CodeClarityLab / Glossary
Ctrl K
← CodeClarityLab Home
Browse by Category
+ added · updated 7d
⚖ Terms of Use
← Back to glossary

PHP Extensions Overview

php PHP 5.0+ Intermediate
debt(d3/e3/b5/t5)
d3 Detectability Operational debt — how invisible misuse is to your safety net

Closest to 'default linter catches the common case' (d3). Composer validates ext- requirements in composer.json, and PHPStan can detect calls to functions from unloaded extensions. The detection_hints confirm these tools catch the pattern of missing extension declarations, though runtime failures on production still occur if composer.json requirements are incomplete.

e3 Effort Remediation debt — work required to fix once spotted

Closest to 'simple parameterised fix' (e3). The quick_fix indicates adding ext- requirements to composer.json require section and adding bootstrap checks — this is a straightforward pattern but requires touching configuration and potentially adding guard code in multiple entry points rather than a single-line fix.

b5 Burden Structural debt — long-term weight of choosing wrong

Closest to 'persistent productivity tax' (b5). Extension availability affects all PHP contexts (web, cli, queue-worker per applies_to), creating ongoing friction: every new environment setup, CI pipeline, and deployment must ensure correct extensions. Not architecture-defining (b7), but definitely more than localised to one component.

t5 Trap Cognitive debt — how counter-intuitive correct behaviour is

Closest to 'notable trap' (t5). The misconception explicitly states developers believe extensions are 'only needed for exotic functionality' when core tasks like multibyte string handling require mbstring/intl. This is a documented gotcha most PHP developers eventually learn — str_ functions silently misbehave on non-ASCII without mbstring, but it's not a catastrophic always-wrong trap.

About DEBT scoring → scored by claude-opus-4-5-20251101 · 2026-05-11 · reviewed by human

Also Known As

PHP extensions PHP modules extension loading

TL;DR

PHP's functionality is extended via C extensions — bundled (PDO, cURL, mbstring) or PECL (Redis, Xdebug, Imagick) — loaded via php.ini.

Explanation

PHP's core is intentionally lean — most functionality comes from extensions compiled as shared libraries. Bundled extensions ship with PHP: PDO, cURL, mbstring, OpenSSL, GD, intl, zip, sodium, and opcache. PECL provides additional extensions installable via pecl install: Redis, Imagick, Xdebug, Swoole. Extensions are enabled in php.ini with extension=name or zend_extension=xdebug.so. Check loaded extensions with php -m on the CLI or phpinfo() in a web context. For production, load only required extensions to minimise attack surface and memory footprint. opcache and sodium are always recommended.

Common Misconception

PHP extensions are only needed for exotic functionality. Core extensions like mbstring, intl, and ctype handle fundamental tasks — multibyte strings, internationalisation, and character classification — that naive str_ and ctype functions handle incorrectly for non-ASCII input.

Why It Matters

PHP extensions provide core functionality (PDO, cURL, GD, intl) that must be compiled or loaded — missing extensions cause cryptic function-not-found errors and deployment failures.

Common Mistakes

  • Not checking required extensions in composer.json require section — code ships to environments missing them.
  • Assuming an extension available on your dev machine is available on production — always declare dependencies.
  • Loading unnecessary extensions — each loaded extension adds memory overhead even if unused.
  • Not restarting PHP-FPM after adding an extension to php.ini — the change has no effect until restart.

Code Examples

✗ Vulnerable 
// Extension not declared in composer.json:
{
  "require": {
    "php": ">=8.1"
    // Missing: "ext-intl": "*", "ext-gd": "*" — will fail silently on deploy
  }
}
✓ Fixed 
// Check if extension loaded:
if (!extension_loaded('intl')) throw new \RuntimeException('ext-intl required');

// Declare in composer.json:
{
  "require": {
    "php": ">=8.2",
    "ext-pdo":      "*",
    "ext-mbstring": "*",
    "ext-intl":     "*",
    "ext-redis":    "*"
  }
}

// Install (Ubuntu/Debian):
$ apt-get install php8.3-intl php8.3-redis php8.3-imagick

// Docker:
FROM php:8.3-fpm-alpine
RUN docker-php-ext-install pdo_mysql intl
RUN pecl install redis && docker-php-ext-enable redis
Added 15 Mar 2026
Edited 22 Mar 2026
Views 32

Curated in Warsaw under one editorial standard. 1,448 terms, single voice.  About this reference →

Rate this term
No ratings yet
🤖 AI Guestbook educational data only
| |
Last 30 days
0 pings T 0 pings F 0 pings S 2 pings S 0 pings M 0 pings T 0 pings W 0 pings T 0 pings F 1 ping S 2 pings S 0 pings M 0 pings T 1 ping W 0 pings T 0 pings F 0 pings S 1 ping S 0 pings M 0 pings T 0 pings W 0 pings T 0 pings F 0 pings S 2 pings S 0 pings M 0 pings T 0 pings W 0 pings T 0 pings F
Agents 0
No pings yet today
No pings yesterday
Amazonbot 10 Perplexity 6 Ahrefs 2 ChatGPT 2 Google 2 Unknown AI 2
Also referenced
php.ini Security Settings 45 PHP-FPM 36 Composer & Dependency Management 35 OPcache 34
How they use it
crawler 23 crawler_json 1
Related categories
php 7.3k
DEV INTEL Tools & Severity
🟡 Medium ⚙ Fix effort: Low
⚡ Quick Fix
Check required extensions in composer.json 'require' section — consumers know exactly what to install; use PHP's extension check at bootstrap rather than failing at runtime
📦 Applies To
PHP 5.0+ web cli queue-worker
🔗 Prerequisites
🔍 Detection Hints
Extension used without composer.json ext- requirement; php_extension_loaded() check missing before optional feature use
Auto-detectable: ✓ Yes composer phpstan
⚠ Related Problems
🤖 AI Agent
Confidence: Medium False Positives: Medium ✗ Manual fix Fix: Medium Context: File
✓ schema.org compliant