queries/php: add injections for regex and sql injection (#6250)

runtime/queries/php/injections.scm

@@ -4,3 +4,22 @@
 
 ((comment) @injection.content
  (#set! injection.language "comment"))
+
+((function_call_expression
+ function: (name) @_function
+ arguments: (arguments . (argument (_ (string_value) @injection.content))))
+ (#match? @_function "^preg_")
+ (#set! injection.language "regex"))
+
+((function_call_expression
+ function: (name) @_function
+ arguments: (arguments (_) (argument (_ (string_value) @injection.content))))
+ (#match? @_function "^mysqli_")
+ (#set! injection.language "sql"))
+
+((member_call_expression
+ object: (_)
+ name: (name) @_function
+ arguments: (arguments . (argument (_ (string_value) @injection.content))))
+ (#match? @_function "^(prepare|query)$")
+ (#set! injection.language "sql"))