3v4l.org

run code in 300+ PHP versions simultaneously
<?php $_GET['search'] = "' onclick='alert(1337)"; ?> <input name=search value='<?= htmlspecialchars($_GET['search']); ?>'>

preferences:
23.3 ms | 407 KiB | 5 Q