<?php
function escape_string($s)
{
$r = ''; for($i=0;@$s[$i];$i++)
{
if($s[$i]!='\'')
if($s[$i]!='"')
if($s[$i]!='\\')
if($s[$i]!="\n")
if($s[$i]!="\r")
if($s[$i]!="\x1a")
{
$r .= $s[$i];
continue;
}
$r .= '?';
}
return $r;
}
$password = '{$help}}';
$password = escape_string($password);
$query = "select 1 from auth where password='{$password}'";
echo($query);
?>
- Output for 5.2.10 - 5.2.17, 5.3.0 - 5.3.29, 5.4.0 - 5.4.45, 5.5.0 - 5.5.38, 5.6.0 - 5.6.40, 7.0.0 - 7.0.33, 7.1.0 - 7.1.33, 7.2.0 - 7.2.33, 7.3.0 - 7.3.33, 7.4.0 - 7.4.33, 8.0.0 - 8.0.30, 8.1.0 - 8.1.28, 8.2.0 - 8.2.18, 8.3.0 - 8.3.6
- select 1 from auth where password='{$help}}'
- Output for 4.3.0 - 4.3.11, 4.4.0 - 4.4.9, 5.0.0 - 5.0.5, 5.1.0 - 5.1.6, 5.2.0 - 5.2.9
- Notice: Uninitialized string offset: 8 in /in/U9lSc on line 5
select 1 from auth where password='{$help}}'
preferences:
294.19 ms | 402 KiB | 456 Q