AddCSlashes

(PHP 4, PHP 5)

AddCSlashes — C 형식으로 문자열에 슬래쉬를 덧붙입니다.

설명

string addcslashes ( string $str , string $charlist )

charlist 인자에 주어진 문자 목록 앞에 백슬래쉬를 추가한 문자열을 반환합니다. C 형식으로 \n, \r 등을 이스케이프하고, 32보다 작거나 126보다 큰 ASCII 코드는 팔진 표현으로 변환합니다.

0, a, b, f, n, r, t, v를 이스케이프할 때 주의하십시오. 이는 \0, \a, \b, \f, \n, \r, \t, \v로 변환됩니다. C에서는 이 모든 것이 예약 정의된 이스케이프 시퀀스지만, PHP에서는 \0 (NULL), \r (캐리지 리턴), \n (뉴라인), \t (탭)만이 예약 정의된 이스케이프 시퀀스입니다.

charlist 을 "\0..\37"처럼 하면, 0에서 37사이의 모든 ASCII코드를 이스케이프합니다.

Example#1 addcslashes() 예제


<?php
$escaped = addcslashes($not_escaped, "\0..\37!@\177..\377");
?>

charlist 인자에 문자 시퀀스를 정의할 때, 처음에서 끝 범위에 어떠한 문자가 들어가는지 확인하십시오.


<?php
echo addcslashes('foo[ ]', 'A..z');
// 출력:  \f\o\o\[ \]
// 모든 대문자와 소문자를 이스케이프합니다.
// ... 하지만 [\]^_`와 탭, 라인 피드,
// 캐리지 리턴 등도 이스케이프합니다.
?>

또한, 범위 지정에서 처음 문자가 나중 문자보다 큰 ASCII 값을 가지면 범위를 형성하지 않습니다. 단지 처음과 마지막, 피리오드(.)문자만을 이스케이프합니다. 문자의 ASCII 값을 찾아보려면 ord() 함수를 이용하십시오.


echo addcslashes("zoo['.']", 'z..A');
// 출력:  \zoo['\.']
?>

참고: stripcslashes(), stripslashes(), htmlspecialchars(), quotemeta().

addslashes

문자열

Last updated: Sun, 25 Nov 2007

add a note User Contributed Notes
AddCSlashes

stein at visibone dot com
12-Nov-2007 03:16


addcslashes() treats NUL as a string terminator:



   assert("any"  === addcslashes("any\0body", "-"));



unless you order it backslashified:



   assert("any\\000body" === addcslashes("any\0body", "\0"));



(Uncertain whether this should be declared a bug or simply that addcslashes() is not binary-safe, whatever that means.)

Johannes
26-Oct-2007 05:34


Be carefull with adding the \ to the list of encoded characters. When you add it at the last position it encodes all encoding slashes. I got a lot of \\\ by this mistake.



So always encode \ at first.

phpcoder at cyberpimp dot pimpdomain dot com
20-Jan-2005 12:35


Forgot to add something:

The only time you would likely use addcslashes() without specifying the backslash (\) character in charlist is when you are VALIDATING (not encoding!) a data string.



(Validation ensures that all control characters and other unsafe characters are correctly encoded / escaped, but does not alter any pre-existing escape sequences.)



You can validate a data string multiple times without fear of "double encoding".  A single decoding pass will return the original data, regardless of how many times it was validated.)

phpcoder at cyberpimp dot pimpdomain dot com
19-Jan-2005 11:02


If you are using addcslashes() to encode text which is to later be decoded back to it's original form, you MUST specify the backslash (\) character in charlist!



Example:



<?php

  $originaltext = 'This text does NOT contain \\n a new-line!';

  $encoded = addcslashes($originaltext, '\\');

  $decoded = stripcslashes($encoded);

  //$decoded now contains a copy of $originaltext with perfect integrity

  echo $decoded; //Display the sentence with it's literal \n intact

?>



If the '\\' was not specified in addcslashes(), any literal \n (or other C-style special character) sequences in $originaltext would pass through un-encoded, but then be decoded into control characters by stripcslashes() and the data would lose it's integrity through the encode-decode transaction.

ruben at intesys dot it
31-May-2004 09:51


jsAddSlashes for XHTML documents:



<?php

header("Content-type: text/xml");



print <<<EOF

<?xml version="1.0"?>

<html>

<head>

<script type="text/javascript">



EOF;



function jsAddSlashes($str) {

    $pattern = array(

        "/\\\\/"  , "/\n/"    , "/\r/"    , "/\"/"    ,

        "/\'/"    , "/&/"     , "/</"     , "/>/"

    );

    $replace = array(

        "\\\\\\\\", "\\n"     , "\\r"     , "\\\""    ,

        "\\'"     , "\\x26"   , "\\x3C"   , "\\x3E"

    );

    return preg_replace($pattern, $replace, $str);

}



$message = jsAddSlashes("\"<Hello>\",\r\n'&World'\\!");



print <<<EOF

alert("$message");

</script>

</head>

<body>

<h1>Hello, World!</h1>

</body>

</html>



EOF;

?>

21-Sep-2003 11:44


<?

function jsaddslashes($s)

{

 $o="";

 $l=strlen($s);

 for($i=0;$i<$l;$i++)

 {

  $c=$s[$i];

  switch($c)

  {

   case '<': $o.='\\x3C'; break;

   case '>': $o.='\\x3E'; break;

   case '\'': $o.='\\\''; break;

   case '\\': $o.='\\\\'; break;

   case '"':  $o.='\\"'; break;

   case "\n": $o.='\\n'; break;

   case "\r": $o.='\\r'; break;

   default:

   $o.=$c;

  }

 }

 return $o;

}



?>

<script language="javascript">

document.write("<? echo jsaddslashes('<h1 style="color:red">hello</h1>'); ?>");

</script>



output :



<script language="javascript">

document.write("\x3Ch1 style=\"color:red\"\x3Ehello\x3C/h1\x3E");

</script>

natNOSPAM at noworrie dot NO_SPAM dot com
17-May-2002 04:22


I have found the following to be much more appropriate code example:





<?php


$escaped = addcslashes($not_escaped, "\0..\37!@\@\177..\377");


?>





This will protect original, innocent backslashes from stripcslashes.

add a note

addslashes

문자열

Last updated: Sun, 25 Nov 2007