Detailed explanation of usage of php addslashes

php The usage of addslashes is: first create a PHP sample file; then add a backslash before each double quotation mark through "addslashes('Shanghai is the "biggest" city in China.');" Can.

The operating environment of this article: windows7 system, PHP7.1 version, DELL G3 computer

Detailed explanation of how to use php function addslashes()

Example

Add a backslash before each double quote ("):

<?php
　　$str = addslashes(&#39;Shanghai is the "biggest" city in China.&#39;);
　　echo($str);
?>
运行实例：
Shanghai is the \"biggest\" city in China.

Definition and usage

addslashes() function Returns a string with a backslash preceding the predefined characters.

The predefined characters are:

• Single quote (')
• Double quote (")
• Backslash (\)
• NULL

Tip: This function can be used to prepare strings for strings stored in the database as well as database query statements.

Note: By default, PHP automatically runs addslashes() on all GET, POST and COOKIE data. So you should not use addslashes() on already escaped strings, as this will result in double escaping. When encountering this situation, you can use the function get_magic_quotes_gpc() to detect it.

Description

string addslashes ( string $str )

# Returns a string with backslashes added in front of certain characters for the purpose of database query statements, etc. These characters are single quotes ('), double quotes ("), backslashes (\) and NUL (NULL characters).

An example of using addslashes() is when you are entering data into a database. For example, add the name O' reilly is inserted into the database, which requires escaping it. It is strongly recommended to use the escape function specified by the DBMS (for example, MySQL is mysqli_real_escape_string(), PostgreSQL is pg_escape_string()), but if The DBMS you are using does not have an escape function and uses \ to escape special characters, you can use this function. Just to get the data inserted into the database, the additional \ and Will not be inserted. When the PHP directive magic_quotes_sybase is set to on, it means that ' will be escaped when inserting '.

Before PHP 5.4, the default PHP instruction magic_quotes_gpc was on. In fact, all GET, POST and COOKIE data were used addslashes() . Do not use addslashes() on strings that have been escaped by magic_quotes_gpc, because this will cause double-level escaping. When encountering this situation, you can use the function get_magic_quotes_gpc( ) for detection.

Recommended study: "PHP Video Tutorial"

Related introduction:

• ##stripcslashes() - dereference a transfer using addcslashes unambiguous string
• stripslashes() - dequote a quoted string
• addcslashes() - use backslashes in C style Escape characters in a string
• htmlspecialchars() - Convert special characters to HTML entities
• quotemeta() - Escape metacharacters Set
• get_magic_quotes_gpc() - Gets the configuration option settings for the current magic_quotes_gpc

The above is the detailed content of Detailed explanation of usage of php addslashes. For more information, please follow other related articles on the PHP Chinese website!