<?php
$name = "' limit 10#";
if(!preg_match('/sleep|benchmark|and|or|\||&/i', $name)) {
echo "SELECT name,email FROM user where name='".$name."'";
}
else
{
echo "loser";
}
?>
- Output for 4.3.0 - 4.3.11, 4.4.0 - 4.4.9, 5.0.0 - 5.0.5, 5.1.0 - 5.1.6, 5.2.0 - 5.2.17, 5.3.0 - 5.3.29, 5.4.0 - 5.4.45, 5.5.24 - 5.5.35, 5.6.8 - 5.6.21, 7.0.0 - 7.0.20, 7.1.0 - 7.1.20, 7.2.6 - 7.2.33, 7.3.16 - 7.3.33, 7.4.0 - 7.4.33, 8.0.0 - 8.0.30, 8.1.0 - 8.1.28, 8.2.0 - 8.2.18, 8.3.0 - 8.3.6
- SELECT name,email FROM user where name='' limit 10#'
preferences:
210.82 ms | 406 KiB | 309 Q