3v4l.org

run code in 300+ PHP versions simultaneously
<?php function expandArguments(&$query, &$args) { $modified = FALSE; foreach (array_filter($args, 'is_array') as $key => $data) { $new_keys = array(); var_dump($data); foreach ($data as $i => $value) { $new_keys[$key . '_' . $i] = $value; } $query = preg_replace( '#' . $key . '\b#', implode(', ', array_keys($new_keys)), $query ); unset($args[$key]); $args += $new_keys; $modified = TRUE; } return $modified; } function expandArguments2(&$query, &$args) { $modified = FALSE; foreach (array_filter($args, 'is_array') as $key => $data) { $new_keys = array(); var_dump($data); foreach (array_values($data) as $i => $value) { $new_keys[$key . '_' . $i] = $value; } $query = preg_replace( '#' . $key . '\b#', implode(', ', array_keys($new_keys)), $query ); unset($args[$key]); $args += $new_keys; $modified = TRUE; } return $modified; } $query = "SELECT * FROM foo WHERE id IN (:ids)"; $args = array( 'ids' => array( 1, 2, '0); DROP TABLE foo; --' => 3 ) ); expandArguments($query, $args); var_dump($query, $args); $query = "SELECT * FROM foo WHERE id IN (:ids)"; $args = array( 'ids' => array( 1, 2, '0); DROP TABLE foo; --' => 3 ) ); expandArguments2($query, $args); var_dump($query, $args);
Output for 4.3.0 - 4.3.11, 4.4.0 - 4.4.9, 5.0.0 - 5.0.5, 5.1.0 - 5.1.6, 5.2.0 - 5.2.17, 5.3.0 - 5.3.29, 5.4.0 - 5.4.45, 5.5.24 - 5.5.35, 5.6.7 - 5.6.28, 7.0.0 - 7.0.20, 7.1.0 - 7.1.7, 7.1.20 - 7.1.33, 7.2.0 - 7.2.33, 7.3.0 - 7.3.33, 7.4.0 - 7.4.33, 8.0.0 - 8.0.30, 8.1.0 - 8.1.28, 8.2.0 - 8.2.18, 8.3.0 - 8.3.6
array(3) { [0]=> int(1) [1]=> int(2) ["0); DROP TABLE foo; --"]=> int(3) } string(73) "SELECT * FROM foo WHERE id IN (:ids_0, ids_1, ids_0); DROP TABLE foo; --)" array(3) { ["ids_0"]=> int(1) ["ids_1"]=> int(2) ["ids_0); DROP TABLE foo; --"]=> int(3) } array(3) { [0]=> int(1) [1]=> int(2) ["0); DROP TABLE foo; --"]=> int(3) } string(52) "SELECT * FROM foo WHERE id IN (:ids_0, ids_1, ids_2)" array(3) { ["ids_0"]=> int(1) ["ids_1"]=> int(2) ["ids_2"]=> int(3) }
Output for 7.1.10

Process exited with code 137.
preferences:
231.89 ms | 401 KiB | 343 Q