Tag Archives: PHP

Automated PHP 5.3 compatibility testing for your (old) code

Update (Mar 5, 2012) : check here for the latest version, supporting PHP 5.4 as well.

Update (Dec 22, 2010) : code has seen some minor modifications to ensure compatibility with the latest PHP_CodeSniffer release (1.3.0RC1) – thanks to Sebastian Bergmann. Also updated the instructions below.

Note (Dec 22, 2010) : this compatibility test will also test all testable cases for 5.0, 5.1 and 5.2

So you or your team has built anywhere between 5 and 500 projects in PHP 4, 5.1 and 5.2 over the past 5 years. And now PHP 5.3 is there, offering a lot of very interesting features, including namespace support, late static binding (finally !), closures, nested exceptions and a bunch more (see the new feature list).

So naturally, you’d like to upgrade. But doing so might break some old code. Why ? Because of some backward incompatibilities :

  • New reserved keywords (goto, namespace)
  • Deprecated functions that will throw an error (the brand new E_DEPRECATED error in fact !)
  • Call-by-value on functions with by-reference parameters will now raise a fatal error
  • and again… many more (see the list)

So how do you ensure your code is PHP 5.3 ready ? Well, there’s a few options.

Option 1 : run your unit tests

You just knew I was going to say that, didn’t you ? Yes, unit tests are still the best way to test the inner working of your code. Although even 100% code coverage will not guarantee a bugfree system ofcourse (some bugs are by design, others by neglect, others…)

Option 2 : test your application

Seems logical, doesn’t it ? Install PHP 5.3 on a separate environment or on your test environment and test the entire application. Ofcourse there are issues for some :

  • Old projects often don’t have any budget allocated for this kind of tedious testing
  • Testing an old project is not easy if the original developers aren’t around anymore… so the testing is best done by the actual user… but you don’t want users to see how their application breaks “because of old code”
  • If you have a lot of projects, testing them one-by-one could take a while… maybe 5.4 will be out by then :p

Option 3 : automate your PHP 5.x compatibility tests

Although the first 2 options are really required to ensure your code is PHP 5.3 ready, using automated tests can get you a long way in detecting deprecated functions, unsupported extensions, etc.

Because I’m in charge of moving about 50 projects to PHP 5.3 in the next few weeks/months, I decided to make at least part of this tedious task a little smoother (and faster).

To use the system, all you need is PHP_CodeSniffer and a new sniff standard I created. You will see errors and warnings popping up if part of the code is not PHP 5.3 compatible.

What’s being tested

  • Deprecated functions
  • Deprecated php.ini directives set via ini_set() or retrieved via ini_get()
  • Deprecated assigning of the return value of new() by reference
  • Prohibited names in function name, class name, namespace name and constant name
  • Magic methods can no longer be private, protected or static
  • Removed, unsupported or deprecated extensions
  • All of the above is being tested for PHP 5.0, 5.1, 5.2 and 5.3 compatibility issues

How to download and install

~ > git clone git://github.com/wimg/PHP53Compat_CodeSniffer.git PHP53Compatibility

  • Copy the PHP53Compatibility directory to {your pear path}/PHP/CodeSniffer/Standards

How to run

Start PHP_CodeSniffer like this :

