String Functions
PHP Manual

addslashes

Quote string with slashes

Description

string addslashes(string $string)

Returns a string with backslashes added before characters that need to be escaped. These characters are:

  • single quote (')
  • double quote (")
  • backslash (\)
  • NUL (the NUL byte)

A use case of addslashes is escaping the aforementioned characters in a string that is to be evaluated by PHP:

Example #1 Escaping Characters

<?php
$str = "O'Reilly?";
eval("echo '" . addslashes($str) . "';");
?>

The addslashes is sometimes incorrectly used to try to prevent SQL Injection. Instead, database-specific escaping functions and/or prepared statements should be used.

Parameters

string

The string to be escaped.

Return Values

Returns the escaped string.

Examples

Example #2 An addslashes example

<?php
$str = "Is your name O'Reilly?";

// Outputs: Is your name O\'Reilly?
echo addslashes($str);
?>

See Also

  • stripcslashes
  • stripslashes
  • addcslashes
  • htmlspecialchars
  • quotemeta
  • get_magic_quotes_gpc