3v4l.org

run code in 300+ PHP versions simultaneously

@ 2014-11-03T18:43:33Z

<?php

function expandArguments(&$query, &$args) {
    $modified = FALSE;
    foreach (array_filter($args, 'is_array') as $key => $data) {
        $new_keys = array();
        foreach ($data as $i => $value) {
            $new_keys[$key . '_' . $i] = $value;
        }
        $query = preg_replace(
            '#' . $key . '\b#', 
            implode(', ', array_keys($new_keys)), 
            $query
        );
        unset($args[$key]);
        $args += $new_keys;
        $modified = TRUE;
    }
    return $modified;
}


function expandArguments2(&$query, &$args) {
    $modified = FALSE;
    foreach (array_filter($args, 'is_array') as $key => $data) {
        $new_keys = array();
        foreach (array_values($data) as $i => $value) {
            $new_keys[$key . '_' . $i] = $value;
        }
        $query = preg_replace(
            '#' . $key . '\b#', 
            implode(', ', array_keys($new_keys)), 
            $query
        );
        unset($args[$key]);
        $args += $new_keys;
        $modified = TRUE;
    }
    return $modified;
}



$query = "SELECT * FROM foo WHERE id IN (:ids)";
$args = array(
    'ids' => array(
        1,
        2,
        '0); DROP TABLE foo; --' => 3
    )
);
expandArguments($query, $args);

var_dump($query, $args);

Output for 4.3.0 - 4.3.11, 4.4.0 - 4.4.9, 5.0.0 - 5.0.5, 5.1.0 - 5.1.6, 5.2.0 - 5.2.17, 5.3.0 - 5.3.29, 5.4.0 - 5.4.45, 5.5.24 - 5.5.35, 5.6.7 - 5.6.28, 7.0.0 - 7.0.20, 7.1.0 - 7.1.25, 7.2.0 - 7.2.33, 7.3.0 - 7.3.33, 7.4.0 - 7.4.33, 8.0.0 - 8.0.30, 8.1.0 - 8.1.28, 8.2.0 - 8.2.18, 8.3.0 - 8.3.4, 8.3.6: string(73) "SELECT * FROM foo WHERE id IN (:ids_0, ids_1, ids_0); DROP TABLE foo; --)" array(3) { ["ids_0"]=> int(1) ["ids_1"]=> int(2) ["ids_0); DROP TABLE foo; --"]=> int(3) }
Output for 8.3.5: Warning: PHP Startup: Unable to load dynamic library 'sodium.so' (tried: /usr/lib/php/8.3.5/modules/sodium.so (libsodium.so.23: cannot open shared object file: No such file or directory), /usr/lib/php/8.3.5/modules/sodium.so.so (/usr/lib/php/8.3.5/modules/sodium.so.so: cannot open shared object file: No such file or directory)) in Unknown on line 0 string(73) "SELECT * FROM foo WHERE id IN (:ids_0, ids_1, ids_0); DROP TABLE foo; --)" array(3) { ["ids_0"]=> int(1) ["ids_1"]=> int(2) ["ids_0); DROP TABLE foo; --"]=> int(3) }

preferences:dark modelive preview

241.34 ms | 402 KiB | 327 Q