Online PHP editor | rfc for JvcRZ

@ 2013-01-17T15:29:45Z

<?php
/**
*   安全地执行SQL语句.
*
*   该函数会将所有参数经过安全地转义, 用来替换SQL命令中的占位符, 最后送至服务器进行执行.
*
*   占位符是 %s , 如果需要在SQL命令中包含百分号, 请连写两个百分号.
*
*   @param resource $conn    由 mysql_connect() 建立的MySQL数据库连接资源
*   @param string   $sql     SQL语句, 可以包含占位符
*   @param mixed    $more... 用来替换占位符的参数 
*
*   @return resource    该函数会返回 mysql_query() 的返回值.
*/

function safeSQL($conn,$sql,$more=NULL)
{
    $args=func_get_args();
    array_shift($args);
    array_shift($args);

    $offset=0;
    foreach($args as $i)
    {
        if(preg_match("/%([tT])/",$sql,$result,PREG_OFFSET_CAPTURE,$offset))
        {
            $fStr=$result[1][0];
            $pos=$result[1][1];

            $tPos=$pos-1;
            while($sql[$pos]=="%")
                $tPos--;

            if(!(($pos-$tPos)%2))
                continue;

            $value=mysql_real_escape_string($value,$conn);

            $sql=substr($sql,0,$pos-1) . $value . substr($sql,$pos+1);

            $offset=$pos + 1;
        }
    }

    $sql=str_replace("%%", "%", $sql);

    echo $sql."\n";
}

safeSQL(0,"SELECT * FROM `user`");
safeSQL(0,"SELECT * FROM `user` WHERE `uname`='%s'","jybox");
safeSQL(0,"UPDATE `%s` SET `email`='%t' WHERE `uname`='%s'","user","m@jybox.net","jybox");
safeSQL(0,"SELECT * FROM `user` WHERE `uname` LIKE ='%%%s%%'","jybox");
safeSQL(0,"SELECT * FROM `user`");

Output for git.master, git.master_jit, rfc.property-hooks: SELECT * FROM `user` SELECT * FROM `user` WHERE `uname`='%s' Fatal error: Uncaught Error: Call to undefined function mysql_real_escape_string() in /in/JvcRZ:37 Stack trace: #0 /in/JvcRZ(52): safeSQL(0, 'UPDATE `%s` SET...', 'user', 'm@jybox.net', 'jybox') #1 {main} thrown in /in/JvcRZ on line 37
Process exited with code 255.

This tab shows result from various feature-branches currently under review by the php developers. Contact me to have additional branches featured.

Active branches

Archived branches

Once feature-branches are merged or declined, they are no longer available. Their functionality (when merged) can be viewed from the main output page

2020-03-21 RFC: Is_Literal - declined
2020-12-04 Enumerations - included in PHP 8.1
2018-06-15 Typed Properties v2 - implemented in PHP 7.4
2016-08-12 Object typehint - included in PHP 7.2
2016-08-14 Arrow functions - withdrawn
2016-05-29 array_change_keys() - withdrawn
2016-04-19 Lexical scope support for anonymous classes - suspended
2016-04-17 Functional Interfaces - declined
2016-03-16 Typed Properties - superseded in favor of Typed Properties 2.0
2015-08-27 Callable Prototypes - declined
2015-05-01 Short Closures - declined / withdrawn in favor of Arrow Functions
2015-02-18 Scalar type hints v5 - included in PHP 7
2015-02-14 Union Types - declined
2013-09-22 Anonymous classes - included in PHP 7

preferences:dark modelive preview