3v4l.org

run code in 300+ PHP versions simultaneously
<?php // We didn't check $_POST['password'], it could be anything the user wanted! For example: $username = 'aidan'; $password = "' OR ''='"; $username1 = mysql_real_escape_string('aidan'); $password1 = mysql_real_escape_string("' OR ''='"); // Query database to check if there are any matching users $query = "SELECT * FROM users WHERE user='$username' AND password='$password'"; // This means the query sent to MySQL would be: echo $query; ?>
Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 62) Position 1 = -2
filename:       /in/G3BrY
function name:  (null)
number of ops:  18
compiled vars:  !0 = $username, !1 = $password, !2 = $username1, !3 = $password1, !4 = $query
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
    3     0  E >   ASSIGN                                                   !0, 'aidan'
    4     1        ASSIGN                                                   !1, '%27+OR+%27%27%3D%27'
    6     2        INIT_FCALL_BY_NAME                                       'mysql_real_escape_string'
          3        SEND_VAL_EX                                              'aidan'
          4        DO_FCALL                                      0  $7      
          5        ASSIGN                                                   !2, $7
    7     6        INIT_FCALL_BY_NAME                                       'mysql_real_escape_string'
          7        SEND_VAL_EX                                              '%27+OR+%27%27%3D%27'
          8        DO_FCALL                                      0  $9      
          9        ASSIGN                                                   !3, $9
   10    10        ROPE_INIT                                     5  ~12     'SELECT+%2A+FROM+users+WHERE+user%3D%27'
         11        ROPE_ADD                                      1  ~12     ~12, !0
         12        ROPE_ADD                                      2  ~12     ~12, '%27+AND+password%3D%27'
         13        ROPE_ADD                                      3  ~12     ~12, !1
         14        ROPE_END                                      4  ~11     ~12, '%27'
         15        ASSIGN                                                   !4, ~11
   13    16        ECHO                                                     !4
   14    17      > RETURN                                                   1

Generated using Vulcan Logic Dumper, using php 8.0.0

preferences:
151.52 ms | 1393 KiB | 13 Q