3v4l.org

run code in 150+ php & hhvm versions
Bugs & Features
3<?php function expandArguments(&$query, &$args) { $modified = FALSE; foreach (array_filter($args, 'is_array') as $key => $data) { $new_keys = array(); foreach ($data as $i => $value) { $new_keys[$key . '_' . $i] = $value; } $query = preg_replace( '#' . $key . '\b#', implode(', ', array_keys($new_keys)), $query ); unset($args[$key]); $args += $new_keys; $modified = TRUE; } return $modified; } $query = "SELECT * FROM foo WHERE id IN (:ids)"; $args = array( 'ids' => array( 1, 2, '0); DROP TABLE foo; --' => 3 ) ); expandArguments($query, $args); var_dump($query, $args);
based on Gs8Nr
Output for 4.3.0 - 5.6.28, hhvm-3.12.0, 7.0.0 - 7.1.0
3string(73) "SELECT * FROM foo WHERE id IN (:ids_0, ids_1, ids_0); DROP TABLE foo; --)" array(3) { ["ids_0"]=> int(1) ["ids_1"]=> int(2) ["ids_0); DROP TABLE foo; --"]=> int(3) }
Output for hhvm-3.10.0

Process exited with code 153.