3v4l.org

run code in 150+ php & hhvm versions
Bugs & Features
<?php function expandArguments(&$query, &$args) { $modified = FALSE; foreach (array_filter($args, 'is_array') as $key => $data) { $new_keys = array(); var_dump($data); foreach ($data as $i => $value) { $new_keys[$key . '_' . $i] = $value; } $query = preg_replace( '#' . $key . '\b#', implode(', ', array_keys($new_keys)), $query ); unset($args[$key]); $args += $new_keys; $modified = TRUE; } return $modified; } function expandArguments2(&$query, &$args) { $modified = FALSE; foreach (array_filter($args, 'is_array') as $key => $data) { $new_keys = array(); var_dump($data); foreach (array_values($data) as $i => $value) { $new_keys[$key . '_' . $i] = $value; } $query = preg_replace( '#' . $key . '\b#', implode(', ', array_keys($new_keys)), $query ); unset($args[$key]); $args += $new_keys; $modified = TRUE; } return $modified; } $query = "SELECT * FROM foo WHERE id IN (:ids)"; $args = array( 'ids' => array( 1, 2, '0); DROP TABLE foo; --' => 3 ) ); expandArguments($query, $args); var_dump($query, $args); $query = "SELECT * FROM foo WHERE id IN (:ids)"; $args = array( 'ids' => array( 1, 2, '0); DROP TABLE foo; --' => 3 ) ); expandArguments2($query, $args); var_dump($query, $args);
based on PSkcI
Output for 4.3.0 - 7.1.0
array(3) { [0]=> int(1) [1]=> int(2) ["0); DROP TABLE foo; --"]=> int(3) } string(73) "SELECT * FROM foo WHERE id IN (:ids_0, ids_1, ids_0); DROP TABLE foo; --)" array(3) { ["ids_0"]=> int(1) ["ids_1"]=> int(2) ["ids_0); DROP TABLE foo; --"]=> int(3) } array(3) { [0]=> int(1) [1]=> int(2) ["0); DROP TABLE foo; --"]=> int(3) } string(52) "SELECT * FROM foo WHERE id IN (:ids_0, ids_1, ids_2)" array(3) { ["ids_0"]=> int(1) ["ids_1"]=> int(2) ["ids_2"]=> int(3) }