3v4l.org

run code in 300+ PHP versions simultaneously
<?php var_dump(preg_replace("/sensitive/i", "INSENSITIVE", "This is case sensitive")); // URL encoded "/i" with NULL byte; $evilInput = urldecode("%2Fi%00"); $pattern = "/not " . $evilInput . "/"; var_dump(preg_replace($pattern, "TOTALLY ", "preg_replace is NOT injectable!"));
Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 62) Position 1 = -2
filename:       /in/Kp2FC
function name:  (null)
number of ops:  24
compiled vars:  !0 = $evilInput, !1 = $pattern
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
    3     0  E >   INIT_FCALL                                               'var_dump'
          1        INIT_FCALL                                               'preg_replace'
          2        SEND_VAL                                                 '%2Fsensitive%2Fi'
          3        SEND_VAL                                                 'INSENSITIVE'
          4        SEND_VAL                                                 'This+is+case+sensitive'
          5        DO_ICALL                                         $2      
          6        SEND_VAR                                                 $2
          7        DO_ICALL                                                 
    6     8        INIT_FCALL                                               'urldecode'
          9        SEND_VAL                                                 '%252Fi%2500'
         10        DO_ICALL                                         $4      
         11        ASSIGN                                                   !0, $4
    7    12        CONCAT                                           ~6      '%2Fnot+', !0
         13        CONCAT                                           ~7      ~6, '%2F'
         14        ASSIGN                                                   !1, ~7
    8    15        INIT_FCALL                                               'var_dump'
         16        INIT_FCALL                                               'preg_replace'
         17        SEND_VAR                                                 !1
         18        SEND_VAL                                                 'TOTALLY+'
         19        SEND_VAL                                                 'preg_replace+is+NOT+injectable%21'
         20        DO_ICALL                                         $9      
         21        SEND_VAR                                                 $9
         22        DO_ICALL                                                 
         23      > RETURN                                                   1

Generated using Vulcan Logic Dumper, using php 8.0.0

preferences:
150.48 ms | 1012 KiB | 16 Q