Submit a Pull Request Report a Bug

    addslashes

    (PHP 4, PHP 5, PHP 7, PHP 8)

    addslashesQuote string with slashes

    Description

    addslashes(string $string): string

    Returns a string with backslashes added before characters that need to be escaped. These characters are:

    • single quote (')
    • double quote (")
    • backslash (\)
    • NUL (the NUL byte)

    A use case of addslashes() is escaping the aforementioned characters in a string that is to be evaluated by PHP:

    <?php
    $str     = "O'Reilly?";
    eval(    "echo '" . addslashes($str) . "';");
    ?>

    The addslashes() is sometimes incorrectly used to try to prevent SQL Injection. Instead, database-specific escaping functions and/or prepared statements should be used.

    Parameters

    string

    The string to be escaped.

    Return Values

    Returns the escaped string.

    Examples

    Example #1 An addslashes() example

    <?php
    $str     = "Is your name O'Reilly?";

    // Outputs: Is your name O\'Reilly?
    echo addslashes($str);
    ?>

    See Also

    add a note

    User Contributed Notes

    There are no user contributed notes for this page.
    To Top