addslashes() 函數在指定的預定義字符前添加反斜槓。換句話說就是字符轉義,屏蔽掉特定字符。。。。
這些預定義字符是: 單引號 (')
雙引號 (")
反斜槓 (\)
NULL
提示和注釋
提示:該函數可用於為存儲在數據庫中的字符串以及數據庫查詢語句准備合適的字符串。 注釋:默認情況下,PHP 指令 magic_quotes_gpc 為 on,對所有的 GET、POST 和 COOKIE 數據自動運行 addslashes()。不要對已經被 magic_quotes_gpc 轉義過的字符串使用 addslashes(),因為這樣會導致雙層轉義。遇到這種情況時可以使用函數 get_magic_quotes_gpc() 進行檢測。
例子
在本例中,我們要向字符串中的預定義添加反斜槓:
<?PHP $str = "Who's John Adams?";
echo $str . " This is not safe in a database query.";
echo addslashes($str) . " This is safe in a database query.";
?>
輸出: Who's John Adams? This is not safe in a database query.
Who\'s John Adams? This is safe in a database query.
PHP官方介紹========
http://www.PHP.Net/manual/en/function.addslashes.PHP
addslashes (PHP 4, PHP 5)
addslashes — Quote string with slashes string addslashes ( string $str )
Returns a string with backslashes before characters that need to be quoted in database querIEs etc. These characters are single quote ('), double quote ("), backslash (\) and NUL (the NULL byte). An example use of addslashes() is when you're entering data into a database. For example, to insert the name O'reilly into a database, you will need to escape it. It's highly recommeneded to use DBMS specific escape function (e.g. mysqli_real_escape_string() for MySQL or pg_escape_string() for PostgreSQL), but if the DBMS you're using does't have an escape function and the DBMS uses \ to escape special chars, you can use this function. This would only be to get the data into the database, the extra \ will not be inserted. Having the PHP directive magic_quotes_Sybase set to on will mean ' is instead escaped with another '. The PHP directive magic_quotes_gpc is on by default, and it essentially runs addslashes() on all GET, POST, and COOKIE data. Do not use addslashes() on strings that have already been escaped with magic_quotes_gpc as you'll then do double escaping. The function get_magic_quotes_gpc() may come in handy for checking this.
例子
<?PHP $str = "Is your name O'reilly?";
// Outputs: Is your name O\'reilly?
echo addslashes($str);
?>
