If you are using addcslashes() to encode text which is to later be decoded back to it's original form, you MUST specify the backslash (\) character in charlist!
Example:
<?php
$originaltext = 'This text does NOT contain \\n a new-line!';
$encoded = addcslashes($originaltext, '\\');
$decoded = stripcslashes($encoded);
//$decoded now contains a copy of $originaltext with perfect integrity
echo $decoded; //Display the sentence with it's literal \n intact
?>
If the '\\' was not specified in addcslashes(), any literal \n (or other C-style special character) sequences in $originaltext would pass through un-encoded, but then be decoded into control characters by stripcslashes() and the data would lose it's integrity through the encode-decode transaction.
addcslashes
(PHP 4, PHP 5, PHP 7, PHP 8)
addcslashes — 以 C 语言风格使用反斜线转义字符串中的字符
说明
返回字符串,该字符串在属于参数 characters
列表中的字符前都加上了反斜线。
参数
-
string -
要转义的字符。
-
characters -
如果
characters中包含有\n,\r等字符,将以 C 语言风格转换,而其它非字母数字且 ASCII 码低于 32 以及高于 126 的字符均转换成使用八进制表示。当定义
characters参数中的字符序列时,需要确保知道设置为开始及结束范围之内的字符都是什么。另外,如果设置范围中的结束字符 ASCII 码高于开始字符,则不会创建范围,只是将开始字符、结束字符以及其间的字符逐个转义。可使用 ord() 函数获取字符的 ASCII 码值。<?php
echo addcslashes('foo[ ]', 'A..z');
// 输出:\f\o\o\[ \]
// 所有大小写字母均被转义
// ... 但 [\]^_` 以及分隔符、换行符、回车符等也一并被转义了。
?><?php
echo addcslashes("zoo['.']", 'z..A');
// 输出:\zoo['\.']
?>当选择对字符 0,a,b,f,n,r,t 和 v 进行转义时需要小心。它们将被转换成 \0,\a,\b,\f,\n,\r,\t 和 \v,这些在 C 中都是预定义的转义序列。其中一些序列也在其它 C 派生语言(包含 PHP)中定义,这意味着如果使用 addcslashes() 和
characters中定义的字符输出生成语言的代码,将不会得到预期的结果。
返回值
返回转义后的字符。
示例
characters 参数,如“\0..\37”,将转义所有
ASCII 码介于 0 和 31 之间的字符。
示例 #1 addcslashes() 例子
<?php
$escaped = addcslashes($not_escaped, "\0..\37!@\177..\377");
?>参见
- stripcslashes() - 反引用一个使用 addcslashes 转义的字符串
- stripslashes() - 反引用一个引用字符串
- addslashes() - 使用反斜线引用字符串
- htmlspecialchars() - 将特殊字符转换为 HTML 实体
- quotemeta() - 转义元字符集
add a note
User Contributed Notes 6 notes
phpcoder at cyberpimp dot pimpdomain dot com ¶
19 years ago
stein at visibone dot com ¶
16 years ago
addcslashes() treats NUL as a string terminator:
assert("any" === addcslashes("any\0body", "-"));
unless you order it backslashified:
assert("any\\000body" === addcslashes("any\0body", "\0"));
(Uncertain whether this should be declared a bug or simply that addcslashes() is not binary-safe, whatever that means.)
natNOSPAM at noworrie dot NO_SPAM dot com ¶
22 years ago
I have found the following to be much more appropriate code example:
<?php
$escaped = addcslashes($not_escaped, "\0..\37!@\@\177..\377");
?>
This will protect original, innocent backslashes from stripcslashes.
glitchmr at myopera dot com ¶
11 years ago
If you need JS escaping function, use json_encode() instead.
vishal dot ceeng at gmail dot com ¶
5 years ago
echo addcslashes("zoo['.']", 'z..A');
Above code will create an error as per below
Invalid '..'-range, '..'-range needs to be incrementing -
