<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML ><HEAD ><TITLE >addslashes</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK REL="HOME" TITLE="Manual PHP" HREF="index.html"><LINK REL="UP" TITLE="String Functions" HREF="ref.strings.html"><LINK REL="PREVIOUS" TITLE="addcslashes" HREF="function.addcslashes.html"><LINK REL="NEXT" TITLE="bin2hex" HREF="function.bin2hex.html"><META HTTP-EQUIV="Content-type" CONTENT="text/html; charset=ISO-8859-2"></HEAD ><BODY CLASS="refentry" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" >Manual PHP</TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="function.addcslashes.html" ACCESSKEY="P" >Înapoi</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" ></TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="function.bin2hex.html" ACCESSKEY="N" >Înainte</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><H1 ><A NAME="function.addslashes" ></A >addslashes</H1 ><DIV CLASS="refnamediv" ><A NAME="AEN112642" ></A ><P > (PHP 3, PHP 4 , PHP 5)</P >addslashes -- Quote string with slashes</DIV ><DIV CLASS="refsect1" ><A NAME="AEN112645" ></A ><H2 >Description</H2 >string <B CLASS="methodname" >addslashes</B > ( string str)<BR ></BR ><P > Returns a string with backslashes before characters that need to be quoted in database queries etc. These characters are single quote (<VAR CLASS="literal" >'</VAR >), double quote (<VAR CLASS="literal" >"</VAR >), backslash (<VAR CLASS="literal" >\</VAR >) and NUL (the <TT CLASS="constant" ><B >NULL</B ></TT > byte). </P ><P > An example use of <B CLASS="function" >addslashes()</B > is when you're entering data into a database. For example, to insert the name <VAR CLASS="literal" >O'reilly</VAR > into a database, you will need to escape it. Most databases do this with a <VAR CLASS="literal" >\</VAR > which would mean <VAR CLASS="literal" >O\'reilly</VAR >. This would only be to get the data into the database, the extra <VAR CLASS="literal" >\</VAR > will not be inserted. Having the PHP directive <A HREF="ref.sybase.html#ini.magic-quotes-sybase" > magic_quotes_sybase</A > set to <VAR CLASS="literal" >on</VAR > will mean <VAR CLASS="literal" >'</VAR > is instead escaped with another <VAR CLASS="literal" >'</VAR >. </P ><P > The PHP directive <A HREF="ref.info.html#ini.magic-quotes-gpc" > magic_quotes_gpc</A > is <VAR CLASS="literal" >on</VAR > by default, and it essentially runs <B CLASS="function" >addslashes()</B > on all GET, POST, and COOKIE data. Do not use <B CLASS="function" >addslashes()</B > on strings that have already been escaped with <A HREF="ref.info.html#ini.magic-quotes-gpc" >magic_quotes_gpc</A > as you'll then do double escaping. The function <A HREF="function.get-magic-quotes-gpc.html" ><B CLASS="function" >get_magic_quotes_gpc()</B ></A > may come in handy for checking this. </P ><P > <TABLE WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" CLASS="EXAMPLE" ><TR ><TD ><DIV CLASS="example" ><A NAME="AEN112676" ></A ><P ><B >Exemplu 1. An <B CLASS="function" >addslashes()</B > example</B ></P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" CELLPADDING="5" ><TR ><TD ><code><font color="#000000"> <font color="#0000BB"><?php<br />$str </font><font color="#007700">= </font><font color="#DD0000">"Is your name O'reilly?"</font><font color="#007700">;<br /><br /></font><font color="#FF8000">// Outputs: Is your name O\'reilly?<br /></font><font color="#007700">echo </font><font color="#0000BB">addslashes</font><font color="#007700">(</font><font color="#0000BB">$str</font><font color="#007700">);<br /></font><font color="#0000BB">?></font> </font> </code></TD ></TR ></TABLE ></DIV ></TD ></TR ></TABLE > </P ><P > See also <A HREF="function.stripslashes.html" ><B CLASS="function" >stripslashes()</B ></A >, <A HREF="function.htmlspecialchars.html" ><B CLASS="function" >htmlspecialchars()</B ></A >, <A HREF="function.quotemeta.html" ><B CLASS="function" >quotemeta()</B ></A >, and <A HREF="function.get-magic-quotes-gpc.html" ><B CLASS="function" >get_magic_quotes_gpc()</B ></A >. </P ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="function.addcslashes.html" ACCESSKEY="P" >Înapoi</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" ACCESSKEY="H" >Acasã</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="function.bin2hex.html" ACCESSKEY="N" >Înainte</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >addcslashes</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="ref.strings.html" ACCESSKEY="U" >Sus</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >bin2hex</TD ></TR ></TABLE ></DIV ></BODY ></HTML >