addslashes
(PHP 4, PHP 5, PHP 7, PHP 8)
addslashes — Quote string with slashes
Description
$string
): stringReturns a string with backslashes added before characters that need to be escaped. These characters are:
- single quote (
'
) - double quote (
"
) - backslash (
\
) - NUL (the NUL byte)
A use case of addslashes() is escaping the aforementioned characters in a string that is to be evaluated by PHP:
<?php
$str = "O'Reilly?";
eval("echo '" . addslashes($str) . "';");
?>
The addslashes() is sometimes incorrectly used to try to prevent SQL Injection. Instead, database-specific escaping functions and/or prepared statements should be used.
Parameters
-
string
-
The string to be escaped.
Return Values
Returns the escaped string.
Examples
Example #1 An addslashes() example
<?php
$str = "Is your name O'Reilly?";
// Outputs: Is your name O\'Reilly?
echo addslashes($str);
?>
See Also
- stripcslashes() - Un-quote string quoted with addcslashes
- stripslashes() - Un-quotes a quoted string
- addcslashes() - Quote string with slashes in a C style
- htmlspecialchars() - Convert special characters to HTML entities
- quotemeta() - Quote meta characters
- get_magic_quotes_gpc() - Gets the current configuration setting of magic_quotes_gpc