3v4l.org

run code in 300+ PHP versions simultaneously
<?php // -- PULLING IN PRODUCTS TO READ OUT TO USER -- // $stmt = (" SELECT products.ID, products.title, products.category, products.location, products.price, products.negotiable, products.description, products.photo, products.user_id FROM products"); $result = $db->query($stmt); foreach ($result as $row) { $product_id = $row['ID']; $title = htmlspecialchars($row['title'], ENT_QUOTES); // User input, prevent first order XSS $category = $row['category']; // local variable for remainder, ensuring to use htmlspecialchars() for any user input that will be read out to browser } // -- INSERTING PRODUCTS TO MAIN PRODUCT PAGE USING PREPARED STATEMENT -- // // Incoming user input from some form // Assign input to local variables // Probably should validate data $null_value = null; // To bind null values... I'm lazy $stmt = $db->prepare(" INSERT INTO products VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)"); $stmt->bind_param('sssssssss', $null_value, $title, $category, $location, $price, $negotiable, $description, $photo, $user_id); $stmt->execute(); $result = $stmt->get_result();
Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 77) Position 1 = 6, Position 2 = 18
Branch analysis from position: 6
2 jumps found. (Code = 78) Position 1 = 7, Position 2 = 18
Branch analysis from position: 7
1 jumps found. (Code = 42) Position 1 = 6
Branch analysis from position: 6
Branch analysis from position: 18
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 18
filename:       /in/rqT4l
function name:  (null)
number of ops:  42
compiled vars:  !0 = $stmt, !1 = $result, !2 = $db, !3 = $row, !4 = $product_id, !5 = $title, !6 = $category, !7 = $null_value, !8 = $location, !9 = $price, !10 = $negotiable, !11 = $description, !12 = $photo, !13 = $user_id
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
    5     0  E >   ASSIGN                                                   !0, '%0A++++SELECT%0A++++++++products.ID%2C%0A++++++++products.title%2C%0A++++++++products.category%2C%0A++++++++products.location%2C%0A++++++++products.price%2C%0A++++++++products.negotiable%2C%0A++++++++products.description%2C%0A++++++++products.photo%2C%0A++++++++products.user_id%0A++++FROM%0A++++++++products'
   20     1        INIT_METHOD_CALL                                         !2, 'query'
          2        SEND_VAR_EX                                              !0
          3        DO_FCALL                                      0  $15     
          4        ASSIGN                                                   !1, $15
   22     5      > FE_RESET_R                                       $17     !1, ->18
          6    > > FE_FETCH_R                                               $17, !3, ->18
   23     7    >   FETCH_DIM_R                                      ~18     !3, 'ID'
          8        ASSIGN                                                   !4, ~18
   24     9        INIT_FCALL                                               'htmlspecialchars'
         10        FETCH_DIM_R                                      ~20     !3, 'title'
         11        SEND_VAL                                                 ~20
         12        SEND_VAL                                                 3
         13        DO_ICALL                                         $21     
         14        ASSIGN                                                   !5, $21
   25    15        FETCH_DIM_R                                      ~23     !3, 'category'
         16        ASSIGN                                                   !6, ~23
   22    17      > JMP                                                      ->6
         18    >   FE_FREE                                                  $17
   36    19        ASSIGN                                                   !7, null
   38    20        INIT_METHOD_CALL                                         !2, 'prepare'
         21        SEND_VAL_EX                                              '%0A++++INSERT+INTO%0A++++++++products%0A++++VALUES%0A++++++++%28%3F%2C+%3F%2C+%3F%2C+%3F%2C+%3F%2C+%3F%2C+%3F%2C+%3F%2C+%3F%29'
         22        DO_FCALL                                      0  $26     
         23        ASSIGN                                                   !0, $26
   44    24        INIT_METHOD_CALL                                         !0, 'bind_param'
         25        SEND_VAL_EX                                              'sssssssss'
         26        SEND_VAR_EX                                              !7
         27        SEND_VAR_EX                                              !5
         28        SEND_VAR_EX                                              !6
         29        SEND_VAR_EX                                              !8
         30        SEND_VAR_EX                                              !9
         31        SEND_VAR_EX                                              !10
         32        SEND_VAR_EX                                              !11
         33        SEND_VAR_EX                                              !12
         34        SEND_VAR_EX                                              !13
         35        DO_FCALL                                      0          
   55    36        INIT_METHOD_CALL                                         !0, 'execute'
         37        DO_FCALL                                      0          
   56    38        INIT_METHOD_CALL                                         !0, 'get_result'
         39        DO_FCALL                                      0  $30     
         40        ASSIGN                                                   !1, $30
         41      > RETURN                                                   1

Generated using Vulcan Logic Dumper, using php 8.0.0

preferences:
176.69 ms | 1400 KiB | 15 Q