phpcs --standard=PHP53Compatibility

Sample output

FILE: C:\temp\bla.php


4 | ERROR | Function name, class name, namespace name or constant name can
| | not be reserved keyword 'goto' (since version 5.3)
6 | ERROR | Extension 'dbase' is not available in PHP 5.3 anymore
12 | ERROR | Function name, class name, namespace name or constant name can
| | not be reserved keyword 'const' (since version all)
12 | ERROR | Function name, class name, namespace name or constant name can
| | not be reserved keyword 'const' (since version all)
12 | ERROR | Function name, class name, namespace name or constant name can
| | not be reserved keyword 'const' (since version all)
12 | ERROR | Function name, class name, namespace name or constant name can
| | not be reserved keyword 'const' (since version all)
12 | ERROR | Function name, class name, namespace name or constant name can
| | not be reserved keyword 'const' (since version all)
14 | ERROR | Function name, class name, namespace name or constant name can
| | not be reserved keyword 'do' (since version all)
16 | ERROR | Function name, class name, namespace name or constant name can
| | not be reserved keyword 'goto' (since version 5.3)
18 | ERROR | Function name, class name, namespace name or constant name can
| | not be reserved keyword 'namespace' (since version 5.3)
20 | ERROR | Assigning the return value of new by reference is deprecated in
| | PHP 5.3
31 | ERROR | Magic methods must be public (since PHP 5.3) !
31 | ERROR | Magic methods can not be static (since PHP 5.3) !
36 | ERROR | Extension 'mhash' is not available in PHP 5.3 - use the 'hash'
| | extension instead
42 | ERROR | Extension 'msql' is not available in PHP 5.3 anymore
48 | WARNING | The use of function magic_quotes_runtime() is discouraged
50 | WARNING | The use of ini directive 'safe_mode' is discouraged

Some important notes about the system

  • The system checks for deprecated functions, new reserved keywords and other changes from PHP 5.0 to 5.3. However, it doesn’t check for every incompatibility, only a subset that was easily testable using PHP_CodeSniffer. So you still need to check your application manually to see if it runs properly. However, at least part of the job has been made a little easier.
  • You need to run the tests on a system with PHP 5.3 installed (sounds logical, but seemed like a good idea to mention it…)
  • The tests were written on a sunny afternoon with lots of interruptions, so they’re all but perfect. Please let me know if you find bugs, things missing or just want to flame me 😉

As always, no guarantees that it will do the job… but if you feel it’s of use to you, let me know in the comments !

PHP in Belgium

The PHP scene in Belgium is exploding… the amount of requests my company receives for PHP projects is growing every month. The result : I’m looking for 5-6 developers to keep up… now normally that would be a good thing, except that in Belgium those people are extremely hard to find, for the simple reason that :

Belgium = .Net + Oracle

Why is that, you might wonder ? It’s actually quite easy to explain : people with a master in IT (university level) don’t end up becoming developers. So most developers come from college… and colleges don’t receive the same kind of funding as universities. So in order for them to offer the necessary tools to their students, they rely on sponsoring and probably the largest sponsors in Belgium for IT education are… surprise, surprise… Microsoft and Oracle.

The result : .Net and Oracle are taught, but hardly any college teaches PHP, let alone MySQL. The result of that is clear : when our graduating bachelors hit the job market, they’re interested in doing anything but the language they know nothing about : PHP.

There are a few exceptions ofcourse, usually the students who started ‘experimenting’ with other technologies in their spare time. However, this often leads to using PHP in a way it was not meant to be used and honestly the PHP market would often be better off without them…

I’m currently in the process of starting a new PHP/Open Source-centered brand (more on that in about a week) and am looking for several skilled PHP developers right now.

So to make a long story short : if you know anyone who does know PHP, knows what MVC is, knows his/her SQL, has good knowledge of technical analysis and is interested in the whole Web ecosystem… please let them contact me –> wim % at % wimgodden – dot – be – and please, only local people, no India-based outsourcing companies !

My personal favorites in PHP 5.3

Just in case you’ve been living on Pluto for the past few days : PHP 5.3 was released today.

My personal favorite new stuff and changes :

  • Nested exceptions : something I’ve wanted for a long time !
  • Namespaces : yes, we finally have them ! Now let’s use them properly (this means : use them were needed, but don’t make everything into a namespace !)
  • str_getcsv function : a useful function if you need to import CSV data that’s not stored in a file
  • SOAP user specified headers : very useful if you have some kind of special authentication needs, session or cookie that need to be set, etc. in your SOAP calls
  • PHAR included by default
  • CURLOPT_PROGRESSFUNCTION : very useful if you’re requesting large URLs… combine it with a nice ajax system and you can provide your customers with a neat progress bar
  • Call-time pass-by-reference is deprecated : good… no more reference abuse there… most people using it don’t know what they’re doing, which leads to all sorts of ‘weird’ situations anway

My least favorite :

