向后不兼容

虽然大部分 PHP 5 的代码无需修改即可正常运行, 但是有部分代码是无法向后兼容的:

使用数组标识符为类定义数组类型的属性时,数组的键不会被覆盖

在 PHP 5.6 之前的版本中,为类定义数组类型的属性时, 如果数组中同时使用了显式数组键和隐式数组键,并且显式的键和隐式的序列键相同, 那么数组的键将被覆盖。例如:

<?php
class {
    const 
ONE 1;
    public 
$array = [
        
self::ONE => 'foo',
        
'bar',
        
'quux',
    ];
}

var_dump((new C)->array);
?>

Output of the above example in PHP 5.5:

array(2) {
  [0]=>
  string(3) "bar"
  [1]=>
  string(4) "quux"
}

Output of the above example in PHP 5.6:

array(3) {
  [1]=>
  string(3) "foo"
  [2]=>
  string(3) "bar"
  [3]=>
  string(4) "quux"
}

严格的 json_decode()

对于 JSON 字面量 truefalsenull,如果不采用小写格式,将会被 json_decode() 函数拒绝, 同时相应的设置 json_last_error()。 在之前的版本中,json_decode() 函数可以接受这些字面量的 全部大写或者大小写混写的格式。

此变更仅会影响传入到 json_decode() 中的 JSON 格式无效的情况, 有效的 JSON 输入不会受到影响并且能够正确解析。

当使用 SSL/TLS 的时候,流封装器默认验证端点证书和主机名

All encrypted client streams now enable peer verification by default. By default, this will use OpenSSL's default CA bundle to verify the peer certificate. In most cases, no changes will need to be made to communicate with servers with valid SSL certificates, as distributors generally configure OpenSSL to use known good CA bundles.

The default CA bundle may be overridden on a global basis by setting either the openssl.cafile or openssl.capath configuration setting, or on a per request basis by using the cafile or capath context options.

While not recommended in general, it is possible to disable peer certificate verification for a request by setting the verify_peer context option to FALSE, and to disable peer name validation by setting the verify_peer_name context option to FALSE.

GMP 资源现为对象

GMP 资源现为对象。 GMP 扩展中的基于函数的 API 实现不受影响, 只有在代码中使用 is_resource() 或类似函数 来显示检测是否资源类型的代码才会受到影响。

Mcrypt 函数需要有效长度的密钥和初始向量

mcrypt_encrypt()mcrypt_decrypt()mcrypt_cbc()mcrypt_cfb()mcrypt_ecb()mcrypt_generic() 以及 mcrypt_ofb() 函数不再接受无效长度的密钥和初始向量, 对于需要初始向量的分组加密模式,如果不提供初始向量,函数调用将会失败。

cURL 文件上传

必须先设置 CURLOPT_SAFE_UPLOAD 为 FALSE 才能够使用 @file 语法来上传文件。 建议使用 CURLFile 类来上传文件。

User Contributed Notes

Roger 23-Jun-2017 07:15
Another breaking change involves opening the special "php://input" stream for decompression. In PHP 5.5, the following code would allow PHP to decode a gzip'd request input stream:

<?php
// Open the input stream for requests with Content-Encoding: gzip.
$input = gzopen('php://input','r');
// This has the same effect as fopen('compress.zlib://php://input','r').

// Get the decompressed request body.
var_dump(stream_get_contents($input));
?>

However in PHP 5.6 this does not work. Instead PHP gives the following warning: gzopen(): cannot represent a stream of type Input as a File Descriptor.

It is unclear whether this is a bug or intentional, backward-incompatible change.
Someone 26-Sep-2016 10:04
Beware, now default_charset in PHP 5.6 is UTF-8, instead of blank value like in previous versions. So if you use 8-bit charset like iso-8859-1 then your non-ascii characters will be broken until you explicitly set default_charset to blank value or to your actual character set. HTML meta tag doesn't work anymore because HTTP headers have more proirity over them. And Apache AddDefaultCharset directive has lower proirity too.