Online PHP editor | rfc for Fh2Pt

@ 2021-07-26T01:09:22Z

<?php
declare(strict_types=1);

echo "setup begin\n";
$pdo = new PDO('sqlite::memory:');
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);

$user_table = 'CREATE TABLE user (
   user_id INTEGER NOT NULL,
   email TEXT NOT NULL,
   PRIMARY KEY (user_id),
   UNIQUE (email)
)';

$pdo->exec($user_table);
$select_stmt = $pdo->prepare('SELECT * FROM user');
$insert_stmt = $pdo->prepare('INSERT INTO user (email) VALUES (?)');
$_POST['email'] = 'bobby@tables.com';
echo "setup end\n\n";

echo "validate email & prepared statement begin\n";
$email = filter_var($_POST['email'] ?? false, FILTER_VALIDATE_EMAIL);
if ($email === false) {
    throw new InvalidArgumentException();
}
$insert_stmt->execute([$email]);
$select_stmt->execute();
var_dump($select_stmt->fetchAll());
echo "validate email & prepared statement end\n\n";

echo "prepared statement handles injection begin\n";
$email = "'little_bobby@tables.com'); DROP TABLE user; --";
$insert_stmt->execute([$email]);
$select_stmt->execute();
var_dump($select_stmt->fetchAll());
echo "prepared statement handles injection end\n\n";

echo "string query fails injection begin\n";
$email = "'little_bobby@tables.com'); DROP TABLE user; --";
$pdo->exec("INSERT INTO user (email) VALUES ({$email})");
$select_stmt->execute();
var_dump($select_stmt->fetchAll());
echo "string query fails injection end\n\n";

Output for git.master, git.master_jit, rfc.property-hooks: setup begin setup end validate email & prepared statement begin array(1) { [0]=> array(2) { ["user_id"]=> int(1) ["email"]=> string(16) "bobby@tables.com" } } validate email & prepared statement end prepared statement handles injection begin array(2) { [0]=> array(2) { ["user_id"]=> int(1) ["email"]=> string(16) "bobby@tables.com" } [1]=> array(2) { ["user_id"]=> int(2) ["email"]=> string(47) "'little_bobby@tables.com'); DROP TABLE user; --" } } prepared statement handles injection end string query fails injection begin Fatal error: Uncaught PDOException: SQLSTATE[HY000]: General error: 1 no such table: user in /in/Fh2Pt:42 Stack trace: #0 /in/Fh2Pt(42): PDOStatement->execute() #1 {main} thrown in /in/Fh2Pt on line 42
Process exited with code 255.

This tab shows result from various feature-branches currently under review by the php developers. Contact me to have additional branches featured.

Active branches

Archived branches

Once feature-branches are merged or declined, they are no longer available. Their functionality (when merged) can be viewed from the main output page

2022-12-01 RFC: Property hooks - included in PHP 8.4
2020-03-21 RFC: Is_Literal - declined
2020-12-04 Enumerations - included in PHP 8.1
2018-06-15 Typed Properties v2 - implemented in PHP 7.4
2016-08-12 Object typehint - included in PHP 7.2
2016-08-14 Arrow functions - withdrawn
2016-05-29 array_change_keys() - withdrawn
2016-04-19 Lexical scope support for anonymous classes - suspended
2016-04-17 Functional Interfaces - declined
2016-03-16 Typed Properties - superseded in favor of Typed Properties 2.0
2015-08-27 Callable Prototypes - declined
2015-05-01 Short Closures - declined / withdrawn in favor of Arrow Functions
2015-02-18 Scalar type hints v5 - included in PHP 7
2015-02-14 Union Types - declined
2013-09-22 Anonymous classes - included in PHP 7

preferences:dark modelive previewkey bindings