LoopRun Barcelona 2020
    Edit Report a Bug

    addcslashes

    (PHP 4, PHP 5, PHP 7)

    addcslashes以 C 语言风格使用反斜线转义字符串中的字符

    说明

    addcslashes ( string $str , string $charlist ) : string

    返回字符串,该字符串在属于参数 charlist 列表中的字符前都加上了反斜线。

    参数

    str

    要转义的字符。

    charlist

    如果 charlist 中包含有 \n\r 等字符,将以 C 语言风格转换,而其它非字母数字且 ASCII 码低于 32 以及高于 126 的字符均转换成使用八进制表示。

    当定义 charlist 参数中的字符序列时,需要确实知道介于自己设置的开始及结束范围之内的都是些什么字符。

    <?php
    echo addcslashes('foo[ ]''A..z');
    // 输出:\f\o\o\[ \]
    // 所有大小写字母均被转义
    // ... 但 [\]^_` 以及分隔符、换行符、回车符等也一并被转义了。
    ?>
    另外,如果设置范围中的结束字符 ASCII 码高于开始字符,则不会创建范围,只是将开始字符、结束字符以及其间的字符逐个转义。可使用 ord() 函数获取字符的 ASCII 码值。
    <?php
    echo addcslashes("zoo['.']"'z..A');
    // 输出:\zoo['\.']
    ?>

    当选择对字符 0,a,b,f,n,r,t 和 v 进行转义时需要小心,它们将被转换成 \0,\a,\b,\f,\n,\r,\t 和 \v。在 PHP 中,只有 \0(NULL),\r(回车符),\n(换行符)和 \t(制表符)是预定义的转义序列, 而在 C 语言中,上述的所有转换后的字符都是预定义的转义序列。

    返回值

    返回转义后的字符。

    更新日志

    版本 说明
    5.2.5 The escape sequences \v and \f were added.

    范例

    charlist 参数,如“\0..\37”,将转义所有 ASCII 码介于 0 和 31 之间的字符。

    Example #1 addcslashes() 例子

    <?php
    $escaped     addcslashes($not_escaped"\0..\37!@\177..\377");
    ?>

    参见

    add a note add a note

    User Contributed Notes 8 notes

    up
    6
    phpcoder at cyberpimp dot pimpdomain dot com
    15 years ago
    If you are using addcslashes() to encode text which is to later be decoded back to it's original form, you MUST specify the backslash (\) character in charlist!

    Example:

    <?php
      $originaltext     = 'This text does NOT contain \\n a new-line!';
          $encoded = addcslashes($originaltext, '\\');
          $decoded = stripcslashes($encoded);
          //$decoded now contains a copy of $originaltext with perfect integrity
          echo $decoded; //Display the sentence with it's literal \n intact
    ?>

    If the '\\' was not specified in addcslashes(), any literal \n (or other C-style special character) sequences in $originaltext would pass through un-encoded, but then be decoded into control characters by stripcslashes() and the data would lose it's integrity through the encode-decode transaction.
    up
    4
    stein at visibone dot com
    12 years ago
    addcslashes() treats NUL as a string terminator:

       assert("any"  === addcslashes("any\0body", "-"));

    unless you order it backslashified:

       assert("any\\000body" === addcslashes("any\0body", "\0"));

    (Uncertain whether this should be declared a bug or simply that addcslashes() is not binary-safe, whatever that means.)
    up
    2
    natNOSPAM at noworrie dot NO_SPAM dot com
    17 years ago
    I have found the following to be much more appropriate code example:

    <?php
    $escaped     = addcslashes($not_escaped, "\0..\37!@\@\177..\377");
    ?>

    This will protect original, innocent backslashes from stripcslashes.
    up
    -1
    glitchmr at myopera dot com
    6 years ago
    If you need JS escaping function, use json_encode() instead.
    up
    -2
    Johannes
    12 years ago
    Be carefull with adding the \ to the list of encoded characters. When you add it at the last position it encodes all encoding slashes. I got a lot of \\\ by this mistake.

    So always encode \ at first.
    up
    -1
    vishal dot ceeng at gmail dot com
    9 months ago
    echo addcslashes("zoo['.']", 'z..A');

    Above code will create an error as per below

    Invalid '..'-range, '..'-range needs to be incrementing -
    up
    -19
    ruben at intesys dot it
    15 years ago
    jsAddSlashes for XHTML documents:

    <?php
    header    ("Content-type: text/xml");

    print <<<EOF
    <?xml version="1.0"?>
    <html>
    <head>
    <script type="text/javascript">

    EOF;

    function     jsAddSlashes($str) {
            $pattern = array(
                "/\\\\/"  , "/\n/"    , "/\r/"    , "/\"/"    ,
                "/\'/"    , "/&/"     , "/</"     , "/>/"
            );
            $replace = array(
                "\\\\\\\\", "\\n"     , "\\r"     , "\\\""    ,
                "\\'"     , "\\x26"   , "\\x3C"   , "\\x3E"
            );
        return     preg_replace($pattern, $replace, $str);
    }

    $message = jsAddSlashes("\"<Hello>\",\r\n'&World'\\!");

    print <<<EOF
    alert("$message");
    </script>
    </head>
    <body>
    <h1>Hello, World!</h1>
    </body>
    </html>

    EOF;
    ?>
    up
    -22
    Anonymous
    16 years ago
    <?php
    function jsaddslashes($s)
    {
    $o="";
    $l=strlen($s);
    for(    $i=0;$i<$l;$i++)
    {
          $c=$s[$i];
      switch(    $c)
      {
       case     '<': $o.='\\x3C'; break;
       case     '>': $o.='\\x3E'; break;
       case     '\'': $o.='\\\''; break;
       case     '\\': $o.='\\\\'; break;
       case     '"'$o.='\\"'; break;
       case     "\n": $o.='\\n'; break;
       case     "\r": $o.='\\r'; break;
       default:
           $o.=$c;
      }
    }
    return     $o;
    }

    ?>
    <script language="javascript">
    document.write("<? echo jsaddslashes('<h1 style="color:red">hello</h1>'); ?>");
    </script>

    output :

    <script language="javascript">
    document.write("\x3Ch1 style=\"color:red\"\x3Ehello\x3C/h1\x3E");
    </script>
    add a note add a note
    To Top