It's July 2018, do you know what your PHP is?

Larry Garfield
Larry Garfield

PHP is a rapidly-evolving language. Recent years have seen the adoption of a very clear and mostly consistent release process with a new version coming out every fall, with previous versions falling to maintenance support, then security-only support, then unsupported on a regular, predictable schedule.

That's great for those who appreciate the new language features that continually come down the pipeline, and the performance improvements they bring. It does mean it's important to stay up to date, though. PHP 5.6, the last release of the PHP 5 series, got an extra year of security support for people that would have a hard time updating to the new PHP 7, but even that expires at the end of this year.

In fact, as of the end of this year the oldest supported version of PHP will be PHP 7.1. Yeah, really.

Which begs the question... Do you know what your PHP version is?

How to check

On it's easy. Just check your file for the type key. If it looks like this:

type: php:7.1

or this:

type: php:7.2

Then you're good! If it says php:7.0 then you should really start planning your update to 7.2. If it says anything older... well, you're missing out.

What happens on 31 December 2018?

Aside from uncorking some champagne, nothing. still offers container images all the way back to PHP 5.4, and we have no immediate plans to drop those images any time soon. However, they are completely unsupported. If there's a bug in them, no one is going to fix them. In some cases they're still built using older versions of Debian, so other related software is out of date as well. We won't be updating those.

If security vulnerabilities are found in PHP versions older than 7.1 no one is going to be fixing them. There are, in fact, known security holes in older versions of PHP that are no longer supported, and thus have never been fixed. That's normal and it's what unsupported means. Over time no doubt other issues will be found in PHP 5.6 and 7.0 that will also not be fixed as they are no longer supported.

If you want to keep your site secure, it's time to upgrade.

Why else should I upgrade?

Glad you asked! Security is a good reason to keep your software up to date, but it's far from the only reason. If you're still running PHP 5.x, then the even bigger reason is speed.

PHP 7.anything blows PHP 5 out of the water on performance. Benchmarks from dozens of companies have shown over and over again that twice the requests/second and half the memory usage is a normal improvement; some code bases can see even more. Rasmus Lerdorf (creator of PHP) publishes benchmarks periodically. His most recent, from earlier this year, shows PHP 7 smoking PHP 5 on WordPress performance, specifically:

Wordpress is twice as fast on PHP 7 as on PHP 5

Wordpress uses a tiny fraction as much memory on PHP 7 as PHP 5.

Other benchmarks show similar (although not quite as dramatic) impact on Drupal, Magento, Symfony, Moodle, and various other systems.

It's rare in tech that any "silver bullet" appears, but upgrading from PHP 5 to PHP 7 is about as close to a performance silver bullet as you're ever going to see.

Of course, there's ample new functionality available for developers, too:

PHP 7.0 brought scalar type hints, return types, anonymous classes, and vastly improved error handling.

PHP 7.1 brought the void and iterable types, nullable types, and multi-catch exceptions.

PHP 7.2 brought the strongest security and encryption library available to the core language, along with even more improvements to the type system.

For a full rundown of the best parts of PHP 7, see my presentation from this year's php[tek] conference.

And of course PHP 7.3 is coming out this fall. (We'll support it when it comes out, too.)

OK, so how do I upgrade?

It's, which means upgrading is easy. Just change your type key in to php:7.2, and push. You're done.

Well, you really should test it in a branch first. Push that change to a branch and give it a whirl. Assuming everything is good, click Merge.

There's tooling available to help audit your code for future compatibility, too. For instance, the PHPCompatibility extension for PHP_CodeSniffer can flag most places where you may want to tweak your code to keep it compatible with newer versions. You can run it locally over your code base to ensure you're ready to update, then update.

If you're using Drupal, WordPress, Symfony, Zend, Laravel, or most other major systems, their latest versions are already tested and stable on PHP 7.2. That makes upgrading even easier. In fact, several systems have already made PHP 7.1 a minimum requirement for their latest version, which gives both their developers and you more power in your PHP.

Enjoy your faster, more robust PHP! Don't get left behind on unsupported versions, especially when the benefits of upgrading are so high and the cost is so low. And don't forget to plan for upgrading to PHP 7.3 later this year. It should be just as easy then, too.