What’s New in PHP 8.3 RC1? Explore JSON Validation, Randomizer, and Error Handling

PHP 8.3’s first Release Candidate is now available for testing and is the most feature‑complete version of the year.

PHP 8.3 is slated for stable release at the end of November. The first candidate was published on September 3, with a new candidate expected every two weeks, leading to a full release around November 23.

Background

Development of PHP 8.3 aims to deliver a stable version by late November, following a regular cadence of six release candidates.

PHP Version Comparison

Current market share shows that about 77.5 % of websites are built with PHP, and roughly 7.7 % run PHP 8. Among PHP 8 users, 57.4 % use 8.0, 39.3 % use 8.1, and 3.2 % use 8.2.

New JSON Validation Function

PHP 8.3 introduces json_validate(), a dedicated function for checking whether a string is valid JSON.

$json = '{"name": "Alicia Joe"}';
$data = json_decode($json); // traditional validation
if (json_last_error() === JSON_ERROR_NONE) {
    // Valid JSON
} else {
    // Invalid JSON
}

With PHP 8.3 you can simply use:

$json = '{"name": "Alicia Joe"}';
$valid = json_validate($json);
if ($valid) {
    // Valid JSON
} else {
    // Invalid JSON
}

The function returns true for valid JSON and false otherwise, removing the need for json_last_error().

Improved unserialize() Error Handling

Errors from unserialize() now throw UnserializationFailedException instead of emitting E_WARNING or E_NOTICE. This makes catching and handling failures easier.

try {
    set_error_handler(static function ($severity, $message, $file, $line) {
        throw new \ErrorException($message, 0, $severity, $file, $line);
    });
    $result = unserialize($serialized);
} catch (\Throwable $e) {
    // Unserialization failed.
} finally {
    restore_error_handler();
}
var_dump($result);

Example with the new exception:

try {
    $result = unserialize('B:2:"jon";');
    var_dump($result);
} catch (\UnserializationFailureException $e) {
    // Handle failure.
}

New Functions in the Randomizer Class

The \Random\Randomizer class gains several useful methods.

getBytesFromString()

Generates a random string by selecting bytes from a given source string.

$randomizer = new \Random\Randomizer();
$randomizer->getBytesFromString('abcdef', 3); // e.g., "bda"

Useful for creating random IDs, subdomains, or DNA‑like sequences:

$randomizer = new \Random\Randomizer();
var_dump(implode('-', str_split($randomizer->getBytesFromString('0123456789', 20), 5)));
// string(23) "09292-16502-59535-88886"

getFloat()

Returns a random floating‑point number between two bounds.

$randomizer = new \Random\Randomizer();
$randomizer->getFloat(0, 1); // e.g., 0.123456789

It can also generate latitude/longitude values:

$randomizer = new \Random\Randomizer();
var_dump(
    $randomizer->getFloat(-90, 90, \Random\IntervalBoundary::ClosedClosed),
    $randomizer->getFloat(-180, 180, \Random\IntervalBoundary::OpenClosed)
);
// Lat: float(-45.123456789)
// Long: float(123.123456789)

nextFloat()

Generates a random float strictly between 0 and 1.

$randomizer = new \Random\Randomizer();
$randomizer->nextFloat(); // 0.123456789

Example – coin toss simulation:

$randomizer = new \Random\Randomizer();
var_dump($randomizer->nextFloat() > 0.5 ? 'Heads' : 'Tails');

Dynamic Class Constant Access

While dynamic method calls have long been possible, PHP 8.3 is expected to support dynamic class constant retrieval in future releases.

// Dynamic variable
$baz = 'foo';
$$baz = 'bar'; // $foo = 'bar'

// Dynamic method call
class Foo {
    public function hello() { echo 'Hello world!'; }
}
$dynamicMethod = 'hello';
$a = new Foo();
$a->{$dynamicMethod}(); // prints 'Hello!'

Static constant access can already be done dynamically:

class Foo { public const BAR = 'bar'; }
$dynamicConstant = 'BAR';
echo Foo::{$dynamicConstant}; // prints 'bar'

Improved Date/Time Exception Handling

PHP 8.3 introduces more specific date‑time exceptions, replacing generic errors.

DateTime, DateTimeImmutable, DateTimeZone, and DatePeriod serialization errors.

Attempt to modify read‑only property DatePeriod::$%s.

Warnings for malformed serialized data.

Errors when comparing uninitialized DateTimeZone objects.

Iterator misuse with foreach by reference.

ValueError and TypeError improvements.

New DateError hierarchy (DateObjectError, DateRangeError, etc.).

Backward Compatibility Concerns

Some changes may affect older code, such as the replacement of a generic ValueError with DateRangeError for epoch overflow, and new DateInvalidOperationException warnings for unsupported relative time specifications.

PHP 8.3 Update Overview

Better date/time exception handling.

New json_validate() function.

Support for #[\Override] attribute (RFC).

Zip extension enhancements with new flags.

Additional POSIX functions (posix_sysconf, posix_pathconf, etc.).

New PHP socket options.

Expanded Randomizer class methods.

cURL 7.87 adds new parameters and constants.

New DOM node manipulation methods.

Negative number rounding in number_format().

Support for zend_call_stack_get on OpenBSD.

Multi‑file syntax check with php -l.

Negative array indices.

Anonymous read‑only classes.

Typed constants.

Various other bug fixes and improvements.

Conclusion

PHP 8.3 brings a host of new features—enhanced randomization, built‑in JSON validation, improved unserialize error handling, and richer date‑time exceptions—that will simplify development and testing, while also introducing a few backward‑compatibility considerations to keep in mind.