is guaranteed to always
be true
if the function does not throw, so explicitly checking it is not necessary.
Regular Expressions (Perl-Compatible)
When PREG_UNMATCHED_AS_NULL
mode is used, trailing
unmatched capturing groups will now also be set to null
(or
[null, -1]
if offset capture is enabled).
This means that the size of the $matches
will always be the same.
PHP Data Objects
Attempting to serialize a PDO or
PDOStatement instance will now generate
an Exception rather than a PDOException,
consistent with other internal classes which do not support serialization.
Reflection
Reflection objects will now generate an exception if an attempt is made
to serialize them. Serialization for reflection objects was never
supported and resulted in corrupted reflection objects. It has been
explicitly prohibited now.
Tokenizer
token_get_all() will now emit a
T_BAD_CHARACTER
token for unexpected
characters instead of leaving behind holes in the token stream.
Incoming Cookies
As of PHP 7.4.11, the names of incoming cookies are no
longer url-decoded for security reasons.