I’m guessing you want this “just working” - getting this script up to date would require a rewrite as PHP has changed a lot the last 6 years.
I think I’d just fire up a dev environment with the PHP version I wanted, turn on all error reporting and start removing errors.
Here is the list though
Backward Incompatible Changes
[ul][li]The newer internal parameter parsing API has been applied across all the extensions bundled with PHP 5.3.x. This parameter parsing API causes functions to return NULL when passed incompatible parameters. There are some exceptions to this rule, such as the get_class() function, which will continue to return FALSE on error.[/li]
[li]clearstatcache() no longer clears the realpath cache by default.[/li]
[li]realpath() is now fully platform-independent. Consequence of this is that invalid relative paths such as FILE . “/…/x” do not work anymore.[/li]
[li]The call_user_func() family of functions now propagate $this even if the callee is a parent class.[/li]
[li]The array functions natsort(), natcasesort(), usort(), uasort(), uksort(), array_flip(), and array_unique() no longer accept objects passed as arguments. To apply these functions to an object, cast the object to an array first.[/li]
[li]The behaviour of functions with by-reference parameters called by value has changed. Where previously the function would accept the by-value argument, a fatal error is now emitted. Any previous code passing constants or literals to functions expecting references, will need altering to assign the value to a variable before calling the function.[/li]
[li]The new mysqlnd library necessitates the use of MySQL 4.1’s newer 41-byte password format. Continued use of the old 16-byte passwords will cause mysql_connect() and similar functions to emit the error, “mysqlnd cannot connect to MySQL 4.1+ using old authentication.”[/li]
[li]The new mysqlnd library does not read mysql configuration files (my.cnf/my.ini), as the older libmysqlclient library does. If your code relies on settings in the configuration file, you can load it explicitly with the mysqli_options() function. Note that this means the PDO specific constants PDO::MYSQL_ATTR_READ_DEFAULT_FILE and PDO::MYSQL_ATTR_READ_DEFAULT_GROUP are not defined if MySQL support in PDO is compiled with mysqlnd.[/li]
[li]The trailing / has been removed from the SplFileInfo class and other related directory classes.[/li]
[li]The __toString() magic method can no longer accept arguments.[/li]
[li]The magic methods __get(), __set(), __isset(), __unset(), and __call() must always be public and can no longer be static. Method signatures are now enforced.[/li]
[li]The __call() magic method is now invoked on access to private and protected methods.[/li]
[li]func_get_arg(), func_get_args() and func_num_args() can no longer be called from the outermost scope of a file that has been included by calling include or require from within a function in the calling file.[/li]
[li]An emulation layer for the MHASH extension to wrap around the Hash extension have been added. However not all the algorithms are covered, notable the s2k hashing algorithm. This means that s2k hashing is no longer available as of PHP 5.3.0.[/li]
[li]Safe mode is no longer supported. Any applications that rely on safe mode may need adjustment, in terms of security.[/li]
[li]Magic quotes has been removed. Applications relying on this feature may need to be updated, to avoid security issues. get_magic_quotes_gpc() and get_magic_quotes_runtime() now always return FALSE. set_magic_quotes_runtime() raises an E_CORE_ERROR level error on trying to enable Magic quotes.[/li]
[li]The register_globals and register_long_arrays php.ini directives have been removed.
mbstring.script_encoding directives have been removed. Use zend.script_encoding instead.[/li]
[li]Call-time pass by reference has been removed.