  • Goto : I know there’s some cases where it might be useful, but honestly it reminds me of my BBC BASIC days… I’m glad there’s no explicit line numbers in PHP 😉
  • Short ternary notation : maybe it’s easier to parse (haven’t looked at the code yet), but I don’t think it’s easier to understand, especially for novices… it’s easy for them to get lost with some of these short notations…
  • mysql_db_query is deprecated : yes, I know there are better ways of handling multiple db’s, but sometimes it’s just so easy to get data from one db and insert it in another one without the need for 2 separate links…
  • __DIR__ global constant : seriously, is dirname(__FILE__) so hard that we need a separate global constant for it ? Then again, it’s better than someone not using globals and calling dirname(__FILE__) 50 times…
  • The mode parameter on round : might be useful, except that the manual doesn’t explain what each option does

But, regardless of these few things, it’s yet another step – no, let me rephrase that – milestone in the right direction.

To everyone who worked on PHP 5.3 : great job ! Keep up the good work !

Using PHPUnit to verify parameter types

Update (13 Oct) : updated the patch for the latest SVN code of PHPUnit (5277)

PHP is dynamically typed

PHP is a dynamically typed language. What this means is that it allows you to do things like :

$a = 5;
$a = 'test';
$a = false;

The reason this works, is because PHP enforces type rules during execution, not at compile-time.

In many other languages this is impossible, since you need to define a type for the variable at compile-time. Languages such as Java, C, C++, C# and VB.Net are good examples of statically typed languages.

Problems with dynamic typing

Although dynamic typing is considered to be one of PHP’s strong suites, it does pose some problems. Let me illustrate with an example :

Suppose we have a piece of code that processes the amount of money each employee must be paid. Employees can file expense notes that are paid back in cash or when their monthly wages are paid. Our code will make the calculation for the pay check.

The data for our 4 employees is located in a CSV-file :

employeeId, firstname, lastname, wage, expenses, processexpenses
1, Claire, Clarckson, 2000, 212, false
2, Tom, Whitney, 1910, 111, false
4, Jules, verne, 1932, 98, true
5, Gregory, Jameson, 2131, 241, false

If the last field is true, the expenses must be paid in the paycheck. So our code might look like this :

class Wages
* Process the wages
* @return boolean
public function processWages()
$handle = fopen('some-file.csv', 'r');
while (($data = fgetcsv($handle, ',')) !== false) {
if (is_numeric($data[0])) {
$result = $this->processLine($data[2], $data[3], $data[4]);
$this->sendPaycheck($data[0], $result);
return true;

* Calculate wages based on processExpenses parameter
* @param float $wage
* @param float $expenses
* @param boolean $processExpenses
* @return float
private function processLine($wage, $expenses, $processExpenses)
if ($processExpenses) {
return $wage + $expenses;
} else {
return $wage;

* Pay the employee
* @param int $id
* @param float $amount
private function sendPaycheck($id, $amount)
echo 'Paycheck for id ' . $id . ' for the amount of : ' . $amount ."\n";

When we run the code, everyone will be paid their expenses, even those that have ‘false’ in the last field. The reason ? The last field of each line might look like a boolean, but is in fact a string. The “false” is read as a string and is boolean true.

You might say that we didn’t follow best coding practices in our :

if ($processExpenses) {

which should have been

if ($processExpenses === true) {

but that would only have reversed the effect : nobody would have been paid.

Similar non-boolean situations cause the same problem. There’s a huge list of problems that might be caused by passing incorrect types to a function.

So what’s the solution ?

Since we don’t want to give up on our dynamic typing, we need a way to verify that parameters being passed to a function/method are of the type that we intend them to be. That way, anyone who wishes to use our function/method will be forced to pass the right parameter.

One solution would be to use type safe objects like the ones described by Sebastian Bergman (author of PHPUnit) in his Type-Safe Objects in PHP presentation. However, this is unusable for existing projects as it requires a massive rewrite. Furthermore, as Sebastian indicates, it poses a lot of new problems. And finally, it slows things down quite a bit, since it uses reflection to verify types during execution…

So should or shouldn’t we check the type of a parameter before using it ?

That’s the big dillema : should you check each parameter’s type in each single function at runtime ? Some would say it’s the safest way and the only way to be absolutely sure.

I believe there’s a different and better approach : if you can integrate type checking in your unit testing, there’s no need to explicitely check the type during runtime.

