Hudzilla.org - the homepage of Paul Hudson
Contents > Functions > Playing with strings Wish List | Report Bug | About Me ]

4.7.12     Automatically escaping strings: addslashes() and stripslashes()

This is NOT the latest copy of this book; click here for the latest version.

string addslashes ( string source)

string stripslashes ( string source)

Very often you will work in situations where single quotes ', double quotes ", and backslashes \ can cause problems - databases, files, and some protocols require that you escape them with \, making \', \", and \\ respectively. Addslashes() takes a string as its only parameter, and returns the same string with these offending characters escaped so that they are safe for use.

In php.ini there is an option "magic_quotes_gpc" that you can set to enable "magic quotes" functionality. If enabled, PHP will automatically call addslashes() on every piece of data sent in from users, which can sometimes be a good thing. However, in reality it is often annoying - particularly when you plan to use your variables in other ways.

Note that calling addslashes() repeatedly will add more and more slashes, like this:

<?php
    $string = "I'm a lumberjack and I'm okay!";
    $a = addslashes($string);
    $b = addslashes($a);
    $c = addslashes($b);
 ?>

After running that code, you will have the following:

$a: I\'m a lumberjack and I\'m okay!
$b: I\\\'m a lumberjack and I\\\'m okay!
$c: I\\\\\\\'m a lumberjack and I\\\\\\\'m okay!

The reason the number of slashes increases so quickly is because PHP will add a slash before each single quote, as well as slashes before every double quote.

Addslashes() has a counterpart, stripslashes(), that removes one set of slashes. Continuing on from the previous code, we therefore can have:

<?php
    $d = stripslashes($c);
    $e = stripslashes($d);
    $f = stripslashes($e);
 ?>

After running the new code after the old code, we get:

$d: I\\\'m a lumberjack and I\\\'m okay!
$e: I\'m a lumberjack and I\'m okay!
$f: I'm a lumberjack and I'm okay!




<< 4.7.11 Alternative data hashing: md5()   4.7.13 Pretty-printing numbers: number_format() >>
Table of Contents
 Want to see this stuff in print? PHP in a Nutshell takes the core topics covered here, adds in thousands of edits from the editorial team and myself, and combines them to make an unbeatable reference for PHP programmers at all levels.



My latest book has hundreds more tips on how to use PHP, Apache, and MySQL, plus Perl, Python, shell scripts, performance tuning, and more!
Top-right shadow
 
Bottom-left shadow Bottom shadow

Comments from other readers
Matt - 20 Aug 2008
So if magic quotes is on, but we use add_slashes WITH strip_slashes, it is equivalent to doing both twice, which will still come back to the original string after stripping right?

arty - 20 Aug 2008
>The reason the number of slashes increases so quickly is because PHP will add a slash before each single quote, as well as slashes before every double quote.

In fact, php add a slash before every existing slash, too.



Add comment
Please note that by posting a comment here you are committing it to the public domain. This is important so that others can make use of your code themselves, and also so that I can incorporate helpful notes directly into the main text. Comments are limited to 2000 characters in length.

If you are reporting an error in the content, please tell me directly.

Your name/email address:
Your comment:
 
Now, in order to verify that you're a real person, please answer this simple question: what is five plus eight?
The answer is:
(please write in
numbers, eg 19)


Top-right shadow
 
Bottom-left shadow Bottom shadow

This website and its content is copyright © Paul Hudson 2005, all rights reserved.