More Details
PHP Manual

Functions and Statements which will spread the tainted mark of a tainted string

Function/Statement Since
= (assign) 0.1.0
. (concat) 0.1.0
"{$var}" (variable substitution) 0.1.0
.= (assign concat) 0.1.0
strval 0.3.0
explode/split 0.3.0
implode/join 0.3.0
sprintf 0.3.0
vsprintf 0.3.0
trim 0.4.0
rtrim 0.4.0
ltrim 0.4.0
strstr 0.5.0
str_pad 0.5.0
str_replace 0.5.0
substr 0.5.0
strtolower 0.5.0
strtoupper 0.5.0


More Details
PHP Manual