So how do we make sure types are checked ?

What system is better suited for the job than the most popular testing PHP framework, PHPUnit ?

A few weeks ago, I added this to the latest release of PHPUnit.

Upon execution of each PHPUnit Testcase, it will verify parameters for each of the called functions/methods. You can define the depth of calls using a parameter (the default is 2, which means functions called from the testcase itself and any functions called from those functions).

How does the system know what types are expected if we don’t have type hints ?

The system presumes that if you’re using PHPUnit, you most clearly know proper development methods. This also means you’ll be using docblocks to comment your functions.

So, since there are no type hints to rely on, it will instead rely on the types you specify in the docblock

It will analyze the docblock of each function/method and compare each parameter type with the expected parameter type. If it finds an inconsistency, it will produce a PHPUnit warning.

So does it support…

– Classes : yes

– Abstract classes / parent classes : yes

– Interfaces : yes

– Multiple types definitions in the docblock : yes – separate them by a pipe (|)

– Return values : yes – needs Xdebug patch, see below

Is it perfect ?

Nothing is… there’s a few problems at this point :

– It requires a very recent release of Xdebug (seems like it’s not even working with anything but the latest CVS release)

– If you want to analyze return values, you’ll need a patch for Xdebug I wrote last week. You can download that patch here : XDebug bug #416 patch

– It still needs a bit of tuning… some types are not validated correctly. It’s a work in progress !

The MySQL problem : something most people don’t know

Data from any external source might cause problems. MySQL is the best example : any data being returned from MySQL is a string, even if the column is defined as int, decimal, bool (tinyint), …

MySQL’s protocol returns all data as a string and the PHP mysql and mysqli extensions don’t convert it into the expected datatype. The result is that any data from MySQL will be passed as a string, which can cause havoc when doing type checks.

There are 3 solutions to this problem :

  • Cast everything : not really fun, since you’ll need to change all your code. It might also be bad for performance, although it does set the types right ofcourse…
  • Use Propel or some other database layer, which does the casting for you… same performance problem ofcourse.
  • Wait a few more weeks for patches to the mysql extensions or a little while longer for patches to MySQL itself – also a work in progress

In the meantime, if you want to use the type checking, but you have some problems with MySQL, you can use a docblock tag to disable type checking for some functions : @phpunit-no-type-check

How to run it

After applying the patch to PHPUnit (and Xdebug if you want return type checking), run it like this :

php [path to phpunit.php] --check-param-types [TestCase.php|TestSuite.php]

Optional parameters are :

  • –check-param-type-depth= sets the depth to which it needs to check parameter types. Your test is depth 0, any called function within your test is 1, etc. – default is 2 although 3 might be handy too
  • –check-param-type-strict sets strict mode, currently only used for integer<->long comparisons

The output

This is the kind of output you can expect :

2) ATest::testMultiply

Invalid type calling A->multiply : parameter 2 ($factor2) should be of type int but got string(1) instead in C:\development\Test\ATest.php:42

Note that if you use the ‘–check-param-type-depth’ parameter and set it to a high number, you might see errors about libraries you use. Ofcourse, that might be the right moment to notify the library author (or contribute a fix yourself !)


  • No need to use is_int, is_bool, etc. in a function that was type-checked
  • Consistent use of types
  • Developers will learn to focus not just on the content of a variable, but on the type as well. In time, it will become second nature to use the correct types from the start. Code hinting in most IDEs should in fact already help out with this, but now there’s a way to verify this too.
  • Verification of each function/method call, not just in terms of functionality (PHPUnit’s job), but also in terms of data types
  • Forces developers to keep the docblock up-to-date (!)

Using type checking basically brings the best of the dynamically and statically typed worlds together : you still have the flexibility of dynamic typing, but assurance that functions are called with the parameter types they were designed to be called with (as well as return the correct types). It’s the perfect middle-of-the-road approach for teams with a mix of ‘strict’ and ‘not-so-strict’ developers.

Where to get it

Since the patch isn’t included in PHPUnit, you can download it here : PHPUnit parameter type check patch

Note that it will work only against the latest SVN release (4940 at this time).

As always, feedback much appreciated !