Reading Time: 3 minutes
PHP recently released the second update in their PHP 7 series. PHP 7.2 brings fresh updates including important security measures, new additions to the core, and modern cryptography. Our web development experts break down the newest features and advantages of PHP 7.2 below.
What is PHP?
PHP is a widely used open source general-purpose scripting language that can be embedded in HTML. Originally derived from Personal Home Page Tools, it now stands for “PHP: Hypertext Preprocessor,” a recursive acronym similarly seen throughout naming conventions in UNIX systems. PHP’s open source server-side scripting language is used to write dynamically generated web pages. The scripts are executed on the server and the result is sent to the browser as plain HTML.
Advantages of PHP
PHP is compatible with almost all servers and database standards used worldwide, including MySQL, PostgreSQL, Oracle, Sybase, Informix, and Microsoft SQL Server. Offering fast performance backed by a large, open source community, PHP can be used for a variety of purposes, such as generating dynamic pages and files. PHP allows you to store and manage information in a site database, and allows you to collect data from a web form and send emails to users. PHP also has security features to help you encrypt data and restrict unauthorized access to your website. Top users of PHP include Facebook, Yahoo, and Wikipedia, and CMS’ built using PHP include Drupal, WordPress, Joomla, and Magento.
PHP 7.2 Updates
The latest updates to PHP version 7 include important security improvements, performance enhancements, and exciting new features. To see a baseline infographic of version 7 capabilities, see Fasthosts’ helpful guide here.
Libsodium is Part of the Core
The application-layer cryptography library Libsodium is now part of the core in PHP 7.2. Previously, the library was made available through PECL, another recursive acronym meaning “PHP Extension Community Library.” The inclusion of Libsodium makes PHP the first programming language to add modern cryptography to its standard library. This ensures the cross platform and cross-languages library enables encryption, decryption, signatures, password hashing, and much more.
Argon 2 in Password Hash
Argon 2 is an award-winning hashing algorithm. It won the 2015 Password Hashing Competition, bringing a secure alternative to the Bcrypt algorithm on previous version of PHP. It is designed for the highest memory filling rate and effective use multiple computing units while still providing defense against tradeoff attacks. Bcrypt only allows for one cost factor, whereas Argon 2 takes three cost factors: memory cost, time cost, and parallelism factor. The memory cost factor defines the number of KiB that should be consumed during hashing, while the time cost defines the number of iterations of the hashtag algorithm. The parallelism factor sets the number of parallel threads that will be used during the hashtag. See more information on how Argon 2 addresses these factors here.
According to benchmarks from Phoronix, PHP 7.2 runs 13% faster than 7.1 and 20% faster than 7.0. It’s 250% faster than PHP 5.6, which over 40% of WordPress users still have not updated from. Other tests support these findings. Official PHP benchmarks demonstrate that PHP 7 is twice as fast as 5.6 with half the latency, while Kinsta’s benchmarks show it to be three times as fast.
As with each update, there are several deprecated functions and features which will be removed no later than PHP 8.0. The full of list deprecated functions can be found here. These features will work in PHP 7.2, but error messages will appear during use in log files. Developers should check the code to update any deprecated functions before they become backwards incompatible.
PHP 7.0 reached the end of its security support on December 3rd, 2017. Critical support will still be available through the end of 2018, but the PHP community no longer provides support for bugs or minor issues. PHP 7.1 will follow suit on December 1st, 2018. Upgrading to 7.2 ensures the latest security updates are supported continuously by the community.
With vital security updates, Libsodium in the core, and vastly improved performance features, migrating from older versions of PHP to PHP 7.2 is an easy and important update. For more information on how to update, see the official guide here.