stristr

stripos

Last updated: Fri, 28 Nov 2008

stripslashes

(PHP 4, PHP 5)

stripslashes — Un-quotes a quoted string

Description

string stripslashes ( string $str )

Un-quotes a quoted string.

Note: If magic_quotes_sybase is on, no backslashes are stripped off but two apostrophes are replaced by one instead.

An example use of stripslashes() is when the PHP directive magic_quotes_gpc is on (it's on by default), and you aren't inserting this data into a place (such as a database) that requires escaping. For example, if you're simply outputting data straight from an HTML form.

Parameters

str: The input string.

Return Values

Returns a string with backslashes stripped off. (\' becomes ' and so on.) Double backslashes (\\) are made into a single backslash (\).

Examples

Example #1 A stripslashes() example


<?php
$str = "Is your name O\'reilly?";

// Outputs: Is your name O'reilly?
echo stripslashes($str);
?>

Note: stripslashes() is not recursive. If you want to apply this function to a multi-dimensional array, you need to use a recursive function.

Example #2 Using stripslashes() on an array


<?php
function stripslashes_deep($value)
{
    $value = is_array($value) ?
                array_map('stripslashes_deep', $value) :
                stripslashes($value);

    return $value;
}

// Example
$array = array("f\\'oo", "b\\'ar", array("fo\\'o", "b\\'ar"));
$array = stripslashes_deep($array);

// Output
print_r($array);
?>

The above example will output:

Array
(
    [0] => f'oo
    [1] => b'ar
    [2] => Array
        (
            [0] => fo'o
            [1] => b'ar
        )

)


Function which checks if $input has correct slashes,

otherwise adds slashes. For cases when you are not sure the input is not already addslashed.



    public function addslashes_once($input){

        //These characters are single quote ('), double quote ("), backslash (\) and NUL (the NULL byte).

        $pattern = array("\\'", "\\\"", "\\\\", "\\0");

        $replace = array("", "", "", "");

        if(preg_match("/[\\\\'\"\\0]/", str_replace($pattern, $replace, $input))){

            return addslashes($input);

        }

        else{

            return $input;

        }

    }

Aditya P Bhatt (adityabhai at gmail dot com)
28-Mar-2008 01:03


Here is simple example code which you can use as a common function in your functions file:



<?php

function stripslashes_if_gpc_magic_quotes( $string ) {

    if(get_magic_quotes_gpc()) {

        return stripslashes($string);

    } else {

        return $string;

    }

}

?>

Evgeny
26-Feb-2008 09:52


extended version of stripslashes_deep. This allow to strip one also in the array_keys



    function stripslashes_deep($value) {

        if (is_array($value)) {

            if (count($value)>0) {

                $return = array_combine(array_map('stripslashes_deep', array_keys($value)),array_map('stripslashes_deep', array_values($value)));

            } else {

                $return = array_map('stripslashes_deep', $value);

            }

            return $return;

        } else {

            $return = stripslashes($value);

            return $return ;

        }

    }

tokyoahead
10-Jan-2008 11:39


I am using this here to clear data in a CMS against SQL injections and other mayhem. The flow is:



1. input into form 

2. get from $_GET/$_POST 

3. cleanup($data, true) 

4. save to SQL

5. load from SQL 

6. cleanup($data, false)

7. show in form for new edit or on the website



<?php

function cleanup($data, $write=false) {

    if (is_array($data)) {

        foreach ($data as $key => $value) {

            $data[$key] = cleanup_lvl2($value, $write);

        }

    } else {

        $data = cleanup_lvl2($data, $write);

    }

    return $data;

}



function cleanup_lvl2($data, $write=false) {

    if (isset($data)) { // preserve NULL

        if (get_magic_quotes_gpc()) {

            $data = stripslashes($data);

        }

        if ($write) {

            $data = mysql_real_escape_string($data);

        }

    }

    return $data;

}

?>

alex dot launi at gmail dot com
21-Dec-2007 09:16


kibby: I modified the stripslashes_deep() function so that I could use it on NULL values.



function stripslashes_deep($value)

{

    if(isset($value)) {

        $value = is_array($value) ?

            array_map('stripslashes_deep', $value) :

            stripslashes($value);

    }

    return $value;

}

lukas.skowronski at gmail dot com
20-Jun-2007 06:15


If You want to delete all slashes from any table try to use my function:



function no_slashes($array)

    {

        foreach($array as $key=>$value)

            {

                if(is_array($value))

                    {

                        $value=no_slashes($value);

                        $array_temp[$key]=$value;                        

                    }

                else

                    {

                        $array_temp[$key]=stripslashes($value);

                    }

            }        

        return $array_temp;    

    }

dragonfly at networkinsight dot net
11-Mar-2007 06:22


If you are having trouble with stripslashes() corrupting binary data, try using urlencode() and urldecode() instead.

