PHP Internals News: Episode 41: __toArray() – Derick Rethans

PHP Internals News: Episode 41: __toArray()

In this episode of “PHP Internals News” I chat with Steven Wade (Twitter, GitHub, Website) about the __toArray() RFC.

The RSS feed for this podcast is, you can download this episode’s MP3 file, and it’s available on Spotify and iTunes. There is a dedicated website:


Derick Rethans 0:16

Hi, I’m Derick. And this is PHP internals news, a weekly podcast dedicated to demystifying the development of the PHP language. Hi, this is Episode 41. Today I’m talking with Stephen Wade about an RFC that he’s produced, called __toArray(). Hi, Steven, would you please introduce yourself?

Steven Wade 0:35

Hi, my name is Steven Wade. I’m a software engineer for a company called follow up boss. I’ve been using PHP since 2007. And I love the language. So I wanted to be able to give back to it with this RFC.

Derick Rethans 0:48

What brought you to the point of introducing this RFC?

Steven Wade 0:50

This is a feature that I’ve I’ve kind of wish would have been in the language for years, and talking with a few people who encouraged it’s kind of like the rule of starting a user group right? If there’s not one and you have the desire, then you’re the person to do it. A few people encouraged and say: Well, why don’t you go out and write it. So I’ve spent the last two years kind of trying to work up the courage or research it enough or make sure I write the RFC the proper way, and then also actually have the time to commit to writing it and following up with any of the discussions as well.

Derick Rethans 1:18

Okay, so we’ve mentioned the word RFC a few times. But we haven’t actually spoken about what it is about. What are you wanting to introduce into PHP?

Steven Wade 1:25

I want to introduce a new magic method. The as he said, the name of the RFC is the __toArray(). And so the idea is that you can cast an object, if your class implements this method, just like it would toString(). If you cast it manually to array then that method will be called if it’s implemented. Or as, as I said, in the RFC, array functions will it can it can automatically cast that if you’re not using strict types.

Derick Rethans 1:49

Oh, so only if it’s not strictly typed. So if its weakly typed would call the toArray() method if the function’s argument or type hint array.

Steven Wade 1:58

Yes, and that is actually something that came up during the discussion period, which is something again, this is why we have discussions, right? Is to kind of solicit feedback on things we don’t think about it, we may overlook or, and so someone did point out that it is, you know, it would not function that way, or you would not expect it to be automatically cast for you, if you’re using strict types.

Derick Rethans 2:17


Steven Wade 2:18

The RFC has been updated to reflect that as well.

Derick Rethans 2:20

So now the RFC says it won’t be automatically called just for type hint.

Steven Wade 2:24


Derick Rethans 2:24

Not everybody is particularly fond of magic methods. What would you say about the criticism that introducing even more of them would be sort of counterproductive,

Truncated by Planet PHP, read more at the original (another 16164 bytes)

PHP 7.2.28 Released – PHP: Hypertext Preprocessor

The PHP development team announces the immediate availability of PHP 7.2.28. This is a security release.All PHP 7.2 users are encouraged to upgrade to this version.For source downloads of PHP 7.2.28 please visit our downloads page, Windows source and binaries can be found on The list of changes is recorded in the ChangeLog.

Implementing an opaque type in typescript – Evert Pot

Say, you’re in a situation where you have a user type, that looks a bit as

export type User = { firtName: string; lastName: string; email: string;
} function save(user: User) { // ...
} const user = { firstName: 'Evert', lastName: 'Pot', email: '',
} save(user);

But, instead of accepting any string for an email address, you want to
ensure that it only accepts email addresses that are valid.

You might want to structure your user type as follows:

type Email = string; export type User = { firtName: string; lastName: string; email: Email

This doesn’t really do anything, we aliased the Email to be exactly like a
string, so any string is now also an Email.

We can however extend the email type slighty to contain a property that
nobody can ever add.

declare const validEmail: unique symbol;
const validEmail = Symbol('valid-email'); type Email = string & { [validEmail]: true
} export type User = { firstName: string; lastName: string; email: Email

In the above example, we’re declaring a symbol. This is similar to using
const validEmail = new Symbol('valid-email');, but it doesn’t exist
after compiling.

The unqiue symbol type is a type that can never be created.

We’re adding a property with this key to our Email string. A user can only
add this property, if they have an exact reference to the original symbol.

Given that we don’t export this symbol, it’s not possible anymore for a user
to construct an

Truncated by Planet PHP, read more at the original (another 13090 bytes)

What Is PHP, Why Is It So Popular, and What Are the Advantages of PHP?

What Is PHP?

PHP is a highly flexible language for writing server-side scripts that can run on virtually any platform, including Linux, Microsoft Windows, and even proprietary platforms such as IBM i. Developers can also use the language to write in both procedural and object-oriented styles.

What Is PHP Used for?

PHP is most commonly used to develop websites and web applications. More and more, however, developers use it to build backend APIs that are consumed by frontend web applications, mobile apps, and IoT devices including wearables.

