Yogesh Chauhan's Blog

addcslashes() and addslashes() String Functions in PHP

in PHP on July 6, 2020

PHP String Functions Series Part 1

addcslashes() Function [PHP Version: 4+]

Returns a string with backslashes in front of the specified characters. (Quote string with slashes in a C style)

The addcslashes() function is case-sensitive.

Be careful if you choose to escape characters 0, a, b, f, n, r, t and v. They will be converted to , a, b, f, n, r, t and v, all of which are predefined escape sequences in C.

Many of these sequences are also defined in other C-derived languages, including PHP, meaning that you may not get the desired result if you use the output of addcslashes() to generate code in those languages with these characters.

Syntax


addcslashes(string, characters_list)

where 

string = the string to be escaped, it is Required

characters_list = Required. Specifies the characters or range of characters to be escaped

Examples


$string = addcslashes("Yogesh Chauhan.com!","h");
echo($string); 

//output

Yogesh Chauhan.com!

$string = addcslashes("Yogesh Chauhan.com!","Y");
echo($string); 

//output

Yogesh Chauhan.com!

$string = addcslashes("Yogesh Chauhan.com!","a..z");
echo($string); 

//output

Yogesh Chauhan.com!

$string = addcslashes("Yogesh Chauhan.com!","a..g");
echo($string); 

//output

Yogesh Chauhan.com!

addslashes() Function [PHP Version: 4+]

Returns a string with backslashes added before characters that need to be escaped.

These characters are:

1. single quote (‘)

2. double quote (“)

3. backslash ()

4. NUL (the NUL byte)

Syntax


addslashes(string)

where string = the string to be escaped, it is Required

P.S.: Prior to PHP 5.4.0, the PHP directive magic_quotes_gpc was on by default and it essentially ran addslashes() on all GET, POST and COOKIE data. addslashes() must not be used on strings that have already been escaped with magic_quotes_gpc, as the strings will be double escaped. get_magic_quotes_gpc() can be used to check if magic_quotes_gpc is on.

The addslashes() is sometimes incorrectly used to try to prevent SQL Injection. Instead, database-specific escaping functions and/or prepared statements should be used.

Examples


$str = "Is your name O'Reilly?";

echo addslashes($str);

//output

Is your name O\'Reilly?

Sources


Most Read

#1 How to check if radio button is checked or not using JavaScript? #2 Solution to “TypeError: ‘x’ is not iterable” in Angular 9 #3 How to add Read More Read Less Button using JavaScript? #4 How to uninstall Cocoapods from the Mac OS? #5 PHP Login System using PDO Part 1: Create User Registration Page #6 How to Use SQL MAX() Function with Dates?

Recently Posted

#Aug 15 Is PHP still good for back-end programming? #Aug 10 How to create a multisite network in WordPress? #Aug 3 How to create a circle that follows a cursor using JavaScript and CSS? #Aug 3 How to make a curtain slider using jQuery and CSS? #Aug 2 How to progressively load images and add a blurry placeholder? #Aug 1 How to create a placeholder loader (throbber) using CSS?
You might also like these
Data Flows in ReactReactA quick introduction to API, REST API and PostmanMiscellaneousWhat is the correct way to enqueue multiple CSS files in WordPress?WordPressHow to create a simple digital clock using JavaScript?JavaScriptHow to Draw a Circle in HTML5 Using Canvas Tag?HTMLHow to implement NSNumberFormatter in Swift for currency?Swift