Yogesh Chauhan's Blog

addcslashes() and addslashes() String Functions in PHP

in PHP on July 6, 2020

PHP String Functions Series Part 1

addcslashes() Function [PHP Version: 4+]

Returns a string with backslashes in front of the specified characters. (Quote string with slashes in a C style)

The addcslashes() function is case-sensitive.

Be careful if you choose to escape characters 0, a, b, f, n, r, t and v. They will be converted to , a, b, f, n, r, t and v, all of which are predefined escape sequences in C.

Many of these sequences are also defined in other C-derived languages, including PHP, meaning that you may not get the desired result if you use the output of addcslashes() to generate code in those languages with these characters.

Syntax


addcslashes(string, characters_list)

where 

string = the string to be escaped, it is Required

characters_list = Required. Specifies the characters or range of characters to be escaped

Examples


$string = addcslashes("Yogesh Chauhan.com!","h");
echo($string); 

//output

Yogesh Chauhan.com!

$string = addcslashes("Yogesh Chauhan.com!","Y");
echo($string); 

//output

Yogesh Chauhan.com!

$string = addcslashes("Yogesh Chauhan.com!","a..z");
echo($string); 

//output

Yogesh Chauhan.com!

$string = addcslashes("Yogesh Chauhan.com!","a..g");
echo($string); 

//output

Yogesh Chauhan.com!

addslashes() Function [PHP Version: 4+]

Returns a string with backslashes added before characters that need to be escaped.

These characters are:

1. single quote (‘)

2. double quote (“)

3. backslash ()

4. NUL (the NUL byte)

Syntax


addslashes(string)

where string = the string to be escaped, it is Required

P.S.: Prior to PHP 5.4.0, the PHP directive magic_quotes_gpc was on by default and it essentially ran addslashes() on all GET, POST and COOKIE data. addslashes() must not be used on strings that have already been escaped with magic_quotes_gpc, as the strings will be double escaped. get_magic_quotes_gpc() can be used to check if magic_quotes_gpc is on.

The addslashes() is sometimes incorrectly used to try to prevent SQL Injection. Instead, database-specific escaping functions and/or prepared statements should be used.

Examples


$str = "Is your name O'Reilly?";

echo addslashes($str);

//output

Is your name O\'Reilly?

Sources









Most Read

#1 Solution to the error “Visual Studio Code can’t be opened because Apple cannot check it for malicious software” #2 How to add Read More Read Less Button using JavaScript? #3 How to check if radio button is checked or not using JavaScript? #4 Solution to “TypeError: ‘x’ is not iterable” in Angular 9 #5 PHP Login System using PDO Part 1: Create User Registration Page #6 How to uninstall Cocoapods from the Mac OS?

Recently Posted

#Apr 8 JSON.stringify() in JavaScript #Apr 7 Middleware in NextJS #Jan 17 4 advanced ways to search Colleague #Jan 16 Colleague UI Basics: The Search Area #Jan 16 Colleague UI Basics: The Context Area #Jan 16 Colleague UI Basics: Accessing the user interface
You might also like these
Custom Post Type Template Files in WordPressWordPressHow to get the first element with a class name xyz using JavaScript?JavaScriptHow to add and remove list items using JavaScript?JavaScriptHow to deploy Angular App on Dreamhost or Amazon S3 or firebase?AngularHow to create a simple stopwatch using JavaScript?JavaScriptComposing and Extracting Components in ReactReact