(PHP 4, PHP 5, PHP 7, PHP 8)
addslashes — Quote string with slashes
Returns a string with backslashes added before characters that need to be escaped. These characters are:
'
)"
)\
)A use case of addslashes() is escaping the aforementioned characters in a string that is to be evaluated by PHP:
<?php
$str = "O'Reilly?";
eval("echo '" . addslashes($str) . "';");
?>
The addslashes() is sometimes incorrectly used to try to prevent SQL Injection. Instead, database-specific escaping functions and/or prepared statements should be used.
string
The string to be escaped.
Returns the escaped string.
Example #1 An addslashes() example
<?php
$str = "Is your name O'Reilly?";
// Outputs: Is your name O\'Reilly?
echo addslashes($str);
?>