For data security and preventing injection, it is necessary to filter the string obtained by $_GET. At first, I wrote a filtering function by myself. Later, I saw a filtering function that comes with PHP, so I recommended addslashes to everyone.
An example of using addslashes() is when you are entering data into a database. For example, inserting the name O'reilly into the database requires escaping it. Most databases use as escape character: O'reilly. This puts the data into the database without inserting extra . When the PHP directive magic_quotes_sybase is set to on, it means that inserting ' will be escaped with '.
Example:
<?php $str = "Is your name O'reilly?"; // 输出:Is your name O\'reilly? echo addslashes($str); ?>