3v4l.org

run code in 200+ php & hhvm versions
Bugs & Features
<?php function escape_string($s) { $r = ''; for($i=0;@$s[$i];$i++) { if($s[$i]!='\'') if($s[$i]!='"') if($s[$i]!='\\') if($s[$i]!="\n") if($s[$i]!="\r") if($s[$i]!="\x1a") { $r .= $s[$i]; continue; } $r .= '?'; } return $r; } $password = '\' or \"1\"=\"1\"'; $password = escape_string($password); $query = "select 1 from auth where password='{$password}'"; echo($query); ?>
based on Sh2iE
Output for 5.2.10 - 7.1.7
select 1 from auth where password='? or ??1??=??1??'
Output for 4.3.0 - 5.2.9
Notice: Uninitialized string offset: 16 in /in/qk6is on line 5 select 1 from auth where password='? or ??1??=??1??'