Automatically escaping strings
string addslashes ( string source)
string stripslashes ( string source)
Very often you will work in situations where single quotes ', double quotes ", and backslashes \ can cause problems - databases, files, and some protocols require that you escape them with \, making \', \", and \\ respectively. Addslashes() takes a string as its only parameter, and returns the same string with these offending characters escaped so that they are safe for use.
In php.ini there is an option "magic_quotes_gpc" that you can set to enable "magic quotes" functionality. If enabled, PHP will automatically call addslashes() on every piece of data sent in from users, which can sometimes be a good thing. However, in reality it is often annoying - particularly when you plan to use your variables in other ways.
Note that calling addslashes() repeatedly will add more and more slashes, like this:
$string = "I'm a lumberjack and I'm okay!";
$a = addslashes($string);
$b = addslashes($a);
$c = addslashes($b);
After running that code, you will have the following:
$a: I\'m a lumberjack and I\'m okay!
$b: I\\\'m a lumberjack and I\\\'m okay!
$c: I\\\\\\\'m a lumberjack and I\\\\\\\'m okay!
The reason the number of slashes increases so quickly is because PHP will add a slash before each single quote, as well as slashes before every double quote.
Addslashes() has a counterpart, stripslashes(), that removes one set of slashes. Continuing on from the previous code, we therefore can have:
$d = stripslashes($c);
$e = stripslashes($d);
$f = stripslashes($e);
After running the new code after the old code, we get:
$d: I\\\'m a lumberjack and I\\\'m okay!
$e: I\'m a lumberjack and I\'m okay!
$f: I'm a lumberjack and I'm okay!
Next chapter: Pretty-printing numbers >>
Previous chapter: Alternative data hashing
Home: Table of Contents