W3cubDocs

/PHP

addslashes

(PHP 4, PHP 5, PHP 7, PHP 8)

addslashesQuote string with slashes

Description

addslashes(string $string): string

Returns a string with backslashes added before characters that need to be escaped. These characters are:

  • single quote (')
  • double quote (")
  • backslash (\)
  • NUL (the NUL byte)

A use case of addslashes() is escaping the aforementioned characters in a string that is to be evaluated by PHP:

Example #1 Escaping Characters

<?php
$str = "O'Reilly?";
eval("echo '" . addslashes($str) . "';");
?>

The addslashes() is sometimes incorrectly used to try to prevent SQL Injection. Instead, database-specific escaping functions and/or prepared statements should be used.

Parameters

string

The string to be escaped.

Return Values

Returns the escaped string.

Examples

Example #2 An addslashes() example

<?php
$str = "Is your name O'Reilly?";

// Outputs: Is your name O\'Reilly?
echo addslashes($str);
?>

See Also

© 1997–2025 The PHP Documentation Group
Licensed under the Creative Commons Attribution License v3.0 or later.
https://www.php.net/manual/en/function.addslashes.php