URI Extension — Proper URL Parsing at Last
PHP 8.5 introduces a built-in URI extension with immutable, standards-compliant URL objects. It supports both RFC 3986 and the WHATWG URL Standard — replacing the limited phpparse_url with something that actually handles real-world URLs correctly.
use Uri\Rfc3986\Uri;
// Parse and inspect
$uri = new Uri('https://user:pass@example.com:8080/path?q=php#section');
echo $uri->getScheme(); // "https"
echo $uri->getHost(); // "example.com"
echo $uri->getPort(); // 8080
echo $uri->getPath(); // "/path"
echo $uri->getQuery(); // "q=php"
echo $uri->getFragment(); // "section"
// Immutable modification with fluent interface
$api = $uri
->withScheme('https')
->withHost('api.example.com')
->withPort(null)
->withPath('/v2/users')
->withQuery('page=1');
echo (string) $api; // "https://api.example.com/v2/users?page=1"
// WHATWG URL Standard — how browsers parse URLs
use Uri\WhatWg\Url;
$url = new Url('https://example.com/path/../other');
echo $url->getPath(); // "/other" — resolved, like a browser
// Proper validation — no more silent parse_url failures
try {
$bad = new Uri('not a url');
} catch (Uri\InvalidUriException $e) {
echo $e->getMessage();
}
The old parse_url() was famously unreliable — it silently returned partial results for malformed URLs and couldn't handle many valid URL formats. The new URI classes provide proper validation, normalization, and immutable modification.
Significance: Correctness
URL handling is security-critical: redirect validation, SSRF prevention, and OAuth flows all depend on parsing URLs correctly. The new URI extension replaces a 30-year-old function with a standards-compliant, immutable API that makes correct URL handling the default.