What’s New in PHP 7.3: A Look at Final Release

What’s New in PHP 7.3: A Look at Final Release

PHP is still giving a tough competition to other scripting languages, mainly due the rapid updates pushed out by the core maintenance team.
Since the release of PHP 7.0, the community has seen a lot of new features that have greatly improved the way developers use PHP for their projects. The main purpose of these ‘enhancements’ is to improve the performance and security of PHP applications.
PHP recently achieved another milestone with the release of PHP 7.3. The new version comes with some much-needed updates.
In this blog, I will discuss the newly introduced PHP 7.3 features and updates. The good part is that you can install the new version on your test servers and check out the features yourself. As always remember NOT to use the RC updates on dev/live servers as this could break live apps.
Here are some of the updates introduced in version 7.3 that have greatly improved PHP 7.3 performance when compared to previous versions.
  • Flexible Heredoc and Nowdoc Syntaxes
  • Allow a trailing comma in function calls
  • PCRE2 Migration
  • list() Reference Assignment
  • is_countable function
  • array_key_first(), array_key_last()
  • Argon2 Password Hash Enhancements
  • Deprecate and Remove image2wbmp()
  • Deprecate and Remove Case-Insensitive Constants
  • Same Site Cookie
  • Updates to FPM
  • Windows File Deletion Improvements
Let’s discuss the above updates one by one in detail.

Flexible Heredoc and Nowdoc Syntaxes

Heredoc and Nowdoc syntax help out the users in using multi-line long strings. It requires that the ending identifier should be the first string appearing in a new line.
Basically this update proposed two new changes which are as follows
  1. To enable the closing marker for indenting
  2. To remove the new line requirement after the closing marker
In the example, mentioned above, you can see both of the changes easily.

Allow a Trailing Comma in Function Calls

Appending of trailing commas is made at the end of listed parameters, elements and variables. Several times we call a number of elements in an array or function call (especially variadic functions), in which if you have missed a comma, you will get an error. For that purpose, trailing commas can be useful there. They are allowed in arrays and from PHP 7.2 in grouped namespace syntax.
As new values are appending here, so trailing commas are highly useful in this case. While in variadic functions like unset(), they will do the work fittingly well.
Meanwhile when you send a list of variables through compact() function to a templating engine, is also another example, you can use.
You often need to merge arrays with array_merge() function in some situations where concatenation or grouping of data is constructed. You can use trailing commas there:
Similarly, you can use them in methods, function’s arguments and closure calls.


For parsing JSON responses, we have two functions available json_encode()and json_decode(). Unfortunately, both of them do not have a proper error throwing representation. Json_encode() will throw only false error whereas json_decode will throw null, and null can be true value. Only the way to know the error is to call json_last_error() or json_last_error_msg(), which returns the global error state in machine-readable and human-readable forms.
In this RFC, the proposed solution is to add JSON_THROW_ON_ERROR in both functions which ignores the global error state. While if an error occurs that would otherwise set it, these functions instead throw a JsonException with the message and code set to whatever json_last_error() and json_last_error_msg() throw. You can call it as:
// Throws JsonException

PCRE2 Migration

PHP uses PCRE for regular expressions. But from PHP 7.3, PCRE2 will come into action for regular expressions. Therefore, you need to migrate your existing regex according to PCRE2 rules. These rules will be more aggressive than before. For instance see the regex:
This regex will fail now and will not throw a warning error. Because PCRE2 is strict about moving hyphen to the end or escaping for this work.
These features and more are available with the upgrade to PCRE2 10.x,
  • Forward relative back-references, \g{+2} (mirroring the existing \g{-2})
  • Version check available via patterns such as (?(VERSION>=x)…)
  • (*NOTEMPTY) and (*NOTEMPTY_ATSTART) tell the engine not to return empty matches)
  • (*NO_JIT) disable JIT optimization
  • (*LIMIT_HEAP=d) set the heap size limit to d kilobytes
  • (*LIMIT_DEPTH=d) set the backtracking limit to d
  • (*LIMIT_MATCH=d) set the match limit to d

list() Reference Assignment

PHP has list() assignment and reference assignment functions. But in the current state you cannot use reference assignment in list(). From now onwards, PHP 7.3 will allow you to use that. The new improved syntax is as follows:
This is equivalent to this form:
New PHP 7.3 changes will also enable us to use this with nested list and foreach() function:

is_countable function

In PHP 7.2, you can count objects and arrays via count() function. If the object is not countable, PHP throws a warning. You need to check if the object or variable is countable or not. While PHP 7.3 now has new is_countable() function that returns if the passed variable is well countable or not.
This RFC proposes a new type function that returns true if the given value is an array type or an instance of the Countable interface.

