Returns a string with backslashes before characters that need to be escaped. These characters are single quote ('), double quote ("), backslash (\) and NUL (the NULL byte).
An example use of addslashes() is when you're entering data into string that is evaluated by PHP. For example, O'Reilly is stored in $str, you need to escape $str. (e.g. eval("echo '".addslashes($str)."';"); ). Test addslashes online.
string addslashes ( string $str )
PHP Documentation by the PHP Documentation Group
(PHP 4, PHP 5, PHP 7)
addslashes — Quote string with slashes
$str) : string
Returns a string with backslashes added before characters that need to be escaped. These characters are:
A use case of addslashes() is escaping the aforementioned characters in a string that is to be evaluated by PHP:
$str = "O'Reilly?";
eval("echo '" . addslashes($str) . "';");
Prior to PHP 5.4.0, the PHP directive magic_quotes_gpc was on by default and it essentially ran addslashes() on all GET, POST and COOKIE data. addslashes() must not be used on strings that have already been escaped with magic_quotes_gpc, as the strings will be double escaped. get_magic_quotes_gpc() can be used to check if magic_quotes_gpc is on.
The addslashes() is sometimes incorrectly used to try to prevent SQL Injection. Instead, database-specific escaping functions and/or prepared statements should be used.
The string to be escaped.
Returns the escaped string.
Example #1 An addslashes() example
$str = "Is your name O'Reilly?";
// Outputs: Is your name O\'Reilly?
Copyright © 1997 - 2016 by the PHP Documentation Group. This material may be distributed only subject to the terms and conditions set forth in the Creative Commons Attribution 3.0 License or later. A copy of the Creative Commons Attribution 3.0 license is distributed with this manual. The latest version is presently available at » http://creativecommons.org/licenses/by/3.0/.