decorative image for blog on php latest version
September 28, 2023

The Benefits of Using the Latest PHP Version

Modernization
Performance

Why complete PHP updates and upgrade to the latest PHP version? There are a number of reasons, ranging from performance improvements, new features, and — perhaps most importantly — patches and bug fixes.

In this blog, I'll talk through why those are important factors, why teams that are able to regularly complete PHP updates or migrations should, and why teams that can't migrate or upgrade as frequently to new PHP versions need to start exploring LTS or migration services options as soon as possible.

Back to top

What Is the Latest PHP Version?

The latest major PHP version is PHP 8.3. It reached general availability in November, 2023.

PHP 8.4 is scheduled to release in November, 2024.

Back to top

The Latest PHP Versions Move Fast - Are You Keeping Up?

I’ve been messing with PHP since about version 4. I say messing because I have always done other things along the way. Maybe it was RPG and CL, maybe it was management. But I always managed to get a little PHP done here and there. Then I blinked and PHP 8.3 is just around the bend. As always, PHP.net has the goods, but there are many sites and even our own Matthew Weir O'Phinney's blog introducing the latest features in PHP 8.3

I think the larger point here is that I'm not the only one who blinked. Our latest PHP Landscape Report found in excess of 60% of PHP teams deploying at least one end of life PHP version. There are a number of reasons why teams fail to complete PHP updates, but it boils down to prioritization. Most of the PHP professionals who took that survey also admitted that they're prioritizing the development of new features over application maintenance (e.g. things like migrations / upgrades).

So, are their good reasons to upgrade to the latest PHP versions? (Spoiler: Yes, there are.)

Back to top

Why Upgrade to the Latest PHP Update?

PHP — unlike RPG, with its backward compatibility of over 60 years — supports a backward compatibility range of about 3 years or so. Some developers who keep their ears to the ground are aware of bad practices of potentially deprecated features typically listed on the php.net site. And while this may seem terribly disruptive, the number of true backward compatibility issues is usually rather small.

With that in mind, there are many reasons why teams should upgrade PHP regularly to the latest PHP version. That said, sometimes shops simply do not have cycles to invest in upgrading their PHP stack. For that reason, Zend offers long term support (LTS) for older PHP versions which can extend the community support by a few years. We’ll talk more about that in a bit and, where applicable, I tried to provide a link to the original source materials so you don’t have to take my word for it. 

Using the Latest PHP Version Adds Updated Security Standards

One of the primary reasons the PHP community removes features from PHP is because it is a “perimeter” technology and the times do tend to change. RPG is typically implemented as a back office technology, so it is often tucked safely behind a firewall letting some other server or language serve up the web like PHP.

Since PHP is closer to the web, we sometimes refer to that as a “perimeter” technology. As a result, the PHP community remains vigilant about elements of the language that could be misused or abused by both hackers and the developers using the language. Since these changes are implemented via subsequent versions, releases, and PHP updates, keeping up with the latest PHP version is important. 

The Help Systems Survey identifies security as the number one concern among the survey respondents with about ¾ of all respondents indicating this is important, a sentiment echoed in our own PHP Landscape Report as one of the top development priorities.

latest version of PHP

I have also heard the response from some of the IBM i community that, “My PHP is only on the intranet, so I don’t have to worry about security.” As many IBM i security professionals will tell you, that is a myth — up to 80% of hacks originate from within the organization. Also, all it takes is a simple firewall mistake to make your site public facing.

The implementation of Libsodium as a core extension and the slow, grueling elimination of global variables signal the perpetual march toward a safer PHP experience. But as many would tell you, security is an ongoing journey and not a destination. 

The Latest PHP Versions Offer Improved Performance

Looking back over 16 releases it is easy to see the major changes. Most notably is a 5x improvement in performance. But this change did not come overnight. Sure, a major component of that came in PHP 7, but the improvements began in PHP 5 and have continued in earnest for virtually all the releases since. It would be good to infer from this and the newer features that adopting new versions of PHP on a regular basis can help sites take advantage of all these key features.

But how do you accelerate the adoption cycle to complete PHP updates? Unit tests. I’ve been working with the services folks a lot in the last few years and while every site can be radically different, almost all of them have little to no unit tests implemented.  I don’t get it. Let me see if I can persuade you as to the value of these tests. 

First, we have the fact that we can automate “some” of the testing that goes on in our user areas and even in the development area. The represents a cost savings, but because it is not a discrete cost savings many will not even make the effort. I say try again.

