3v4l.org

run code in 300+ PHP versions simultaneously
<?php class sqli_protected_db { private $db; public function __construct() { // $this->db = new mysqli('localhost', 'username', 'password', 'database'); } public function query(String $sql, Array $parameters = [], Array $aliases = []) { if (!is_literal($sql)) { echo '[WRONG] '; } foreach ($aliases as $name => $value) { $sql = str_replace('{' . $name . '}', '`' . str_replace('`', '``', $value) . '`', $sql); } echo $sql . "\n\n"; // print_r(iterator_to_array($this->db->execute_query($sql, $parameters))); } } $db = new sqli_protected_db(); $id = ($_GET['id'] ?? chr(53)); // non-LiteralString '5' $order = ($_GET['order'] ?? chr(110)); // non-LiteralString 'n' $db->query('SELECT name FROM user WHERE id = ?', [$id]); // Correct $db->query('SELECT name FROM user WHERE id = ' . $id); // WRONG $db->query('SELECT name FROM user ORDER BY {o}', [], ['o' => $order]); // Correct $db->query('SELECT name FROM user ORDER BY ' . $order); // WRONG echo "-----\n\n"; class query_builder { public function where(String $column, ?String $operator = null, $value = null) { if (!is_literal($column) || (!is_literal($operator) && $operator !== null)) { echo '[WRONG] '; } echo $column . ($operator === null ? '' : ' ' . $operator) . ($value === null ? '' : ' ?') . "\n\n"; } } $qb = new query_builder(); $name = ($_GET['name'] ?? chr(110)); // non-LiteralString 'n' $field = ($_GET['field'] ?? chr(102)); // non-LiteralString 'f' $value = ($_GET['value'] ?? chr(118)); // non-LiteralString 'v' $qb->where('CONCAT(name_first, " ", name_last)', 'LIKE', $name); // Correct $qb->where('CONCAT(name_first, " ", name_last) LIKE "' . $name . '"'); // WRONG $qb->where('some_value IS NULL'); // Correct $qb->where($field, '=', $value); // WRONG echo "-----\n\n"; // https://github.com/doctrine/orm/blob/2.12.x/lib/Doctrine/ORM/Query/Expr/Func.php class Func { protected $name; protected $arguments; public function __construct($name, $arguments) { $this->name = $name; $this->arguments = $arguments; } public function __toString() { return $this->name . '(' . implode(', ', $this->arguments) . ')'; } } function check_func(Func $func) { $sql = (string) $func; if (!is_literal($sql)) { echo '[WRONG] '; } echo $sql . "\n\n"; } $func = ($_GET['func'] ?? chr(102)); // non-LiteralString 'f' $value = ($_GET['value'] ?? chr(118)); // non-LiteralString 'v' check_func(new Func('MIN', ['field1', 'field2'])); // Correct check_func(new Func($func, ['field1', 'field2'])); // WRONG check_func(new Func('MIN', ['field1', $value])); // WRONG ?>

Here you find the average performance (time & memory) of each version. A grayed out version indicates it didn't complete successfully (based on exit-code).

VersionSystem time (s)User time (s)Memory (MiB)
8.3.60.0090.00618.68
8.3.50.0120.00618.50
8.3.40.0140.00020.32
8.3.30.0030.01318.83
8.3.20.0080.00024.18
8.3.10.0000.00824.66
8.3.00.0040.00426.16
8.2.180.0140.00717.00
8.2.170.0120.00319.04
8.2.160.0130.00022.96
8.2.150.0000.00825.66
8.2.140.0050.00324.66
8.2.130.0050.00326.16
8.2.120.0030.00619.66
8.2.110.0000.00922.13
8.2.100.0030.00622.13
8.1.280.0110.00425.92
8.1.270.0000.00823.90
8.1.260.0080.00026.35
8.1.250.0120.00328.09
8.1.240.0030.00720.71
8.1.230.0030.01318.51
preferences:
43.03 ms | 400 KiB | 5 Q