PHP 7.2 New Functions, Features, and Updates - ByteScout
  • Home
  • /
  • Blog
  • /
  • PHP 7.2 New Functions, Features, and Updates

PHP 7.2 New Functions, Features, and Updates

PHP, hypertext preprocessor is one of the most powerful server-side scripting languages created for web development. 7.2 is the PHP latest version and it has now delivered formally with new characteristics, functions and various petite essence changes. PHP 7.2 now has new type hinting, type widening, and various other updates.

Here are the new features provided in PHP new version 7.2.

Object return type declarations

This is the new PHP feature introduced in the 7.2 version. If parameter type declarations define the anticipated type for a function’s parameters, return type statements define the anticipated type of the resulting value. Return type statements define the kind of a variable that is anticipated to be rendered by a PHP function. Now in PHP 7.2, developers are entitled to practice return type statements for the object data type. Here is an example:

class BestClass {
         public $a = 'How are you?';

$myvariable = new BestClass;

function example(BestClass $b) : object {
         return $b;

echo example($myvariable)->var;

In previous PHP version, such PHP script displays the following error:

Fatal error: Uncaught TypeError: Return value of example() must be an instance of object, instance of BestClass returned in /app/index.php:10 

Now in PHP new version, this script displays ‘How are you?’

Argon2 Password Hash

Argon2 function is a development of the bcrypt and scrypt algorithms. It gives security toward brute force assaults utilizing a predefined memory area, CPU meter, and a level of similarity to stop GPU advances. It utilizes 3 parameters that manage the memory specifications, the performance time, and the similarity level.

There are two principal variants of this algorithm: Argon2i and Argon2d. Argon2i is protected versus side-channel assaults, while Argon2d gives the greatest protection against GPU damaging assaults. Argon2d is not proper for password hashing and should not be utilized. PHP 7.2 joins Argon2i assistance to its Password Hashing Functions.

The executed algorithm in PHP function is Argon2i (v1.3), and it can be implemented via the $algo variable to the password_hash() function. The signature of password_hash() is as follows:

password_hash( string $passcode , integer $alg [, array $choices ]) : string

 In this version, the TLC constants have been converted to normal values. This supports powerful defense, but not delayed adaptability with old and version prejudiced servers. Furthermore, STREAM_CRYPTO_METHOD_TLS_* is moved in when innovative TLS versions are accessible.


There are some deprecated functions and characteristics in the new PHP version. These peculiarities will run in PHP 7.2, but error directions will surface during application in log files. Programmers should examine the code to renew any deprecated functions before they shift backward inconsistent.

In PHP programming, $php_errormsg variable is listed in the confined field when a non-fatal error is delivered. Now in PHP 7.2, error_get_last and error_clear_last should be replaced by this.

create_function() enables the formulation of a PHP function with a created function handle, a record of arguments and body key given as arguments. Due to safety concerns and poor execution, it has been listed as deprecated and the method of information is supported instead.

In the new PHP version, the __autoload function has been replaced by spl_autoload_register. Now a deprecation warning would be fired when it’s confronted while assemblage.

Libsodium Extension

PHP 7.2 has embraced the latest libosodium extension that utilizes the ‘Sodium’ namespace. It’s a contemporary cryptography archive giving extraordinary activity elliptic trajectory cryptography, validated encryption, digital signs, and much more. It is extensively appreciated by cryptography and defense enterprise authorities for various reasons.

In this PHP version, APIs are compelling and manageable. It has a most amazing elliptic curve cryptography and it delivers nearly all security important services in fixed time.

A project utilizing libsodium should introduce the sodium.h header. Introducing unique headers is neither needed nor justified. The sodium_init() function should then be beckoned before any other function. It is secured to request sodium_init() many times, or from several strings; it will quickly deliver 1 without arranging anything if the archives had previously been initialized.

HashContext Object

In PHP 5 and newer versions, objects are favored to protect private data. Some mass produced the hash extension for utilizing sources. To resolve this fault, the Hash extension has been transferred to employ an object implementation for hash settings rather than a source.

PHP 7.2 transforms the concealed source to a concealed object to make certain that enduring code remains to function unless it monitors for is_resource() explicitly. This would also address possible safety problems as the private hash environment noticeable.

Object Type Hinting

In the previous PHP version, programmers couldn’t list a particular type to return, which is surprisingly irritating. Now in PHP 7.2, developers can now categorize hinting with an object. The following example is displaying this:


class Example {

   public $record = 'customers';

   public function __construct($record = null){


           $this->record = $record;



   public function getRecord(){

       return $this->record;



$myexample = new Example;

function check(Example $a) : Object {

   return $a;


echo check($myexample)->getRecord();

Now, if coders ever attempt to type hint with an object in earlier versions, PHP would reflect that as a class and the delivered state should be an occurrence of this class.

Numeric Keys In Object or Array Casts

Various edge circumstances in the Zend Engine survive where object HashTables hold integer keys, and array HashTables hold numeric string keys. In such situations, the keys cannot be obtained through the PHP script. The reason is the script styling array would never hunt for integer keys in the HashTable as objects map those to PHP string codes. Similarly, the script would never watch for numeric string codes in the HashTable as array outline those to integer codes.

In the PHP 7.2 version, the new plan bypasses manually imitating the complete HashTable. It will first verify whether it’s crucial, either by marking standards or repeating over the HashTable monitoring for keys that need change.

If there is no requirement for change, it will return back to zend_array_dup() or just follow the source. Since the plan delivers manual imitation where needed, transforming objects with just non-numeric string attribute titles to the array and switching arrays with just string codes to objects, handle extremely feeble execution result.


About the Author

ByteScout Author

Prasanna Peshkar

Prasanna is an independent cybersecurity consultant and technical writer, focusing on penetration testing and vulnerability assessment. He provides penetration testing services to a wide variety of clients, including financial institutions, brokerage firms, professional regulators, manufacturing companies and transportation companies.