X
X

PHP7 Depricated features

With the addition of every language there usually is a division with most people on whether some features should be kept for legacy code or removed due to bad habits. I personally think the developers of today love legacy code too much and rewrites are essential to keep products at their best. The language architects have decided to take out some old features for security or possibly because there’s a better solution out there. So I encourage this type of activity in PHP and I like to see forced good practices especially on the server side where the developers control the environment.

Firstly the style constructors on classes are not supported anymore AKA constructor functions that have the same name as their classes. So take for example this constructor function…

class MyBuilder {
	public $name;
	public $job;
	function MyBuilder(  $name, $job  ){
		$this->name = $name;
		$this->job = $job;
	}
}

This is no longer encouraged in PHP and is bad practice anyway, your constructor functions should be clearly identifiable in the class by naming it with the special __construct name…

class MyBuilder {
	public $name;
	public $job;
	function __construct(  $name, $job  ){
		$this->name = $name;
		$this->job = $job;
	}
}

Secondly static calls to non-static methods in a class are no longer supported, for example…

class MyBuilder {
	public function hello( ) { echo 'hello world'; }
}
MyBuilder::hello( );

… This isn’t allowed as the hello method has not been declared static.

Thirdly there has been an update to the password_hash function and has been deprecated to prevent developers from generating their own (usually insecure) salts. Remember the random functions lecture that now comes in PHP7? Well this is just proof developers are coming up with insecure salts to obfuscate data being sent to the database. So the password_hash function no longer accepts humanly generated salts but rather automatically applies a salt for you.

Finally capture_session_meta SSL context option has been deprecated. SSL metadata is now available through the stream_get_meta_data function. This is a minor change but hasn’t been taken out of the language, it’s just shuffled around a little.

Latest Posts