More Details
PHP Manual

Functions and Statements which will spread the tainted mark of a tainted string

Function/Statement Since
= (assign) 0.1.0
. (concat) 0.1.0
"{$var}" (variable substitution) 0.1.0
.= (assign concat) 0.1.0
strval 0.3.0
explode 0.3.0
implode 0.3.0
sprintf 0.3.0
vsprintf 0.3.0
trim 0.4.0
rtrim 0.4.0
ltrim 0.4.0


More Details
PHP Manual