array_key_first(), array_key_last()

Currently PHP allows you to retrieve array first and last key/value by changing the internal state of the array when using reset(), end() and key() methods. Now to avoid this disturbance in internal state, PHP 7.3 proposes new functions for this task and added to the core:
  • $key = array_key_first($array); To gather first key of array
  • $key = array_key_last($array); To gather last key of array
  • $value = array_value_first($array); To gather first value of array
  • $value = array_value_last($array); To gather last value of array
Lets see the example:

Argon2 Password Hash Enhancements

In previous versions of PHP, we got Argon2 Password hashing which is a modern algorithm to secure passwords using hashes. It comes in three different types, Argon2i, Argon2d and Argon 2id. Argon2i is optimized for password hashing and password-based key derivation. Argon2d is faster and uses data-depending memory access. Argon2i instead uses data-independent memory access. Argon2id is a hybrid of Argon2i and Argon2d, using a combination of data-depending and data-independent memory accesses.
Argon2id is now the recommended Argon2 variant to use in paswword_* functions.
The password_verify() function works with Argon2id in addition to Argon2i.
This function will also accept Argon2id hashes and if any cost factors change, this will return true.

Deprecate and Remove image2wbmp()

This function returns the WBMP or bitmap image format. Another function imagewbmp() is also available doing the same thing that is supposed to handle the necessary monochrome conversion. Hence, due to the duplication the image2wbmp() is now deprecated and you can now replace this function with imagewbmp().After the deprecation, each call to image2wbmp() would issue a deprecated warning. After the removal, each call to image2wbmp() would raise a fatal error.

Deprecate and Remove Case-Insensitive Constants

Right now you can use both case-sensitive and case-insensitive constants. But case-insensitive constants were creating bit complexities in usage. Therefore, to address this, PHP 7.3 proposes to deprecate case-insensitive constants.
Currently the situations is like:
  • Class constants are always case-sensitive.
  • Global constants declared with const are always case-sensitive. Note that this applies only to the short name of the constant, while namespaces in PHP are always case-insensitive.
  • Constants declared with define() are case-sensitive by default.
  • It is possible to declare case-insensitive constants by passing true as the third parameter of define().
Now the PHP 7.3 proposed deprecater to remove these items:
  • In PHP 7.3: Deprecate calling define() with third parameter true.
  • In PHP 7.3: Deprecate accessing a case-insensitive constant with a casing that differs from the declaration-site. The constants true, false and null are exempt from this.

Same Site Cookie

PHP 7.3 proposes to add the same site flag when issuing cookies. This RFC will affect four core functions.
  1. setcookie
  2. setrawcookie
  3. session_set_cookie_params
  4. session_get_cookie_params
The effect will take place in two possible ways. Either it will add new argument to the function or will allow an array of options for moving all cookie options in there.

Updates to FPM

FastCGI process manager has also got an update and now comes with new options for customizing FPM logging.
log_limit: Set up the allowed length for log messages. This limit could be more than 1024 characters without wrapping
log_buffering: This allows experimental logging without extra buffering
decorate _workers_output: Use this pool option to disable the output decoration for workers output when catch_workers_output is enabled.

Windows File Deletion Improvements

As mentioned in the official release documentation:
“File descriptors are opened in shared read/write/delete mode by default. This effectively maps the POSIX semantics and allows to delete files with handles in use. It is not 100% same, some platform differences still persist. After the deletion, the filename entry is blocked, until all the opened handles to it are closed.”

Final Words

So above we have seen different updates, deprecations and new PHP 7.3 features included in the latest release. These are available on the php.net website and merged to the master branch. You can now use the files in live servers. You can also move to official RFC page for the detailed version of everything defined above. While if you still have any questions regarding this blog or new PHP 7.3 , feel free to write your comments below in the comments section.