Intentar usar valores de tipo null, bool, int, float o un resource como un array (como $null["key"]
) ahora generará un aviso.
La función get_declared_classes() ya no devuelve las clases anónimas que aún no han sido instanciadas.
fn
keywordfn
es ahora una palabra clave reservada. En particular, ya no puede utilizarse como nombre de función o de clase. Todavía se puede utilizar como nombre de método o constante de clase.
<?php
al final del fichero<?php
al final del fichero (sin la nueva línea final) se interpretará ahora como una etiqueta de apertura de PHP. Anteriormente se interpretaba como una etiqueta de apertura corta seguida de php
y resultaba un error de sintaxis (con short_open_tag=1
) o se interpretaba como un string <?php
(con short_open_tag=0
).
When using include/require on a stream, streamWrapper::stream_set_option() will be invoked with the STREAM_OPTION_READ_BUFFER
option. Custom stream wrapper implementations may need to implement the streamWrapper::stream_set_option() method to avoid a warning (always returning false
is a sufficient implementation).
The o
serialization format has been removed. As it is never produced by PHP, this may only break unserialization of manually crafted strings.
Password hashing algorithm identifiers are now nullable strings rather than integers.
PASSWORD_DEFAULT
was int 1; now is null
PASSWORD_BCRYPT
was int 1; now is string '2y' PASSWORD_ARGON2I
was int 2; now is string 'argon2i' PASSWORD_ARGON2ID
was int 3; now is string 'argon2id' Applications correctly using the constants PASSWORD_DEFAULT, PASSWORD_BCRYPT, PASSWORD_ARGON2I, and PASSWORD_ARGON2ID will continue to function correctly.
htmlentities() will now raise a notice (instead of a strict standards warning) if it is used with an encoding for which only basic entity substitution is supported, in which case it is equivalent to htmlspecialchars().
fread() y fwrite() ahora devolverán false
si la operación ha fallado. Anteriormente se devolvía un string vacío o un 0. EAGAIN/EWOULDBLOCK no se consideran fallos.
Estas funciones ahora también lanzan un aviso en caso de fallo, como cuando se intenta escribir en un recurso de archivo de sólo lectura.
BCMath functions will now warn if a non well-formed number is passed, such as "32foo"
. The argument will be interpreted as zero, as before.
Attempting to serialize a CURLFile class will now generate an exception. Previously the exception was only thrown on unserialization.
Using CURLPIPE_HTTP1
is deprecated, and is no longer supported as of cURL 7.62.0.
The $version
parameter of curl_version() is deprecated. If any value not equal to the default CURLVERSION_NOW
is passed, a warning is raised and the parameter is ignored.
Calling var_dump() or similar on a DateTime or DateTimeImmutable instance will no longer leave behind accessible properties on the object.
Comparison of DateInterval objects (using ==
, <
, and so on) will now generate a warning and always return false
. Previously all DateInterval objects were considered equal, unless they had properties.
The default parameter value of idn_to_ascii() and idn_to_utf8() is now INTL_IDNA_VARIANT_UTS46
instead of the deprecated INTL_IDNA_VARIANT_2003
.
The embedded server functionality has been removed. It was broken since at least PHP 7.0.
The undocumented mysqli::$stat
property has been removed in favor of mysqli::stat().
The openssl_random_pseudo_bytes() function will now throw an exception in error situations, similar to random_bytes(). In particular, an Error is thrown if the number of requested bytes is less than or equal to zero, and an Exception is thrown if sufficient randomness cannot be gathered. The $crypto_strong output
argument is guaranteed to always be true
if the function does not throw, so explicitly checking it is not necessary.
When PREG_UNMATCHED_AS_NULL
mode is used, trailing unmatched capturing groups will now also be set to null
(or [null, -1]
if offset capture is enabled). This means that the size of the $matches
will always be the same.
Attempting to serialize a PDO or PDOStatement instance will now generate an Exception rather than a PDOException, consistent with other internal classes which do not support serialization.
Reflection objects will now generate an exception if an attempt is made to serialize them. Serialization for reflection objects was never supported and resulted in corrupted reflection objects. It has been explicitly prohibited now.
Calling get_object_vars() on an ArrayObject instance will now always return the properties of the ArrayObject itself (or a subclass). Previously it returned the values of the wrapped array/object unless the ArrayObject::STD_PROP_LIST
flag was specified.
Other affected operations are:
(array)
casts are not affected. They will continue to return either the wrapped array, or the ArrayObject properties, depending on whether the ArrayObject::STD_PROP_LIST
flag is used.
SplPriorityQueue::setExtractFlags() will throw an exception if zero is passed. Previously this would generate a recoverable fatal error on the next extraction operation.
ArrayObject, ArrayIterator, SplDoublyLinkedList and SplObjectStorage now support the __serialize()
and __unserialize()
mechanism in addition to the Serializable interface. This means that serialization payloads created on older PHP versions can still be unserialized, but new payloads created by PHP 7.4 will not be understood by older versions.
token_get_all() will now emit a T_BAD_CHARACTER
token for unexpected characters instead of leaving behind holes in the token stream.
As of PHP 7.4.11, the names of incoming cookies are no longer url-decoded for security reasons.