3v4l.org

run code in 300+ PHP versions simultaneously
<html> <body> <?php if(isset($_POST['login'])) { $username = $_POST['username']; $password = $_POST['password']; $con = mysqli_connect("localhost","compsec","compsec","mydb"); $result = mysqli_query($con, "SELECT * FROM `users` WHERE username='$username' AND password='$password'"); if(mysqli_num_rows($result) == 0) echo 'You have entered an invalid username and/or password'; else echo '<h1>Successfully logged in.</h1><p>This text will only be displayed when you have logged in with valid credentials.</p>'; } else { ?> <form action="" method="post"> Username: <input type="text" name="username"/><br /> Password: <input type="password" name="password"/><br /> <input type="submit" name="login" value="Login"/> </form> <?php } ?> </body> </html>
Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 43) Position 1 = 4, Position 2 = 36
Branch analysis from position: 4
2 jumps found. (Code = 43) Position 1 = 32, Position 2 = 34
Branch analysis from position: 32
1 jumps found. (Code = 42) Position 1 = 35
Branch analysis from position: 35
1 jumps found. (Code = 42) Position 1 = 37
Branch analysis from position: 37
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 34
1 jumps found. (Code = 42) Position 1 = 37
Branch analysis from position: 37
Branch analysis from position: 36
1 jumps found. (Code = 62) Position 1 = -2
filename:       /in/lJErj
function name:  (null)
number of ops:  39
compiled vars:  !0 = $username, !1 = $password, !2 = $con, !3 = $result
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
    1     0  E >   ECHO                                                     '%3Chtml%3E%0A%3Cbody%3E%0A'
    4     1        FETCH_IS                                         ~4      '_POST'
          2        ISSET_ISEMPTY_DIM_OBJ                         0          ~4, 'login'
          3      > JMPZ                                                     ~5, ->36
    5     4    >   FETCH_R                      global              ~6      '_POST'
          5        FETCH_DIM_R                                      ~7      ~6, 'username'
          6        ASSIGN                                                   !0, ~7
    6     7        FETCH_R                      global              ~9      '_POST'
          8        FETCH_DIM_R                                      ~10     ~9, 'password'
          9        ASSIGN                                                   !1, ~10
    7    10        INIT_FCALL_BY_NAME                                       'mysqli_connect'
         11        SEND_VAL_EX                                              'localhost'
         12        SEND_VAL_EX                                              'compsec'
         13        SEND_VAL_EX                                              'compsec'
         14        SEND_VAL_EX                                              'mydb'
         15        DO_FCALL                                      0  $12     
         16        ASSIGN                                                   !2, $12
    8    17        INIT_FCALL_BY_NAME                                       'mysqli_query'
         18        SEND_VAR_EX                                              !2
         19        ROPE_INIT                                     5  ~15     'SELECT+%2A+FROM+%60users%60+WHERE+username%3D%27'
         20        ROPE_ADD                                      1  ~15     ~15, !0
         21        ROPE_ADD                                      2  ~15     ~15, '%27+AND+password%3D%27'
         22        ROPE_ADD                                      3  ~15     ~15, !1
         23        ROPE_END                                      4  ~14     ~15, '%27'
         24        SEND_VAL_EX                                              ~14
         25        DO_FCALL                                      0  $18     
         26        ASSIGN                                                   !3, $18
   10    27        INIT_FCALL_BY_NAME                                       'mysqli_num_rows'
         28        SEND_VAR_EX                                              !3
         29        DO_FCALL                                      0  $20     
         30        IS_EQUAL                                                 $20, 0
         31      > JMPZ                                                     ~21, ->34
   11    32    >   ECHO                                                     'You+have+entered+an+invalid+username+and%2For+password'
         33      > JMP                                                      ->35
   13    34    >   ECHO                                                     '%3Ch1%3ESuccessfully+logged+in.%3C%2Fh1%3E%3Cp%3EThis+text+will+only+be+displayed+when+you+have+logged+in+with+valid+credentials.%3C%2Fp%3E'
         35    > > JMP                                                      ->37
   18    36    >   ECHO                                                     '++++++++%3Cform+action%3D%22%22+method%3D%22post%22%3E%0A++++++++++++Username%3A+%3Cinput+type%3D%22text%22+name%3D%22username%22%2F%3E%3Cbr+%2F%3E%0A++++++++++++Password%3A+%3Cinput+type%3D%22password%22+name%3D%22password%22%2F%3E%3Cbr+%2F%3E%0A++++++++++++%3Cinput+type%3D%22submit%22+name%3D%22login%22+value%3D%22Login%22%2F%3E%0A++++++++%3C%2Fform%3E%0A'
   26    37    >   ECHO                                                     '%3C%2Fbody%3E%0A%3C%2Fhtml%3E'
   27    38      > RETURN                                                   1

Generated using Vulcan Logic Dumper, using php 8.0.0

preferences:
144.94 ms | 1399 KiB | 13 Q