We add a backslash before the specified predefined character by defining and using the addslashes() function.
Double quote (")
Backslash ()
NULL
c
string Required. Specifies the string to be checked.
Tip: This function can be used for characters stored in the database. Prepare appropriate strings for strings and database query statements.
Output:
<ol class="dp-xml"> <li class="alt"><span><span class="tag"><span> ?php </span></span></span></li> <li> <span>$</span><span class="attribute">str</span><span> = </span><span class="attribute-value">"Who's John Adams?"</span><span>; </span> </li> <li class="alt"><span>echo $str . " This is not safe in a database query.</span></li> <li class="alt"><span class="tag"><span> </span><span class="tag-name">br</span><span> </span><span class="tag">/></span><span>"; </span></span></li> <li><span>echo addslashes($str) . " This is safe in a database query."; </span></li> <li class="alt"> <span class="tag">?></span><span> </span> </li> </ol>
Who's John Adams? This is safe in a database query.
An example of using addslashes() is when you want to enter data into the database. For example, this is required to insert the name O'reilly into the database. Escape it. Most databases use as escape character: O'reilly. This will put the data into the database without inserting extra. When the PHP directive magic_quotes_sybase is set to on, it means that when inserting ' Use ' for escaping.
By default, the PHP directive magic_quotes_gpc is on, which mainly automatically runs addslashes() on all GET, POST and COOKIE data. Do not escape characters that have been escaped by magic_quotes_gpc. Use addslashes() for strings, because this will cause double-level escaping. When encountering this situation, you can use the function get_magic_quotes_gpc() to detect it.