3v4l.org

run code in 200+ php & hhvm versions
Bugs & Features
<?php //===================================================================================== //Apply real_escape_string to strip out SQL injection function makeSafe($value){ //if (isset($value)){ $value = mysql_real_escape_string($value); $value = $this->clean_html($value); $value = strip_tags(trim($value)); //} return $value; //return mysql_real_escape_string($value); } //===================================================================================== //Clean out html code. From html2txt() in http://us2.php.net/manual/en/function.strip-tags.php function clean_html($document){ $search = array( '@<script[^>]*?>.*?</script>@si', // Strip out javascript '@<[\/\!]*?[^<>]*?>@si', // Strip out HTML tags '@<style[^>]*?>.*?</style>@siU', // Strip style tags properly '@<![\s\S]*?--[ \t\n\r]*>@' // Strip multi-line comments including CDATA ); //Replace any of the patterns listed above $text = preg_replace($search, '', $document); //Replace or remove any illegal characters $text = preg_replace('/;/', ' ', $text); //semicolons $text = preg_replace('/"/', "'", $text); //double quotations $text = preg_replace('/[\%\?\*]/', ' ', $text); //wildcards $text = preg_replace('/[\:\`\$\/\\\=\~\<\>\|\!\^]/', ' ', $text); //other uneeded symbols $text = preg_replace('/[-]{2,}/', '-', $text); //more than 1 dash in a row $text = preg_replace("/[\']{2,}/", "'", $text); //more than 1 single quotation in a row $text = preg_replace("/[\&]{2,}/", '&', $text); //more than 1 ampersand in a row $text = preg_replace("/[ ]{2,}/", ' ', $text); //more than 1 space in a row //And replace any leftover special characters $text = htmlspecialchars($text, ENT_QUOTES, 'UTF-8'); //Return the value return $text; } $mystring = " Validating data... Done validating... test 123............stdClass Object ( [feedback_text] => Array ( [text] => Robert'); DROP TABLE Stftudents;--' ? Mom [format] => 1 ) [name] => connor - admin, 2 - john [email] => rcooper@c2ti.com [submitbutton] => Submit Feedback [text_len] => 41 )"; $mystring2 = makeSafe($mystring); echo $mystring2;
based on jm7jT
Output for 7.0.0 - 7.2.0
Fatal error: Uncaught Error: Call to undefined function mysql_real_escape_string() in /in/oDB8h:9 Stack trace: #0 /in/oDB8h(70): makeSafe('\nValidating dat...') #1 {main} thrown in /in/oDB8h on line 9
Process exited with code 255.
Output for 5.3.18 - 5.6.21
Fatal error: Call to undefined function mysql_real_escape_string() in /in/oDB8h on line 9
Process exited with code 255.