<?php function expandArguments(&$query, &$args) { $modified = FALSE; foreach (array_filter($args, 'is_array') as $key => $data) { $new_keys = array(); var_dump($data); foreach ($data as $i => $value) { $new_keys[$key . '_' . $i] = $value; } $query = preg_replace( '#' . $key . '\b#', implode(', ', array_keys($new_keys)), $query ); unset($args[$key]); $args += $new_keys; $modified = TRUE; } return $modified; } function expandArguments2(&$query, &$args) { $modified = FALSE; foreach (array_filter($args, 'is_array') as $key => $data) { $new_keys = array(); var_dump($data); foreach (array_values($data) as $i => $value) { $new_keys[$key . '_' . $i] = $value; } $query = preg_replace( '#' . $key . '\b#', implode(', ', array_keys($new_keys)), $query ); unset($args[$key]); $args += $new_keys; $modified = TRUE; } return $modified; } $query = "SELECT * FROM foo WHERE id IN (:ids)"; $args = array( 'ids' => array( 1, 2, '0); DROP TABLE foo; --' => 3 ) ); expandArguments($query, $args); var_dump($query, $args); $query = "SELECT * FROM foo WHERE id IN (:ids)"; $args = array( 'ids' => array( 1, 2, '0); DROP TABLE foo; --' => 3 ) ); expandArguments2($query, $args); var_dump($query, $args);
You have javascript disabled. You will not be able to edit any code.