Validating default PHP session ID values – Rob Allen

I recently needed to validate the value created by PHP for its session ID. After a bit of research, I realised that there are two interesting php.ini config settings that relate to this value:

  • session.sid_length is the number of characters in the ID
  • session.sid_bits_per_character controls the set of characters used. From the manual:

    The possible values are ‘4’ (0-9, a-f), ‘5’ (0-9, a-v), and ‘6’ (0-9, a-z, A-Z, “-“, “,”).

Therefore, to validate the session ID we need to create a regular expression that looks for the correct set of characters of the expected length.

I wrote function to do this:

function isValidSessionId(string $sessionId): bool
{ $sidLength = ini_get('session.sid_length'); switch (ini_get('session.sid_bits_per_character')) { case 6: $characterClass = '0-9a-zA-z,-'; break; case 5: $characterClass = '0-9a-z'; break; case 4: $characterClass = '0-9a-f'; break; default: throw new \RuntimeException('Unknown value in session.sid_bits_per_character.'); } $pattern = '/^[' . $characterClass . ']{' . $sidLength . '}$/'; return preg_match($pattern, $sessionId) === 1;

You could use it like this:

$name = session_name();
if (isset($_COOKIE[$name])) { if (!isValidSessionId($_COOKIE[$name])) { // invalid - return an error, just send back a 500 or something exit; }

As far as I can tell, we can’t use session_id() as we haven’t started the session yet, however as the session is just a cookie at the HTTP level, we can use $_COOKIE instead.

Note also that the manual has an excellent section on Sessions and Security which is worth reading.

PHP Internals News: Episode 40: Syntax Tweaks – Derick Rethans

PHP Internals News: Episode 40: Syntax Tweaks

In this episode of “PHP Internals News” I chat with Nikita Popov (Twitter, GitHub, Website) about a bunch of smaller RFCs.

The RSS feed for this podcast is, you can download this episode’s MP3 file, and it’s available on Spotify and iTunes. There is a dedicated website:


Derick Rethans 0:16

Hi, I’m Derick. And this is PHP internals news, a weekly podcast dedicated to demystifying the development of the PHP language. This is Episode 40. Again, I’m talking with Nikita. Perhaps we should rename this podcast to the Derick and Nikita Show at some point in the future. This time we’re going to talk about a bunch of smaller RFC that he produced related to tweaking PHP syntax for PHP 8. Nikita, would you please introduce yourself?

Nikita Popov 0:42

Hi, I’m Nikita and I do PHP core developement on behalf of JetBrains. We have a couple of new and not very exciting RFCs to discuss.

Derick Rethans 0:53

Sometimes non not exciting is also good to talk about. Anyway, the first one that caught my eye was a RFC called static return type. So we have had return types for well, but what is special about static?

Nikita Popov 1:07

So PHP has three magic special class names that’s self, referring to the current class, parent referring to the well parent class, and static, which is the late static binding class name. And that’s very similar to self. If no inheritance is involved, then static is the same as self introducing refers to the current class. However, if the method is inherited, and you call this method on the child class, then self is still going to refer to the original class, so the parent. While static is going to refer to the class on which the method was actually called.

Derick Rethans 1:51

Even though the method wasn’t overloaded

Nikita Popov 1:54

Exactly. In the way one can think of static as: You can more or less replace static with self. But then you would have to actually copy this method inside every class where.

Derick Rethans 2:09

You have not explained the difference between self and static. Why would you want to use static as a return type instead of self?

Nikita Popov 2:17

There are a couple of use cases. I think the three ones mentioned in the RFC are. The first one is named constructors. So usually in PHP, we just use the construct method. Well, if we had to give this method, a type, a return type, then the return type will be static. Because of course, the constructor always returns while the class you’re actually constructing, not some kinda parent class. And named constructors are just a pattern where you use a static method instead of a constructor, for example, because you have multiple different ways of constructing an object and you want to distinguish them by name.

Derick Rethans 2:57

Could we also call those factory methods?

Nikita Popov 3:00

Yeah, that’s also related pattern. So for named constructors, you usually also want to return the object that it is actually called on.

Derick Rethans 3:09

It makes sense attached there because of that then creates a contract that you know that is named constructor is going to return that same class and not something else. Because there’s no requirements that would otherwise require that same class, like you’d h

Truncated by Planet PHP, read more at the original (another 26960 bytes)

Use a:visited in your CSS stylesheet – Evert Pot

By default browsers will render links blue, and links that have been visited

This quality of life feature goes back as far as I can remember, a casual
search tells me the feature existed in Mosaic.

I kinda love blue links. They’re so recognizable as links. But with CSS, many
people change the colors of their links.

a { color: #44F }

Unfortunately, when setting a new color the ‘purple visited link’ feature also
gets disabled. I think this is a shame, as there’s so many instances where
you’re going through a list of links and want to see what you’ve seen before.

The 2 examples I ran into today were:

  • AWS Cloudwatch Logs
  • Stackoverflow search results

In each of these products I often find myself going through a list of results,
to find the exact log I need, or to go through a couple of answers before I find
a good one.

