(PHP 4, PHP 5, PHP 7, PHP 8)
addslashes — Quote string with slashes
Returns a string with backslashes added before characters that need to be escaped. These characters are:
'
)"
)\
)A use case of addslashes() is escaping the aforementioned characters in a string that is to be evaluated by PHP:
<?php$str = "O'Reilly?";eval("echo '" . addslashes($str) . "';");?>
The addslashes() is sometimes incorrectly used to try to prevent SQL Injection. Instead, database-specific escaping functions and/or prepared statements should be used.
string
The string to be escaped.
Returns the escaped string.
Example #1 An addslashes() example
<?php$str = "Is your name O'Reilly?";// Outputs: Is your name O\'Reilly?echo addslashes($str);?>