Sophie

Sophie

distrib > Mageia > 4 > x86_64 > by-pkgid > f800694edefe91adea2624f711a41a2d > files > 1994

php-manual-en-5.5.7-1.mga4.noarch.rpm

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
 <head>
  <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  <title>Quote string with slashes</title>

 </head>
 <body><div class="manualnavbar" style="text-align: center;">
 <div class="prev" style="text-align: left; float: left;"><a href="function.addcslashes.html">addcslashes</a></div>
 <div class="next" style="text-align: right; float: right;"><a href="function.bin2hex.html">bin2hex</a></div>
 <div class="up"><a href="ref.strings.html">String Functions</a></div>
 <div class="home"><a href="index.html">PHP Manual</a></div>
</div><hr /><div id="function.addslashes" class="refentry">
 <div class="refnamediv">
  <h1 class="refname">addslashes</h1>
  <p class="verinfo">(PHP 4, PHP 5)</p><p class="refpurpose"><span class="refname">addslashes</span> &mdash; <span class="dc-title">Quote string with slashes</span></p>

 </div>
 
 <div class="refsect1 description" id="refsect1-function.addslashes-description">
  <h3 class="title">Description</h3>
  <div class="methodsynopsis dc-description">
   <span class="type">string</span> <span class="methodname"><strong>addslashes</strong></span>
    ( <span class="methodparam"><span class="type">string</span> <code class="parameter">$str</code></span>
   )</div>

  <p class="para rdfs-comment">
   Returns a string with backslashes before characters that need to be
   escaped. These characters are single quote (<em>&#039;</em>),
   double quote (<em>&quot;</em>), backslash
   (<em>\</em>) and NUL (the <strong><code>NULL</code></strong> byte).
  </p>
  <p class="para">
   An example use of  <span class="function"><strong>addslashes()</strong></span> is when you&#039;re
   entering data into string that is evaluated by PHP. For example,
   <em>O&#039;reilly</em> is stored in $str, you need to escape
   $str. (e.g.  eval(&quot;echo &#039;&quot;.addslashes($str).&quot;&#039;;&quot;); )
  </p>
  <p class="para">
   To escape database parameters, DBMS specific escape function
   (e.g.  <span class="function"><a href="mysqli.real-escape-string.html" class="function">mysqli_real_escape_string()</a></span> for MySQL or
    <span class="function"><a href="function.pg-escape-literal.html" class="function">pg_escape_literal()</a></span>,  <span class="function"><a href="function.pg-escape-string.html" class="function">pg_escape_string()</a></span>
   for PostgreSQL) should be used for security reasons.  DBMSes have
   differect escape specification for identifiers (e.g. Table name,
   field name) than parameters. Some DBMS such as PostgreSQL provides
   identifier escape
   function,  <span class="function"><strong>pg_escape_indentifier()</strong></span>, but not all
   DBMS provides identifier escape API. If this is the case, refer to
   your database system manual for proper escaping method.
  </p>
  <p class="para">
   If your DBMS doesn&#039;t have an escape function and the DBMS
   uses <em>\</em> to escape special chars, you might be
   able to use this function only when this escape method is adequate for
   your database. Please note that use
   of  <span class="function"><strong>addslashes()</strong></span> for database parameter escaping
   can be cause of security issues on most databases.
  </p>
  <p class="para">
   The PHP directive <a href="info.configuration.html#ini.magic-quotes-gpc" class="link">
   magic_quotes_gpc</a> was <em>on</em> by default before
   PHP 5.4, and it essentially ran  <span class="function"><strong>addslashes()</strong></span> on
   all GET, POST, and COOKIE data.  Do not
   use  <span class="function"><strong>addslashes()</strong></span> on strings that have already
   been escaped with
   <a href="info.configuration.html#ini.magic-quotes-gpc" class="link">magic_quotes_gpc</a> as you&#039;ll
   then do double escaping.  The function
    <span class="function"><a href="function.get-magic-quotes-gpc.html" class="function">get_magic_quotes_gpc()</a></span> may come in handy for
   checking this.
  </p>
 </div>


 <div class="refsect1 parameters" id="refsect1-function.addslashes-parameters">
  <h3 class="title">Parameters</h3>
  <p class="para">
   <dl>

    <dt>

     <span class="term"><em><code class="parameter">str</code></em></span>
     <dd>

      <p class="para">
       The string to be escaped.
      </p>
     </dd>

    </dt>

   </dl>

  </p>
 </div>


 <div class="refsect1 returnvalues" id="refsect1-function.addslashes-returnvalues">
  <h3 class="title">Return Values</h3>
  <p class="para">
   Returns the escaped string.
  </p>
 </div>


 <div class="refsect1 examples" id="refsect1-function.addslashes-examples">
  <h3 class="title">Examples</h3>
  <p class="para">
   <div class="example" id="example-4817">
    <p><strong>Example #1 An  <span class="function"><strong>addslashes()</strong></span> example</strong></p>
    <div class="example-contents">
<div class="phpcode"><code><span style="color: #000000">
<span style="color: #0000BB">&lt;?php<br />$str&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #DD0000">"Is&nbsp;your&nbsp;name&nbsp;O'reilly?"</span><span style="color: #007700">;<br /><br /></span><span style="color: #FF8000">//&nbsp;Outputs:&nbsp;Is&nbsp;your&nbsp;name&nbsp;O\'reilly?<br /></span><span style="color: #007700">echo&nbsp;</span><span style="color: #0000BB">addslashes</span><span style="color: #007700">(</span><span style="color: #0000BB">$str</span><span style="color: #007700">);<br /></span><span style="color: #0000BB">?&gt;</span>
</span>
</code></div>
    </div>

   </div>
  </p>
 </div>


 <div class="refsect1 seealso" id="refsect1-function.addslashes-seealso">
  <h3 class="title">See Also</h3>
  <p class="para">
   <ul class="simplelist">
    <li class="member"> <span class="function"><a href="function.stripcslashes.html" class="function" rel="rdfs-seeAlso">stripcslashes()</a> - Un-quote string quoted with addcslashes</span></li>
    <li class="member"> <span class="function"><a href="function.stripslashes.html" class="function" rel="rdfs-seeAlso">stripslashes()</a> - Un-quotes a quoted string</span></li>
    <li class="member"> <span class="function"><a href="function.addcslashes.html" class="function" rel="rdfs-seeAlso">addcslashes()</a> - Quote string with slashes in a C style</span></li>
    <li class="member"> <span class="function"><a href="function.htmlspecialchars.html" class="function" rel="rdfs-seeAlso">htmlspecialchars()</a> - Convert special characters to HTML entities</span></li>
    <li class="member"> <span class="function"><a href="function.quotemeta.html" class="function" rel="rdfs-seeAlso">quotemeta()</a> - Quote meta characters</span></li>
    <li class="member"> <span class="function"><a href="function.get-magic-quotes-gpc.html" class="function" rel="rdfs-seeAlso">get_magic_quotes_gpc()</a> - Gets the current configuration setting of magic_quotes_gpc</span></li>
   </ul>
  </p>
 </div>


</div><hr /><div class="manualnavbar" style="text-align: center;">
 <div class="prev" style="text-align: left; float: left;"><a href="function.addcslashes.html">addcslashes</a></div>
 <div class="next" style="text-align: right; float: right;"><a href="function.bin2hex.html">bin2hex</a></div>
 <div class="up"><a href="ref.strings.html">String Functions</a></div>
 <div class="home"><a href="index.html">PHP Manual</a></div>
</div></body></html>

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional