Returns a string with backslashes before characters that need
to be quoted in database queries etc. These characters are
single quote ('), double quote
("), backslash (\)
and NUL (the NULL byte).
An example use of addslashes() is when you're
entering data into a database. For example, to insert the name
O'reilly into a database, you will need to escape
it. It's highly recommeneded to use DBMS specific escape function
(e.g. mysqli_real_escape_string() for MySQL or
pg_escape_string() for PostgreSQL), but
if the DBMS you're using does't have an escape function
and the DBMS uses \ to escape special chars,
you can use this function. This would only be to get the data
into the database, the extra \ will not be inserted.
Having the PHP directive
magic_quotes_sybase set to on will mean
' is instead escaped with another
'.
The PHP directive
magic_quotes_gpc is on by default, and it
essentially runs addslashes() on all GET, POST,
and COOKIE data. Do not use addslashes() on
strings that have already been escaped with
magic_quotes_gpc as you'll
then do double escaping. The function
get_magic_quotes_gpc() may come in handy for
checking this.
Parameters
str
The string to be escaped.
Return Values
Returns the escaped string.
Examples
Example #1 An addslashes() example
<?php $str = "Is your name O'reilly?";
// Outputs: Is your name O\'reilly? echo addslashes($str); ?>
