Stripslashes () PHP Function

Definition: The function stripslashes is used to remove backslashes from data. One use for this function, is to display data to which addslashes has been applied. What this means is that stripslashes would change I\'m hungry into I'm hungry.
Also Known As: Strip Slashes, Remove Slashes
Examples:

 <?php
 $greeting = "Hello, I\'m Billy";
 print stripslashes($greeting);
 ?>

This would output the string: Hello, I'm Billy

 <?php
 $said = 'Who said \"Live long and prosper\"?';
 print stripslashes($said);
 ?>

This would output the string: Who said "Live long and prosper"?

Addslashes () PHP Function

 Definition: The addslashes function is used to add in backslashes [\] to data submitted from your forms. This keeps the input MySQL (and other coding languages) friendly. What this means is that addslashes would change I'm hungry into I\'m hungry.

It is phrased as: addslashes($string_data)
Also Known As: Add Slashes
Examples:

 <?php
 $greeting = "Hello, I'm Billy";
 print addslashes($greeting);
 ?>

This would output the string: Hello, I\'m Billy

 <?php
 $said = 'Who said "Live long and prosper"?';
 print addslashes($said);
 ?>

This would output the string: Who said \"Live long and prosper\"?

Make Addslashes More Universal

When writing user submitted data to a MySQL database, it is important to add the appropriate slashes to prevent errors. If magic quotes is running then there is no need to do anything, but if magic quotes is turned off then you need to run addslashes (). What if you want to make a more universal program, that will work for both types of PHP configuration?

One way to do it is to write a function that checks if magic quotes is running and then runs addslashes () based on the results. We check the status of magic quotes using the get_magic_quotes_gpc () function.

 <?php
 function Mod_addslashes ( $string )
 {
 if (get_magic_quotes_gpc()==1)
{
 return ( $string );
 }
 else
 {
 return ( addslashes ( $string ) );
 }
 }
 ?>

In the code above, we first check if magic quotes is turned on. If it is, we just return the data again. If it isn't we run it through addslashes () first. So, each place in our code where we would have normal run addslashes (), we will now run Mod_addslashes () instead.

Magic Quotes in PHP

What is Magic Quotes?: 
When turned on, Magic Quotes automatically performs an addslashes () on all form data submitted. This means that a [\] is placed before every ['], ["], [\], or nul in the data, so That's Great would be converted to That\'s Great automatically. This all happens before your coding even sees that data, so if you're just passing a string to the next page (and not to a database) it will print out with slashes even though you may not want them.

Why is it Good?: 
If Magic Quotes is running, you can be sure that you won't get any SQL errors due to illegal characters slipping by without a backslash. It saves having to run addslashes () on all the form data that's going to your database.

Why is it Bad?: 
You shouldn't learn to rely on Magic Quotes, or you won't learn to program without it. Also, when you let something automated run, your handing over control. It may seem easy now, but in the long run you may regret it. Plus, you may not always want slashes added, because not all forms go to MySQL, some just pass data to email or echo it on another page.

What about stripslashes (): 
Perhaps your asking, if Magic Quotes is running, why don't I just run stripslashes () on the data I don't want it on? You're right, this does work... BUT do you really want to make sure your running this on every script you ever run, and redo everything you already have running?

How do I know if it's on?: 
If when you run addslashes () you're getting three backslashes instead of one, it's probably running. You can check for sure in your phpinfo () or by running get_magic_quotes_gpc().

How do I turn it off?: 
If you have access to your php.ini file you can edit it to set magic_quotes_gpc = Off. You could also try doing it from your .htaccess by adding the line php_flag magic_quotes_gpc Off. Or when in doubt, contact your hosting provider.