Visit Our UNIX and Linux User Community

Linux and UNIX Man Pages

Test Your Knowledge in Computers #258
Difficulty: Medium
Iannis Xenakis wrote programs in the FORTRAN language that generated numeric data that he transcribed into scores to be played by traditional musical instruments.
True or False?
Linux & Unix Commands - Search Man Pages

addslashes(3) [php man page]

ADDSLASHES(3)								 1							     ADDSLASHES(3)

addslashes - Quote string with slashes

SYNOPSIS
string addslashes (string $str) DESCRIPTION
Returns a string with backslashes before characters that need to be escaped. These characters are single quote ( '), double quote ( "), backslash ( ) and NUL (the NULL byte). An example use of addslashes(3) is when you're entering data into string that is evaluated by PHP. For example, O'Reilly is stored in $str, you need to escape $str. (e.g. eval("echo '".addslashes($str)."';"); ) To escape database parameters, DBMS specific escape function (e.g. mysqli_real_escape_string(3) for MySQL or pg_escape_literal(3), pg_escape_string(3) for PostgreSQL) should be used for security reasons. DBMSes have differect escape specification for identifiers (e.g. Table name, field name) than parameters. Some DBMS such as PostgreSQL provides identifier escape function, pg_escape_identifier(3), but not all DBMS provides identifier escape API. If this is the case, refer to your database system manual for proper escaping method. If your DBMS doesn't have an escape function and the DBMS uses to escape special chars, you might be able to use this function only when this escape method is adequate for your database. Please note that use of addslashes(3) for database parameter escaping can be cause of security issues on most databases. The PHP directive magic_quotes_gpc was on by default before PHP 5.4, and it essentially ran addslashes(3) on all GET, POST, and COOKIE data. Do not use addslashes(3) on strings that have already been escaped with magic_quotes_gpc as you'll then do double escaping. The func- tion get_magic_quotes_gpc(3) may come in handy for checking this. PARAMETERS
o $str - The string to be escaped. RETURN VALUES
Returns the escaped string. EXAMPLES
Example #1 An addslashes(3) example <?php $str = "Is your name O'Reilly?"; // Outputs: Is your name O'Reilly? echo addslashes($str); ?> SEE ALSO
stripcslashes(3), stripslashes(3), addcslashes(3), htmlspecialchars(3), quotemeta(3), get_magic_quotes_gpc(3). PHP Documentation Group ADDSLASHES(3)

Check Out this Related Man Page

GET_MAGIC_QUOTES_GPC(3) 						 1						   GET_MAGIC_QUOTES_GPC(3)

get_magic_quotes_gpc - Gets the current configuration setting of magic_quotes_gpc

SYNOPSIS
bool get_magic_quotes_gpc (void ) DESCRIPTION
Returns the current configuration setting of magic_quotes_gpc Keep in mind that attempting to set magic_quotes_gpc at runtime will not work. For more information about magic_quotes, see this security section. RETURN VALUES
Returns 0 if magic_quotes_gpc is off, 1 otherwise. Or always returns FALSE as of PHP 5.4.0. CHANGELOG
+--------+---------------------------------------------------+ |Version | | | | | | | Description | | | | +--------+---------------------------------------------------+ | 5.4.0 | | | | | | | Always returns FALSE because the magic quotes | | | feature was removed from PHP. | | | | +--------+---------------------------------------------------+ EXAMPLES
Example #1 get_magic_quotes_gpc(3) example <?php // If magic quotes are enabled echo $_POST['lastname']; // O'reilly echo addslashes($_POST['lastname']); // O\'reilly // Usage across all PHP versions if (get_magic_quotes_gpc()) { $lastname = stripslashes($_POST['lastname']); } else { $lastname = $_POST['lastname']; } // If using MySQL $lastname = mysql_real_escape_string($lastname); echo $lastname; // O'reilly $sql = "INSERT INTO lastnames (lastname) VALUES ('$lastname')"; ?> NOTES
Note If the directive magic_quotes_sybase is ON it will completely override magic_quotes_gpc. So even when get_magic_quotes_gpc(3) returns TRUE neither double quotes, backslashes or NUL's will be escaped. Only single quotes will be escaped. In this case they'll look like: '' SEE ALSO
addslashes(3), stripslashes(3), get_magic_quotes_runtime(3), ini_get(3). PHP Documentation Group GET_MAGIC_QUOTES_GPC(3)

Featured Tech Videos