<?php
function expandArguments(&$query, &$args) {
$modified = FALSE;
foreach (array_filter($args, 'is_array') as $key => $data) {
$new_keys = array();
var_dump($data);
foreach ($data as $i => $value) {
$new_keys[$key . '_' . $i] = $value;
}
$query = preg_replace(
'#' . $key . '\b#',
implode(', ', array_keys($new_keys)),
$query
);
unset($args[$key]);
$args += $new_keys;
$modified = TRUE;
}
return $modified;
}
function expandArguments2(&$query, &$args) {
$modified = FALSE;
foreach (array_filter($args, 'is_array') as $key => $data) {
$new_keys = array();
var_dump($data);
foreach (array_values($data) as $i => $value) {
$new_keys[$key . '_' . $i] = $value;
}
$query = preg_replace(
'#' . $key . '\b#',
implode(', ', array_keys($new_keys)),
$query
);
unset($args[$key]);
$args += $new_keys;
$modified = TRUE;
}
return $modified;
}
$query = "SELECT * FROM foo WHERE id IN (:ids)";
$args = array(
'ids' => array(
1,
2,
'0); DROP TABLE foo; --' => 3
)
);
expandArguments($query, $args);
var_dump($query, $args);
$query = "SELECT * FROM foo WHERE id IN (:ids)";
$args = array( 'ids' => array(
1,
2,
'0); DROP TABLE foo; --' => 3
) );
expandArguments2($query, $args);
var_dump($query, $args);
preferences:
45.88 ms | 402 KiB | 5 Q