3v4l.org

run code in 200+ php & hhvm versions
Bugs & Features
<?php //$search = htmlentities($_GET['search']); $search=htmlentities("phpinfo()////|apple/e\x00"); echo $search; if (strpos($search, 'apple') !== false){ echo preg_replace("/".$search."/", $search." <img src='".$search.".png'>", "apple"); }elseif (strpos($search, 'orange') !== false){ echo preg_replace("/".$search."/", $search." <img src='".$search.".png'>", "orange"); }elseif (strpos($search, 'banana') !== false){ echo preg_replace("/".$search."/", $search." <img src='".$search.".png'>", "banana"); }elseif (strpos($search, 'kiwi') !== false){ echo preg_replace("/".$search."/", $search." <img src='".$search.".png'>", "kiwi"); }else echo "Please search for apple, orange, banana, or kiwi.";
Finding entry points
Branch analysis from position: 0
Jump found. Position 1 = 11, Position 2 = 23
Branch analysis from position: 11
Jump found. Position 1 = 78
Branch analysis from position: 78
Jump found. Position 1 = -2
Branch analysis from position: 23
Jump found. Position 1 = 29, Position 2 = 41
Branch analysis from position: 29
Jump found. Position 1 = 78
Branch analysis from position: 78
Branch analysis from position: 41
Jump found. Position 1 = 47, Position 2 = 59
Branch analysis from position: 47
Jump found. Position 1 = 78
Branch analysis from position: 78
Branch analysis from position: 59
Jump found. Position 1 = 65, Position 2 = 77
Branch analysis from position: 65
Jump found. Position 1 = 78
Branch analysis from position: 78
Branch analysis from position: 77
Jump found. Position 1 = -2
filename:       /in/j9t3P
function name:  (null)
number of ops:  79
compiled vars:  !0 = $search
line     #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
   3     0  E >   INIT_FCALL                                               'htmlentities'
         1        SEND_VAL                                                 'phpinfo%28%29%2F%2F%2F%2F%7Capple%2Fe%00'
         2        DO_ICALL                                         $1      
         3        ASSIGN                                                   !0, $1
   4     4        ECHO                                                     !0
   5     5        INIT_FCALL                                               'strpos'
         6        SEND_VAR                                                 !0
         7        SEND_VAL                                                 'apple'
         8        DO_ICALL                                         $3      
         9        IS_NOT_IDENTICAL                                 ~4      $3, <false>
        10      > JMPZ                                                     ~4, ->23
   6    11    >   INIT_FCALL                                               'preg_replace'
        12        CONCAT                                           ~5      '%2F', !0
        13        CONCAT                                           ~6      ~5, '%2F'
        14        SEND_VAL                                                 ~6
        15        CONCAT                                           ~7      !0, '+%3Cimg+src%3D%27'
        16        CONCAT                                           ~8      ~7, !0
        17        CONCAT                                           ~9      ~8, '.png%27%3E'
        18        SEND_VAL                                                 ~9
        19        SEND_VAL                                                 'apple'
        20        DO_ICALL                                         $10     
        21        ECHO                                                     $10
        22      > JMP                                                      ->78
   7    23    >   INIT_FCALL                                               'strpos'
        24        SEND_VAR                                                 !0
        25        SEND_VAL                                                 'orange'
        26        DO_ICALL                                         $11     
        27        IS_NOT_IDENTICAL                                 ~12     $11, <false>
        28      > JMPZ                                                     ~12, ->41
   8    29    >   INIT_FCALL                                               'preg_replace'
        30        CONCAT                                           ~13     '%2F', !0
        31        CONCAT                                           ~14     ~13, '%2F'
        32        SEND_VAL                                                 ~14
        33        CONCAT                                           ~15     !0, '+%3Cimg+src%3D%27'
        34        CONCAT                                           ~16     ~15, !0
        35        CONCAT                                           ~17     ~16, '.png%27%3E'
        36        SEND_VAL                                                 ~17
        37        SEND_VAL                                                 'orange'
        38        DO_ICALL                                         $18     
        39        ECHO                                                     $18
        40      > JMP                                                      ->78
   9    41    >   INIT_FCALL                                               'strpos'
        42        SEND_VAR                                                 !0
        43        SEND_VAL                                                 'banana'
        44        DO_ICALL                                         $19     
        45        IS_NOT_IDENTICAL                                 ~20     $19, <false>
        46      > JMPZ                                                     ~20, ->59
  10    47    >   INIT_FCALL                                               'preg_replace'
        48        CONCAT                                           ~21     '%2F', !0
        49        CONCAT                                           ~22     ~21, '%2F'
        50        SEND_VAL                                                 ~22
        51        CONCAT                                           ~23     !0, '+%3Cimg+src%3D%27'
        52        CONCAT                                           ~24     ~23, !0
        53        CONCAT                                           ~25     ~24, '.png%27%3E'
        54        SEND_VAL                                                 ~25
        55        SEND_VAL                                                 'banana'
        56        DO_ICALL                                         $26     
        57        ECHO                                                     $26
        58      > JMP                                                      ->78
  11    59    >   INIT_FCALL                                               'strpos'
        60        SEND_VAR                                                 !0
        61        SEND_VAL                                                 'kiwi'
        62        DO_ICALL                                         $27     
        63        IS_NOT_IDENTICAL                                 ~28     $27, <false>
        64      > JMPZ                                                     ~28, ->77
  12    65    >   INIT_FCALL                                               'preg_replace'
        66        CONCAT                                           ~29     '%2F', !0
        67        CONCAT                                           ~30     ~29, '%2F'
        68        SEND_VAL                                                 ~30
        69        CONCAT                                           ~31     !0, '+%3Cimg+src%3D%27'
        70        CONCAT                                           ~32     ~31, !0
        71        CONCAT                                           ~33     ~32, '.png%27%3E'
        72        SEND_VAL                                                 ~33
        73        SEND_VAL                                                 'kiwi'
        74        DO_ICALL                                         $34     
        75        ECHO                                                     $34
        76      > JMP                                                      ->78
  13    77    >   ECHO                                                     'Please+search+for+apple%2C+orange%2C+banana%2C+or+kiwi.'
        78    > > RETURN                                                   1

Generated using Vulcan Logic Dumper, using php 7.2.0