3v4l.org

run code in 300+ PHP versions simultaneously
<?php class sqli_protected_db { private $db; public function __construct() { // $this->db = new mysqli('localhost', 'username', 'password', 'database'); } public function query(String $sql, Array $parameters = [], Array $aliases = []) { if (!is_literal($sql)) { echo '[WRONG] '; } foreach ($aliases as $name => $value) { $sql = str_replace('{' . $name . '}', '`' . str_replace('`', '``', $value) . '`', $sql); } echo $sql . "\n\n"; // print_r(iterator_to_array($this->db->execute_query($sql, $parameters))); } } $db = new sqli_protected_db(); $id = ($_GET['id'] ?? chr(53)); // non-LiteralString '5' $order = ($_GET['order'] ?? chr(110)); // non-LiteralString 'n' $db->query('SELECT name FROM user WHERE id = ?', [$id]); // Correct $db->query('SELECT name FROM user WHERE id = ' . $id); // WRONG $db->query('SELECT name FROM user ORDER BY {o}', [], ['o' => $order]); // Correct $db->query('SELECT name FROM user ORDER BY ' . $order); // WRONG echo "-----\n\n"; class query_builder { public function where(String $column, ?String $operator = null, $value = null) { if (!is_literal($column) || (!is_literal($operator) && $operator !== null)) { echo '[WRONG] '; } echo $column . ($operator === null ? '' : ' ' . $operator) . ($value === null ? '' : ' ?') . "\n\n"; } } $qb = new query_builder(); $name = ($_GET['name'] ?? chr(110)); // non-LiteralString 'n' $field = ($_GET['field'] ?? chr(102)); // non-LiteralString 'f' $value = ($_GET['value'] ?? chr(118)); // non-LiteralString 'v' $qb->where('CONCAT(name_first, " ", name_last)', 'LIKE', $name); // Correct $qb->where('CONCAT(name_first, " ", name_last) LIKE "' . $name . '"'); // WRONG $qb->where('some_value IS NULL'); // Correct $qb->where($field, '=', $value); // WRONG echo "-----\n\n"; // https://github.com/doctrine/orm/blob/2.12.x/lib/Doctrine/ORM/Query/Expr/Func.php class Func { protected $name; protected $arguments; public function __construct($name, $arguments) { $this->name = $name; $this->arguments = $arguments; } public function __toString() { return $this->name . '(' . implode(', ', $this->arguments) . ')'; } } function check_func(Func $func) { $sql = (string) $func; if (!is_literal($sql)) { echo '[WRONG] '; } echo $sql . "\n\n"; } $func = ($_GET['func'] ?? chr(102)); // non-LiteralString 'f' $value = ($_GET['value'] ?? chr(118)); // non-LiteralString 'v' check_func(new Func('MIN', ['field1', 'field2'])); // Correct check_func(new Func($func, ['field1', 'field2'])); // WRONG check_func(new Func('MIN', ['field1', $value])); // WRONG ?>

Here you find the average performance (time & memory) of each version. A grayed out version indicates it didn't complete successfully (based on exit-code).

VersionSystem time (s)User time (s)Memory (MiB)
8.4.120.0080.01220.71
8.4.110.0120.00818.75
8.4.100.0140.00618.04
8.4.90.0120.00720.58
8.4.80.0100.00918.84
8.4.70.0100.00518.08
8.4.60.0130.01018.91
8.4.50.0030.00620.56
8.4.40.0100.01419.72
8.4.30.0050.00320.62
8.4.20.0100.01019.89
8.4.10.0120.00823.86
8.3.250.0100.00818.80
8.3.240.0110.00916.92
8.3.230.0120.00816.88
8.3.220.0030.00418.88
8.3.210.0070.01216.98
8.3.200.0050.00416.79
8.3.190.0130.00716.66
8.3.180.0140.00518.49
8.3.170.0070.00717.27
8.3.160.0060.01318.59
8.3.150.0040.01118.87
8.3.140.0040.00418.77
8.3.130.0070.01018.51
8.3.120.0060.00920.75
8.3.110.0030.00620.94
8.3.100.0090.00024.06
8.3.90.0110.00026.77
8.3.80.0070.00418.56
8.3.70.0150.00016.38
8.3.60.0090.00618.68
8.3.50.0120.00618.50
8.3.40.0140.00020.32
8.3.30.0030.01318.83
8.3.20.0080.00024.18
8.3.10.0000.00824.66
8.3.00.0040.00426.16
8.2.290.0150.00416.87
8.2.280.0080.01018.55
8.2.270.0030.00519.02
8.2.260.0080.01120.57
8.2.250.0040.00418.44
8.2.240.0080.00017.12
8.2.230.0160.00322.58
8.2.220.0050.00337.54
8.2.210.0090.00926.77
8.2.200.0050.00518.29
8.2.190.0120.00316.73
8.2.180.0140.00717.00
8.2.170.0120.00319.04
8.2.160.0130.00022.96
8.2.150.0000.00825.66
8.2.140.0050.00324.66
8.2.130.0050.00326.16
8.2.120.0030.00619.66
8.2.110.0000.00922.13
8.2.100.0030.00622.13
8.1.330.0120.01016.39
8.1.320.0110.00817.81
8.1.310.0030.00518.31
8.1.300.0100.01016.41
8.1.290.0090.00018.88
8.1.280.0110.00425.92
8.1.270.0000.00823.90
8.1.260.0080.00026.35
8.1.250.0120.00328.09
8.1.240.0030.00720.71
8.1.230.0030.01318.51
preferences:
58.24 ms | 403 KiB | 5 Q