addslashes function


addslashes — Quote string with slashes


syntax


string addslashes ( string $str )

Returns a string with backslashes added before characters that need to be escaped. These characters are:


  • single quote (')
  • double quote (")
  • backslash (\)
  • NUL (the NUL byte)

A use case of addslashes() is escaping the aforementioned characters in a string that is to be evaluated by PHP:


	      		<?php
					$str = "O'Reilly?";
					eval("echo '" . addslashes($str) . "';");
				?>
	      

output


	      		O'Reilly?	      

the PHP directive magic_quotes_gpc was on by default and it essentially ran addslashes() on all GET, POST and COOKIE data. addslashes() must not be used on strings that have already been escaped with magic_quotes_gpc, as the strings will be double escaped. get_magic_quotes_gpc() can be used to check if magic_quotes_gpc is on.


The addslashes() is sometimes incorrectly used to try to prevent SQL Injection. Instead, database-specific escaping functions and/or prepared statements should be used.


Example 1

	      		<?php
					$str = "Is your name O'Reilly?";

					// Outputs: Is your name O\'Reilly?
					echo addslashes($str);
				?>
	      

output


	      		Is your name O\'Reilly?	      


Example 2

	      		<?php
					$str = 'What does "WHO" mean?';  
					echo "Your string is :".$str;  
					echo "<br>"."By using addslashes() function the result  is".addslashes($str);   
				?>
	      

output


	      		Your string is :What does "WHO" mean?
By using addslashes() function the result isWhat does \"WHO\" mean?


Example 3

	      		<?php
					$str = "Who's the father of PHP?";  
					echo $str . " This is not safe in a database query.<br>";  
					echo addslashes($str) . " This is safe in a database query.";   
				?>
	      

output


	      		Who's the father of PHP? This is not safe in a database query.
Who\'s the father of PHP? This is safe in a database query.


Example 4

	      		<?php
					$str =  "Wow' PHP?";  
					eval("echo '" . addslashes($str) . "';");   
				?>
	      

output


	      		Wow' PHP?	      


Example 5

	      		<?php
					$str = "Is The Father of PHP'Rasmus?";  
					//Is The Father of PHP\'Rasmus?  
					echo addslashes($str);    
				?>
	      

output


	      		Is The Father of PHP\'Rasmus?	      





PHP Tutorials


Home

Introduction

Syntax

Variable

Comment

Echo and Print Statement

Data Types

Boolean

Integer

Number Convert

PHP String

php variable substitution in string

php string element

php string function

php addcslashes function

php addslashes function

php get magic quotes gpc function

php get meta tags function

php urlencode function

PHP $ and $$ Variables

PHP constant

PHP Magic Constants

PHP Static Variable

PHP Super Globals

PHP Globals

PHP Server

PHP reserved variable get

PHP reserved variable post

PHP reserved variable FILES

PHP reserved variable Cookies

PHP reserved variable Session

PHP reserved variable Request

PHP reserved variable environment

PHP Operator

PHP Arithmetic Operator

PHP Comparison Operator

PHP Incrementing and Decrementing Operators

PHP Identical Operators

PHP Logical Operators

PHP String Operators

PHP Ternary Operators

PHP Execution Operators

PHP Operator Precedence

PHP Array Operator

PHP Class

PHP Class Inheritance

PHP constructor and destructor

PHP abstract class

PHP class access control

PHP statement

PHP If statement

PHP else statement

PHP else if statement

PHP control structure statement

PHP while loop

PHP do while loop

PHP for loop

PHP for each loop

PHP break statement

PHP continue statement

PHP declare statement

PHP return statement

PHP require statement

PHP include

PHP require once

PHP include once

PHP goto statement

PHP function

PHP function parameter

PHP function scope

PHP array

PHP array operator

PHP array element loop

PHP array foreach loop

PHP array multidimensional

PHP html forms

PHP get and post method

form redirect

file inclusion