3v4l.org

run code in 300+ PHP versions simultaneously
<?php /** * 安全地执行SQL语句. * * 该函数会将所有参数经过安全地转义, 用来替换SQL命令中的占位符, 最后送至服务器进行执行. * * 占位符是 %s , 如果需要在SQL命令中包含百分号, 请连写两个百分号. * * @param resource $conn 由 mysql_connect() 建立的MySQL数据库连接资源 * @param string $sql SQL语句, 可以包含占位符 * @param mixed $more... 用来替换占位符的参数 * * @return resource 该函数会返回 mysql_query() 的返回值. */ function safeSQL($conn,$sql,$more=NULL) { $args=func_get_args(); array_shift($args); array_shift($args); $offset=0; foreach($args as $i) { if(preg_match("/%([tT])/",$sql,$result,PREG_OFFSET_CAPTURE,$offset)) { $fStr=$result[1][0]; $pos=$result[1][1]; $tPos=$pos-1; while($sql[$pos]=="%") $tPos--; if(!(($pos-$tPos)%2)) continue; $value=mysql_real_escape_string($value,$conn); $sql=substr($sql,0,$pos-1) . $value . substr($sql,$pos+1); $offset=$pos + 1; } } $sql=str_replace("%%", "%", $sql); echo $sql."\n"; } safeSQL(0,"SELECT * FROM `user`"); safeSQL(0,"SELECT * FROM `user` WHERE `uname`='%s'","jybox"); safeSQL(0,"UPDATE `%s` SET `email`='%t' WHERE `uname`='%s'","user","m@jybox.net","jybox"); safeSQL(0,"SELECT * FROM `user` WHERE `uname` LIKE ='%%%s%%'","jybox"); safeSQL(0,"SELECT * FROM `user`");
Output for 7.0.0 - 7.0.20, 7.1.0 - 7.1.25, 7.2.0 - 7.2.33, 7.3.0 - 7.3.33, 7.4.0 - 7.4.33, 8.0.0 - 8.0.30, 8.1.0 - 8.1.28, 8.2.0 - 8.2.18, 8.3.0 - 8.3.6
SELECT * FROM `user` SELECT * FROM `user` WHERE `uname`='%s' Fatal error: Uncaught Error: Call to undefined function mysql_real_escape_string() in /in/JvcRZ:37 Stack trace: #0 /in/JvcRZ(52): safeSQL(0, 'UPDATE `%s` SET...', 'user', 'm@jybox.net', 'jybox') #1 {main} thrown in /in/JvcRZ on line 37
Process exited with code 255.
Output for 5.0.0 - 5.0.5, 5.1.0 - 5.1.6, 5.2.0 - 5.2.17, 5.3.0 - 5.3.29, 5.4.0 - 5.4.45, 5.5.0 - 5.5.36, 5.6.0 - 5.6.28
SELECT * FROM `user` SELECT * FROM `user` WHERE `uname`='%s' Fatal error: Call to undefined function mysql_real_escape_string() in /in/JvcRZ on line 37
Process exited with code 255.
Output for 4.3.3 - 4.3.11, 4.4.0 - 4.4.9
SELECT * FROM `user` SELECT * FROM `user` WHERE `uname`='%s' Notice: Undefined variable: value in /in/JvcRZ on line 37 Warning: mysql_real_escape_string() expects parameter 2 to be resource, integer given in /in/JvcRZ on line 37 UPDATE `%s` SET `email`='' WHERE `uname`='%s' SELECT * FROM `user` WHERE `uname` LIKE ='%%s%' SELECT * FROM `user`
Output for 4.3.0 - 4.3.2
SELECT * FROM `user` Warning: Wrong parameter count for preg_match() in /in/JvcRZ on line 25 SELECT * FROM `user` WHERE `uname`='%s' Warning: Wrong parameter count for preg_match() in /in/JvcRZ on line 25 Warning: Wrong parameter count for preg_match() in /in/JvcRZ on line 25 Warning: Wrong parameter count for preg_match() in /in/JvcRZ on line 25 UPDATE `%s` SET `email`='%t' WHERE `uname`='%s' Warning: Wrong parameter count for preg_match() in /in/JvcRZ on line 25 SELECT * FROM `user` WHERE `uname` LIKE ='%%s%' SELECT * FROM `user`
preferences:
261.9 ms | 402 KiB | 363 Q