Second, unit tests can help accelerate the delivery of code and move toward the light of CI/CD. Even if you have no plans to fully automate your DevOps cycle, you simply cannot automate much if you have no tests. And the journey starts with the first test. 

Third, and in my humble opinion most important, unit tests represent tribal knowledge. Have you ever looked at a function or a method and asked yourself “What is this thing supposed to do?” Unit tests, like the performance changes in PHP are collected over time and accumulate the tribal testing knowledge gained over years of development. 

As the code base and test cases grow, the experiences of the many test scenarios are codified and, therefore, can trap errors earlier in the development cycle. If you can be persuaded, please consider getting going with unit tests today. If you need some help, we have unit testing training that can get you up to speed

latest version of PHP

Other aspects of speed beside just pure PHP performance include the far more important “programmer productivity.” One of the opportunities presented when upgrading PHP is the opportunity to consider restructuring code. Regarding refactoring, Uncle Bob says “You always do it . . . like washing your hands when leaving the bathroom.” 

But what about the monolith or a huge code segment that should be broken down? Restructuring old code into more modern modular code can increase the performance of the developers maintaining and supporting those systems. Sometimes a nice backward compatibility break can usher in the opportunity to strike at those hideous monstrosities.

One of the more popular anecdotes I have read about — 20% of the performance of PHP 8 was derived by the elimination of the underlying code supporting PHP 4 constructors. 

PHP Updates Buy You More Time

The PHP community lifecycle moves fast, as evidenced by our 2024 PHP Landscape Report that found nearly 55% of PHP teams using end of life PHP versions. 

That said, a prime motivation for PHP upgrades or migrations is that it gives you a constant stream of community-built CVE patches and bug fixes. If you're using non-community supported PHP versions, that doesn't happen unless you have PHP long-term support via a provider like Zend.

PHP Updates Come With More Features

I was surprised in the early days of using constants that they only supported primitive data types. I really had a few practical uses for array and then they suddenly supported arrays and I was thrilled. With PHP 8.3 we can see class constants closing the door on type hinting for even greater stability in the code. Again, we are making it CLEAR to this out intention for the constant so no one has to guess at their values.

Speaking of clarity, something I’ve been looking to see is the added support for stack overflow settings in the PHP.ini. Being able to capture a specific error regarding a PHP script making excessive calls is VERY attractive as it could provide one more breadcrumb in the journey to determine what a script or even a server received a segment fault. Now I’m sure that none of the PHP developers reading this have even accidentally written an infinitely recursive method, right? Well, just in case someone else in your shop does, there are new fenceposts helping to guard this behavior.

As PHP continues to evolve as a primarily back-end solution where the front end could be almost anywhere in the world on any platform in existence, JSON seems to be the most popular payload. So incorporating the json_validate function in PHP 8.3 means one less piece of logic you do not have to import from a framework or, heaven forbit, build yourself! The use cases for this are off the hook as EVERY API in existence should now use this function to ensure that the JSON it just received (or created) is valid for parsing. A simple test and you know whether you should send an error back or not is exquisite. Again, incremental performance increases. 


I could go on and on about many more features and deprecations. But I think I’ll get busy messing around to see what I can do to improve my bottom line. If you're looking for further reading, be sure to check out Matthew Weier O'Phinney's blog on the new features to watch in PHP 8.3.

Back to top

Final Thoughts

I would posit that probably the most important aspect of upgrading PHP to the latest PHP version for developers is the access to new features that make their jobs easier. But, given the sheer volume of teams using end of life PHP versions, I think the driving people teams should upgrade or migrate is for CVE patches. All it takes is one CVE to get exploited, and that can cost you, your team, and your company dearly. If you're rolling the dice by staying on EOL PHP versions, I highly encourage you to explore your PHP LTS options to make sure you have your bases covered.

PHP 7.0 offered tremendous performance improvements over PHP 5. PHP 8.0 touts a “just in time” processor, and both versions offered up hundreds of new functions, methods, and behaviors. PHP 8.1 introduces Fibers to the languages for the Node.js enthusiasts out there. PHP 8.2 introduced some great changes, and PHP 8.3 is shaping up to do the same (side note: we have have Zend PHP 8.3 release candidate builds available in our repos, if you're ready to start testing them out). PHP 9 will probably do something incredible, but it is a little too soon to tell. 

Need Help Migrating?

Looking for PHP migration help? Contact us today to get started!

Contact Us

Not Quite Ready to Upgrade or Migrate?

Zend offers long-term support for a number of popular EOL PHP versions, including PHP 7.4. See options, and details on how we deliver LTS, via the button below.

Explore LTS Options

Additional Resources

Back to top