- var_dump: documentation ( source)
- preg_replace: documentation ( source)
<?php
function dangerous()
{
echo 'include("http://google.com/")';
}
$arg = '09{${dangerous()}}';
preg_replace("/([0-9]+)(.+)/e",'list($var, $var2) = array("$1", "$2")', $arg);
var_dump($var, $var2);