PHP

HOW TO USE THE addslashes() FUNCTION IN PHP

The addslashes() function is used to escape double quotes ("), single quotes ('), backslash (\) or NULL. It does so by automatically inserting a backslash (\) character in front of the abovementioned characters in a string.

When you want to escape these characters, you can manually insert the backslash character before the appropriate characters in the string. However, in a dynamic environment, it is impractical to manually insert the backslash character to each affected part in a string. Therefore, PHP has an automatic addslashes() function to do this for you.

The general format is:

addslashes(string);

Example:

$text="John O' Sullivan";

$escaped_string=addslashes($text);

echo $escaped_string;

The above outputs: John O\' Sullivan

The addslashes() function is especially useful to use on a string before inserting into a database. If the aforementioned characters are not escaped, it will result in the database query being broken, an error message occurs and the insert fails.

Also beware that if your PHP ini settings on your server has magic_quotes_gpc on (it is on by default), then all POST, GET AND COOKIE data will be escaped automatically without you having to use the addslashes on these data. If you do, then you will be double escaping.