Name
addslashes()
Synopsis
string addslashes ( string str )There are many situations where single quotes ('), double quotes ("), and backslashes (\) can cause problems—databases, files, and some protocols require that you escape them with \, making \', \", and \\ respectively. In these circumstances, you should use the addslashes() function, which takes a string as its only parameter and returns the same string with these offending characters escaped so that they are safe for use.
In php.ini, there is a magic_quotes_gpc option that you can set to enable "magic quotes" functionality. If enabled, PHP will automatically call addslashes() on every piece of data sent in from users, which can sometimes be a good thing. However, in reality it is often annoying—particularly when you plan to use your variables in other ways.
Note that calling addslashes() repeatedly will add more and more slashes, like this:
$string = "I'm a lumberjack and I'm okay!";
$a = addslashes($string);
$b = addslashes($a);
$c = addslashes($b);After running that code, you will have the following:
$a: I\'m a lumberjack and I\'m okay!
$b: I\\\'m a lumberjack and I\\\'m okay!
$c: I\\\\\\\'m a lumberjack and I\\\\\\\'m okay!The reason the number of slashes increases so quickly is because PHP will add a slash before each single and double quote, as well as slashes before every existing slash.
The addslashes() function has a counterpart, stripslashes(), that removes one set of slashes.
Tip
If you can, use a database-specific ...