Yogesh Chauhan's Blog

addcslashes() and addslashes() String Functions in PHP

in PHP on July 6, 2020

PHP String Functions Series Part 1

addcslashes() Function [PHP Version: 4+]

Returns a string with backslashes in front of the specified characters. (Quote string with slashes in a C style)

The addcslashes() function is case-sensitive.

Be careful if you choose to escape characters 0, a, b, f, n, r, t and v. They will be converted to , a, b, f, n, r, t and v, all of which are predefined escape sequences in C.

Many of these sequences are also defined in other C-derived languages, including PHP, meaning that you may not get the desired result if you use the output of addcslashes() to generate code in those languages with these characters.

Syntax


addcslashes(string, characters_list)

where 

string = the string to be escaped, it is Required

characters_list = Required. Specifies the characters or range of characters to be escaped

Examples


$string = addcslashes("Yogesh Chauhan.com!","h");
echo($string); 

//output

Yogesh Chauhan.com!

$string = addcslashes("Yogesh Chauhan.com!","Y");
echo($string); 

//output

Yogesh Chauhan.com!

$string = addcslashes("Yogesh Chauhan.com!","a..z");
echo($string); 

//output

Yogesh Chauhan.com!

$string = addcslashes("Yogesh Chauhan.com!","a..g");
echo($string); 

//output

Yogesh Chauhan.com!

addslashes() Function [PHP Version: 4+]

Returns a string with backslashes added before characters that need to be escaped.

These characters are:

1. single quote (‘)

2. double quote (“)

3. backslash ()

4. NUL (the NUL byte)

Syntax


addslashes(string)

where string = the string to be escaped, it is Required

P.S.: Prior to PHP 5.4.0, the PHP directive magic_quotes_gpc was on by default and it essentially ran addslashes() on all GET, POST and COOKIE data. addslashes() must not be used on strings that have already been escaped with magic_quotes_gpc, as the strings will be double escaped. get_magic_quotes_gpc() can be used to check if magic_quotes_gpc is on.

The addslashes() is sometimes incorrectly used to try to prevent SQL Injection. Instead, database-specific escaping functions and/or prepared statements should be used.

Examples


$str = "Is your name O'Reilly?";

echo addslashes($str);

//output

Is your name O\'Reilly?

Sources


Most Read

#1 Solution to the error “Visual Studio Code can’t be opened because Apple cannot check it for malicious software” #2 How to add Read More Read Less Button using JavaScript? #3 How to check if radio button is checked or not using JavaScript? #4 Solution to “TypeError: ‘x’ is not iterable” in Angular 9 #5 How to uninstall Cocoapods from the Mac OS? #6 PHP Login System using PDO Part 1: Create User Registration Page

Recently Posted

#Apr 8 JSON.stringify() in JavaScript #Apr 7 Middleware in NextJS #Jan 17 4 advanced ways to search Colleague #Jan 16 Colleague UI Basics: The Search Area #Jan 16 Colleague UI Basics: The Context Area #Jan 16 Colleague UI Basics: Accessing the user interface
You might also like these
A Quick Comparison of JOIN and Subquery in SQLSQL/MySQLHow to add new elements with swing animation using JavaScript and CSS?CSSWhat are Controlled Components in React?ReactHow to Create a Backup From Any Database in SQL?SQL/MySQLWindow innerHeight and innerWidth properties in JavaScriptJavaScriptVariables and Distance Functions in SCSS (Sass)SCSS