The break and continue statements no longer accept variable arguments (e.g., break 1 + foo() * $bar;). Static arguments still work, such as break 2;. As a side effect of this change break 0; and continue 0; are no longer allowed.[/li]
[li]In the date and time extension, the timezone can no longer be set using the TZ environment variable. Instead you have to specify a timezone using the date.timezone php.ini option or date_default_timezone_set() function. PHP will no longer attempt to guess the timezone, and will instead fall back to “UTC” and issue a E_WARNING.[/li]
[li]Non-numeric string offsets - e.g. $a[‘foo’] where $a is a string - now return false on isset() and true on empty(), and produce a E_WARNING if you try to use them. Offsets of types double, bool and null produce a E_NOTICE. Numeric strings (e.g. $a[‘2’]) still work as before. Note that offsets like ‘12.3’ and ‘5 foobar’ are considered non-numeric and produce a E_WARNING, but are converted to 12 and 5 respectively, for backward compatibility reasons. Note: Following code returns different result. $str=‘abc’;var_dump(isset($str[‘x’])); // false for PHP 5.4 or later, but true for 5.3 or less[/li]
[li]Converting an array to a string will now generate an E_NOTICE level error, but the result of the cast will still be the string “Array”.[/li]
[li]Turning NULL, FALSE, or an empty string into an object by adding a property will now emit an E_WARNING level error, instead of E_STRICT.[/li]
[li]Parameter names that shadow super globals now cause a fatal error. This prohibits code like function foo($_GET, $_POST) {}.[/li]
[li]The Salsa10 and Salsa20 hash algorithms have been removed.[/li]
[li]array_combine() now returns array() instead of FALSE when two empty arrays are provided as parameters.[/li]
[li]If you use htmlentities() with asian character sets, it works like htmlspecialchars() - this has always been the case in previous versions of PHP, but now an E_STRICT level error is emitted.[/li]
[li]The third parameter of ob_start() has changed from boolean erase to integer flags. Note that code that explicitly set erase to FALSE will no longer behave as expected in PHP 5.4: please follow this example to write code that is compatible with PHP 5.3 and 5.4.[/li]
[li]Support for Windows XP and 2003 has been dropped. Windows builds of PHP now require Windows Vista or newer.[/li]
[li]All case insensitive matching for function, class and constant names is now performed in a locale independent manner according to ASCII rules.[/li]
[li]Changes were made to pack() and unpack() to make them more compatible with Perl:[/li]
[li]Prior to PHP 5.5, cases existed where the self, parent, and static keywords were treated in a case sensitive fashion. These have now been resolved, and these keywords are always handled case insensitively[/li]
[li]The GUIDs that previously resulted in PHP outputting various logos have been removed. This includes the removal of the functions to return those GUIDs.[/li]
[li]Extension authors should note that the zend_execute() function can no longer be overridden, and that numerous changes have been made to the execute_data struct and related function and method handling opcodes.[/li]
[li]Array keys won’t be overwritten when defining an array as a property of a class via an array literal[/li]
[li]json_decode() now rejects non-lowercase variants of the JSON literals true, false and null at all times, as per the JSON specification, and sets json_last_error() accordingly.[/li]
[li]All encrypted client streams now enable peer verification by default. By default, this will use OpenSSL’s default CA bundle to verify the peer certificate. In most cases, no changes will need to be made to communicate with servers with valid SSL certificates, as distributors generally configure OpenSSL to use known good CA bundles.[/li]
[li]GMP resources are now objects. The functional API implemented in the GMP extension has not changed, and code should run unmodified unless it checks explicitly for a resource using is_resource() or similar.[/li]
[li]mcrypt_encrypt(), mcrypt_decrypt(), mcrypt_cbc(), mcrypt_cfb(), mcrypt_ecb(), mcrypt_generic() and mcrypt_ofb() will no longer accept keys or IVs with incorrect sizes, and block cipher modes that require IVs will now fail if an IV isn’t provided.[/li]
[li]Uploads using the @file syntax now require CURLOPT_SAFE_UPLOAD to be set to FALSE. CURLFile should be used instead.[/li][/ul]
[hr]
Please also note that in PHP 5.5 the mysql_* library was (finally) deprecated - meaning it will no longer work if you upgrade to PHP 7 (which in fact is just around the corner). This means you have to rewrite all your queries, preferably updating them to todays standards using placeholders instead of inserting data directly. So “SELECT * FROM USER WHERE ID = lots_of_escape_functions($id)” turns into “SELECT * FROM USER WHERE ID = ?”
http://php.net/manual/en/migration53.php
http://php.net/manual/en/migration54.php
http://php.net/manual/en/migration55.php
http://php.net/manual/en/migration56.php
