3v4l.org

run code in 300+ PHP versions simultaneously
<?php declare(strict_types=1); echo "setup begin\n"; $pdo = new PDO('sqlite::memory:'); $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC); $user_table = 'CREATE TABLE user ( user_id INTEGER NOT NULL, email TEXT NOT NULL, PRIMARY KEY (user_id), UNIQUE (email) )'; $pdo->exec($user_table); $select_stmt = $pdo->prepare('SELECT * FROM user'); $insert_stmt = $pdo->prepare('INSERT INTO user (email) VALUES (?)'); $_POST['email'] = 'bobby@tables.com'; echo "setup end\n\n"; echo "validate email & prepared statement begin\n"; $email = filter_var($_POST['email'] ?? false, FILTER_VALIDATE_EMAIL); if ($email === false) { throw new InvalidArgumentException(); } $insert_stmt->execute([$email]); $select_stmt->execute(); var_dump($select_stmt->fetchAll()); echo "validate email & prepared statement end\n\n"; echo "prepared statement handles injection begin\n"; $email = "'little_bobby@tables.com'); DROP TABLE user; --"; $insert_stmt->execute([$email]); $select_stmt->execute(); var_dump($select_stmt->fetchAll()); echo "prepared statement handles injection end\n\n"; echo "string query fails injection begin\n"; $email = "'little_bobby@tables.com'); DROP TABLE user; --"; $pdo->exec("INSERT INTO user (email) VALUES ({$email})"); $select_stmt->execute(); var_dump($select_stmt->fetchAll()); echo "string query fails injection end\n\n";
Output for 8.1.0 - 8.1.33, 8.2.0 - 8.2.29, 8.3.0 - 8.3.4, 8.3.6 - 8.3.28, 8.4.1 - 8.4.14, 8.5.0 - 8.5.1
setup begin setup end validate email & prepared statement begin array(1) { [0]=> array(2) { ["user_id"]=> int(1) ["email"]=> string(16) "bobby@tables.com" } } validate email & prepared statement end prepared statement handles injection begin array(2) { [0]=> array(2) { ["user_id"]=> int(1) ["email"]=> string(16) "bobby@tables.com" } [1]=> array(2) { ["user_id"]=> int(2) ["email"]=> string(47) "'little_bobby@tables.com'); DROP TABLE user; --" } } prepared statement handles injection end string query fails injection begin Fatal error: Uncaught PDOException: SQLSTATE[HY000]: General error: 1 no such table: user in /in/Fh2Pt:42 Stack trace: #0 /in/Fh2Pt(42): PDOStatement->execute() #1 {main} thrown in /in/Fh2Pt on line 42
Process exited with code 255.
Output for 8.4.15
/bin/php-8.4.15: /usr/lib/libm.so.6: version `GLIBC_2.38' not found (required by /bin/php-8.4.15) /bin/php-8.4.15: /usr/lib/libm.so.6: version `GLIBC_2.35' not found (required by /bin/php-8.4.15) /bin/php-8.4.15: /usr/lib/libc.so.6: version `GLIBC_2.34' not found (required by /bin/php-8.4.15) /bin/php-8.4.15: /usr/lib/libc.so.6: version `GLIBC_2.38' not found (required by /bin/php-8.4.15)
Process exited with code 1.
Output for 8.3.5
Warning: PHP Startup: Unable to load dynamic library 'sodium.so' (tried: /usr/lib/php/8.3.5/modules/sodium.so (libsodium.so.23: cannot open shared object file: No such file or directory), /usr/lib/php/8.3.5/modules/sodium.so.so (/usr/lib/php/8.3.5/modules/sodium.so.so: cannot open shared object file: No such file or directory)) in Unknown on line 0 setup begin setup end validate email & prepared statement begin array(1) { [0]=> array(2) { ["user_id"]=> int(1) ["email"]=> string(16) "bobby@tables.com" } } validate email & prepared statement end prepared statement handles injection begin array(2) { [0]=> array(2) { ["user_id"]=> int(1) ["email"]=> string(16) "bobby@tables.com" } [1]=> array(2) { ["user_id"]=> int(2) ["email"]=> string(47) "'little_bobby@tables.com'); DROP TABLE user; --" } } prepared statement handles injection end string query fails injection begin Fatal error: Uncaught PDOException: SQLSTATE[HY000]: General error: 1 no such table: user in /in/Fh2Pt:42 Stack trace: #0 /in/Fh2Pt(42): PDOStatement->execute() #1 {main} thrown in /in/Fh2Pt on line 42
Process exited with code 255.
Output for 7.3.0 - 7.3.33, 7.4.0 - 7.4.33, 8.0.0 - 8.0.30
setup begin setup end validate email & prepared statement begin array(1) { [0]=> array(2) { ["user_id"]=> string(1) "1" ["email"]=> string(16) "bobby@tables.com" } } validate email & prepared statement end prepared statement handles injection begin array(2) { [0]=> array(2) { ["user_id"]=> string(1) "1" ["email"]=> string(16) "bobby@tables.com" } [1]=> array(2) { ["user_id"]=> string(1) "2" ["email"]=> string(47) "'little_bobby@tables.com'); DROP TABLE user; --" } } prepared statement handles injection end string query fails injection begin Fatal error: Uncaught PDOException: SQLSTATE[HY000]: General error: 1 no such table: user in /in/Fh2Pt:42 Stack trace: #0 /in/Fh2Pt(42): PDOStatement->execute() #1 {main} thrown in /in/Fh2Pt on line 42
Process exited with code 255.
preferences:
203.74 ms | 414 KiB | 5 Q