fork download
  1. <?php
  2. //http://stackoverflow.com/questions/9361303/can-i-get-the-unicode-value-of-a-character-or-vise-versa-with-php
  3. function unichr($o) {
  4. return mb_convert_encoding('&#'.intval($o).';', 'UTF-8', 'HTML-ENTITIES');
  5. }
  6. function sanitize($str)
  7. {
  8. return str_replace(array("\\", "'", "\r", "\n"), array("\\\\", "\\'", '', ''), $str);
  9. }
  10. //String made up of all the escaped characters:
  11. $str = unichr(0) . unichr(10) . unichr(13) . unichr(26) . unichr(34) . unichr(39) . unichr(92);
  12. echo $str . "\n";
  13. $sql = "SELECT '" . sanitize($str) . "'";
  14. echo $sql;
  15. ?>
Success #stdin #stdout 0.02s 20568KB
stdin
Standard input is empty
stdout


"'\
SELECT '"\'\\'