The Addslashes () function of the PHP string is used

Addslashes

• (PHP 4, PHP 5, PHP 7)
• Addslashes-quote string with slashes
• addslashes-referencing strings with backslashes

Description

addslashes($str)// Returns a string with backslashes added before characters that need to be escaped. These characters are:// 返回字符串，该字符串为了数据库查询语句等的需要在某些字符前加上了反斜线。这些字符: (') 单引号（'(") 双引号（"(\)NUL(NUL byte)NUL（NULL 字符）

• A use case of addslashes () is escaping, the aforementioned characters in a string, is-to-be-evaluated by PHP:
• An example of using addslashes () is when you want to enter data into the database.

<?php$str"O'Reilly?";eval("echo '"addslashes($str)"';");

• Prior to PHP 5.4.0, the PHP directive MAGIC_QUOTES_GPC is on by default and it essentially ran addslashes () on all GET, P OST and COOKIE data. Addslashes () must not being used on strings that has already been escaped with MAGIC_QUOTES_GPC, as the strings would be Doub Le escaped. GET_MAGIC_QUOTES_GPC () can used to check if MAGIC_QUOTES_GPC are on.

• For example, the name O ' Reilly is inserted into the database, which needs to be escaped. It is strongly recommended to use the escaped function specified by the DBMS (for example, MySQL is mysqli_real_escape_string () and PostgreSQL is pg_escape_string ()), but if you are using a DBMS that does not have an escape function and uses the ? to escape special characters, you can use this function. Just to get the data inserted into the database, the extra? is not inserted. When PHP instruction Magic_quotes_sybase is set to ON, it means that the insert ' will be used ' to escape.

• The Addslashes () is sometimes incorrectly used-to-try to prevent SQL injection. Instead, Database-specific escaping functions and/or prepared statements should be used.

• PHP 5.4 before PHP magic_quotes_gpc default is on, in fact, all get, POST and COOKIE data are used by Addslashes (). Do not use Addslashes () for strings that have been MAGIC_QUOTES_GPC escaped, because this results in double-layer escaping. You can use the function GET_MAGIC_QUOTES_GPC () to detect this situation.

Parametersstr

• The string to is escaped.
• The character to be escaped.

Return Values

• Returns the escaped string.
• Returns the escaped character.

Examples

<?php/*** Created by Phpstorm.* User:zhangrongxiang* DATE:2018/2/13* Time: PM 7:41 */$str=' Just do it! ';//Just do it!Echo addslashes( $str ).Php_eol;$str="Just do it!";//Just do it!Echo addslashes( $str ).Php_eol;$str=' \a\b\'';//\\a\\b\ 'Echo addslashes( $str ).Php_eol;$str='\\';//  \\Echo addslashes( $str ).Php_eol;

See

• http://php.net/manual/en/function.addslashes.php

All rights reserved

The Addslashes () function of the PHP string is used