If you are using addcslashes() to encode text which is to later be decoded back to it's original form, you MUST specify the backslash (\) character in charlist!
Example:
<?php
$originaltext = 'This text does NOT contain \\n a new-line!';
$encoded = addcslashes($originaltext, '\\');
$decoded = stripcslashes($encoded);
//$decoded now contains a copy of $originaltext with perfect integrity
echo $decoded; //Display the sentence with it's literal \n intact
?>
If the '\\' was not specified in addcslashes(), any literal \n (or other C-style special character) sequences in $originaltext would pass through un-encoded, but then be decoded into control characters by stripcslashes() and the data would lose it's integrity through the encode-decode transaction.
addcslashes
(PHP 4, PHP 5, PHP 7, PHP 8)
addcslashes — 以 C 语言风格使用反斜线转义字符串中的字符
说明
addcslashes(string
$str, string $charlist): string
返回字符串,该字符串在属于参数 charlist
列表中的字符前都加上了反斜线。
参数
-
str -
要转义的字符。
-
charlist -
如果
charlist中包含有\n,\r等字符,将以 C 语言风格转换,而其它非字母数字且 ASCII 码低于 32 以及高于 126 的字符均转换成使用八进制表示。当定义 charlist 参数中的字符序列时,需要确实知道介于自己设置的开始及结束范围之内的都是些什么字符。
另外,如果设置范围中的结束字符 ASCII 码高于开始字符,则不会创建范围,只是将开始字符、结束字符以及其间的字符逐个转义。可使用 ord() 函数获取字符的 ASCII 码值。<?php
echo addcslashes('foo[ ]', 'A..z');
// 输出:\f\o\o\[ \]
// 所有大小写字母均被转义
// ... 但 [\]^_` 以及分隔符、换行符、回车符等也一并被转义了。
?><?php
echo addcslashes("zoo['.']", 'z..A');
// 输出:\zoo['\.']
?>当选择对字符 0,a,b,f,n,r,t 和 v 进行转义时需要小心,它们将被转换成 \0,\a,\b,\f,\n,\r,\t 和 \v。在 PHP 中,只有 \0(NULL),\r(回车符),\n(换行符)和 \t(制表符)是预定义的转义序列, 而在 C 语言中,上述的所有转换后的字符都是预定义的转义序列。
返回值
返回转义后的字符。
更新日志
| 版本 | 说明 |
|---|---|
| 5.2.5 | The escape sequences \v and \f were added. |
范例
charlist 参数,如“\0..\37”,将转义所有
ASCII 码介于 0 和 31 之间的字符。
示例 #1 addcslashes() 例子
<?php
$escaped = addcslashes($not_escaped, "\0..\37!@\177..\377");
?>
参见
- stripcslashes() - 反引用一个使用 addcslashes 转义的字符串
- stripslashes() - 反引用一个引用字符串
- addslashes() - 使用反斜线引用字符串
- htmlspecialchars() - 将特殊字符转换为 HTML 实体
- quotemeta() - 转义元字符集
add a note
User Contributed Notes 6 notes
phpcoder at cyberpimp dot pimpdomain dot com ¶
17 years ago
glitchmr at myopera dot com ¶
8 years ago
If you need JS escaping function, use json_encode() instead.
stein at visibone dot com ¶
14 years ago
addcslashes() treats NUL as a string terminator:
assert("any" === addcslashes("any\0body", "-"));
unless you order it backslashified:
assert("any\\000body" === addcslashes("any\0body", "\0"));
(Uncertain whether this should be declared a bug or simply that addcslashes() is not binary-safe, whatever that means.)
natNOSPAM at noworrie dot NO_SPAM dot com ¶
20 years ago
I have found the following to be much more appropriate code example:
<?php
$escaped = addcslashes($not_escaped, "\0..\37!@\@\177..\377");
?>
This will protect original, innocent backslashes from stripcslashes.
vishal dot ceeng at gmail dot com ¶
3 years ago
echo addcslashes("zoo['.']", 'z..A');
Above code will create an error as per below
Invalid '..'-range, '..'-range needs to be incrementing -