Except, every time I hit back, or go to a previous tab it’s up to me to remember
which I have and haven’t visited.

AWS Cloudwatch logs

I get that not everyone wants to multi-colored links across their application,
but if you’re making a list, consider the humble purple link!

a:visited { color: purple }

Confession: I added this rule minutes before I posted this article. Turns out
that while I was annoyed by other applications, I’m guilty of the same thing.

Xdebug Update: January 2020 – Derick Rethans

Xdebug Update: January 2020

Another month, another monthly update where I explain what happened with Xdebug development in this past month. It will be published on the first Tuesday after the 5th of each month. Patreon supporters will get it earlier, on the first of each month. You can become a patron here to support my work on Xdebug. If you are leading a team or company, then it is also possible to support Xdebug through a subscription.

In January, I worked on Xdebug for just over 90 hours, on the following things:

Xdebug 2.9.1 and Xdebug 2.9.2

This month brought two releases. The Xdebug 2.9.1 release restores step debugging performance as it was in Xdebug 2.7.2, while still maintaining the resolved breakpoint feature. Beyond improved performance for debugging, it also addresses a whole range of smaller issues.

The 2.9.2 release is a normal bug fix release, which addresses three relatively minor issue.

With the latest 2.9.2 I also updated the Xdebug web site to have a latest release download page and a historical release download page. On top of that, the code behind the web site no longer computers SHA256 checksums of the download files, but instead they are now committed to GIT. The separation makes the general download page much leaner, which allows me to put other related downloads on that same page too. Which brings me to the next topic.

Business Supporter Scheme and Funding

I have moved the supporters in the Business Supporter Scheme to a more prominent place, right on the front page of

In January, no new supporters signed up.

If you, or your company, would also like to support Xdebug, head over to the support page!

Besides business support, I also maintain a Patreon page and a profile on GitHub sponsors.


The PHP Internals News has returned with the second season. In this weekly podcast, I discuss in 15-30 minutes, proposed new features to the PHP language with fellow PHP internals developers. It is available on Spotify and iTunes, and through an RSS Feed. In the first episode I spoke with Nikita Popov about Preloading and WeakMaps.

PHP Internals News: Episode 39: Stringable Interface – Derick Rethans

PHP Internals News: Episode 39: Stringable Interface

In this episode of “PHP Internals News” I chat with Nicolas Grekas (Twitter, GitHub, LinkedIn, Symfony Connect) about the new “Stringable Interface” that Nicolas is proposing, as well as about voting rights (on RFCs).

The RSS feed for this podcast is, you can download this episode’s MP3 file, and it’s available on Spotify and iTunes. There is a dedicated website:


Derick Rethans 0:16

Hi, I’m Derick. And this is PHP internals news, a weekly podcast dedicated to demystifying the development of the PHP language. Hello, this is Episode 39. Today I’m talking with Nicholas Grekas about an RFC that he’s produced called stringable interface. I already spoke with Nicholas last year about the work that Symfony does the new PHP versions come out to look at deprecations and to make sure that versions of Symfony work with new versions of PHP. But this time Nicholas came up with his own RFC called the stringable interface. Nicholas, could you explain what streamable is?

Nicolas Grekas 0:54

Hello, and Stringable is an interface that people could use to declare that they implement some the magic toString() method.

Derick Rethans 1:02

Because currently there’s not necessary to implement an interface, and PHP’s internals will always use toString if it is available in a class, right?

Nicolas Grekas 1:10

Yeah, absolutely.

Derick Rethans 1:11

What is true reason why you would want to have a stringable interface.

Nicolas Grekas 1:16

So the reason is to be able to benefit from union type in PHP 8. Right now, if you want to accept a string as an argument, it’s pretty easy. You just add the string type, right? Let’s say now you want to accept a string or a stringable object, stringable an object being something that implements this method. If you want to do that, you can not express the type using types today.

Derick Rethans 1:42

Because if you choose string, and then the name of an object that would only do that specific object.

Nicolas Grekas 1:47

Yes, there are some cases in Symfony especially because this is where work and I do open source. Where we do want to not call toString method until the very latest moment. after example is in the code: one is from Drupal. Drupal computes some constraint validation messages, lazyly, and it’s pretty important to them because computing the message itself is pretty costly. They don’t need to compute it all the time. Actually, we added the type, the string type in Symfony five, before it was released and Drupal came and say: Oh, this is breaking our code and our features, what should we do now? And we removed the type and we replaced it by some annotation saying: Okay, this is a string or a stringable object. So in the future, when will add up PHP 6 would like to be able to express that using a type of real one,

Derick Rethans 2:41

PHP 6?

Nicolas Grekas 2:42

No, PHP 8, that’s true. Strings and PHP 6.

Derick Rethans 2:49


Nicolas Grekas 2:51

Another example is also is pretty similar, actually. It’s in the symfony auto wiring system. We have services that we wire and so

Truncated by Planet PHP, read more at the original (another 16793 bytes)