YogeshChauhan.com
addcslashes() and addslashes() String Functions in PHP
July 6, 2020

PHP String Functions Series Part 1

addcslashes() Function [PHP Version: 4+]

Returns a string with backslashes in front of the specified characters. (Quote string with slashes in a C style)

The addcslashes() function is case-sensitive.

Be careful if you choose to escape characters 0, a, b, f, n, r, t and v. They will be converted to , a, b, f, n, r, t and v, all of which are predefined escape sequences in C.

Many of these sequences are also defined in other C-derived languages, including PHP, meaning that you may not get the desired result if you use the output of addcslashes() to generate code in those languages with these characters.

Syntax


addcslashes(string, characters_list)

where 

string = the string to be escaped, it is Required

characters_list = Required. Specifies the characters or range of characters to be escaped

Examples


$string = addcslashes("Yogesh Chauhan.com!","h");
echo($string); 

//output

Yogesh Chauhan.com!

$string = addcslashes("Yogesh Chauhan.com!","Y");
echo($string); 

//output

Yogesh Chauhan.com!

$string = addcslashes("Yogesh Chauhan.com!","a..z");
echo($string); 

//output

Yogesh Chauhan.com!

$string = addcslashes("Yogesh Chauhan.com!","a..g");
echo($string); 

//output

Yogesh Chauhan.com!

addslashes() Function [PHP Version: 4+]

Returns a string with backslashes added before characters that need to be escaped.

These characters are:

1. single quote (‘)

2. double quote (“)

3. backslash ()

4. NUL (the NUL byte)

Syntax


addslashes(string)

where string = the string to be escaped, it is Required

P.S.: Prior to PHP 5.4.0, the PHP directive magic_quotes_gpc was on by default and it essentially ran addslashes() on all GET, POST and COOKIE data. addslashes() must not be used on strings that have already been escaped with magic_quotes_gpc, as the strings will be double escaped. get_magic_quotes_gpc() can be used to check if magic_quotes_gpc is on.

The addslashes() is sometimes incorrectly used to try to prevent SQL Injection. Instead, database-specific escaping functions and/or prepared statements should be used.

Examples


$str = "Is your name O'Reilly?";

echo addslashes($str);

//output

Is your name O\'Reilly?

Sources

dreamhost

Leave a Reply

Most Read

#1 How to check if radio button is checked or not using JavaScript? #2 How to set opacity or transparency using CSS? #3 Pagination in CSS with multiple examples #4 How to make HTML form interactive and using CSS? #5 Solution to “TypeError: ‘x’ is not iterable” in Angular 9 #6 How to uninstall Cocoapods from the Mac OS?

Recently Posted

Mar 4 How to use data-* Attributes in HTML? Mar 4 The substr() method in JavaScript and how it’s different from substring() Mar 4 A complete guide to add responsive YouTube videos using HTML and CSS Mar 3 How to embed YouTube or other video links in WordPress? Mar 3 How to change the Login Logo in WordPress? Mar 3 substring() Method in JavaScript

You might also like these

Killing A Project Part 1: What criteria should be used to cancel/kill a project?MiscHow to add a ribbon on top of a container using CSS?CSSMIN, MAX, COUNT, AVG and SUM in SQLSQL/MySQLHow Routing works in Angular?AngularHow to modify the latest post array using get_posts() in WordPress?WordPress5 Key Principles Of Good Website UsabilityUI/UX