JAB Creations
05-Mar-2007 10:49


When writing to a flatfile such as an HTML page you'll notice slashes being inserted. When you write to that page it's interesting how to apply stripslashes...



I replaced this line...

<?php fwrite($file, $_POST['textarea']); ?>



With...

<?php if (get_magic_quotes_gpc()) {fwrite ($file, stripslashes($_POST['textarea']));}?>



You have to directly apply stripslashes to $_POST, $_GET, $_REQUEST, and $_COOKIE.

gregory at nutt dot ca
22-Feb-2007 08:48


Here is code I use to clean the results from a MySQL query using the stripslashes function.



I do it by passing the sql result and the sql columns to the function strip_slashes_mysql_results.  This way, my data is already clean by the time I want to use it.



    function db_query($querystring, $array, $columns)

    {

      if (!$this->connect_to_mysql())

       return 0;



     $queryresult = mysql_query($querystring, $this->link)

        or die("Invalid query: " . mysql_error());

    

      if(mysql_num_rows($queryresult))

      {

          $columns = mysql_field_names ($queryresult);

    

          if($array)

          {

              while($row = mysql_fetch_row($queryresult))

                $row_meta[] = $this->strip_slashes_mysql_results($row, $columns);

              return $row_meta;

          }

          else

          {

              while($row = mysql_fetch_object($queryresult))

                $row_meta[] = $this->strip_slashes_mysql_results($row, $columns);

              return $row_meta;

          }

      }

      else

        return 0;

    }

    

    function strip_slashes_mysql_results($result, $columns)

    {

        foreach($columns as $column)

        {

              if($this->debug)

                  printp(sprintf("strip_slashes_mysql_results: %s",strip_slashes_mysql_results));

              $result->$column = stripslashes($result->$column);

        }

        return $result;

    }

Allen
07-Feb-2007 01:41


In response to Tim's solution, it is only good for one-dimensional array.  If the variables happened to be multi-dimensional arrays, we still have to use function like 'stripslashes_deep'.

stoic
02-Jan-2007 10:31


in response to crab dot crab at gmail dot com:



$value need not be passed by reference. The 'stripped' value is returned. The passed value is not altered.

Kibby
14-May-2006 03:41


Okay, if using stripslashes_deep, it will definitely replace any NULL to "".  This will affect to coding that depends isset().  Please provide a workaround based on recent note.

hauser dot j at gmail dot com
21-Feb-2006 04:13


Don't use stripslashes if you depend on the values NULL.



Apparently stripslashes converts NULL to string(0) "" 



<?php

$a = null;

var_dump($a);



$b = stripslashes($a);

var_dump($b);

?>

Will output



NULL

string(0) ""

alf at mitose dot net
25-Oct-2005 07:09


Take care using stripslashes() if the text you want to insert in the database contain \n characters ! You'll see "n" instead of (not seeing) "\n".



It should be no problem for XML, but is still boring ...

r_loebs at hotmail dot com
24-Jun-2005 09:03


Of course why not just do an



if($r){ stuff; } <-- this will check it all, NULL, 0, ""

10-Feb-2005 09:45


If you want to deal with slashes in double-byte encodings, such as shift_jis or big5, you may use this:



<?

function stripslashes2($string) {

    $string = str_replace("\\\"", "\"", $string);

    $string = str_replace("\\'", "'", $string);

    $string = str_replace("\\\\", "\\", $string);

    return $string;

}

?>

mattyblah at gmail dot com
10-Sep-2004 10:51


It should be of note that if you are stripping slashes to get rid of the slashes added by magic_quotes_gpc then it will also remove slashes from \. This may not seem that bad but if you have someone enter text such as 'testing\' with a slash at the end, this will cause an error if not corrected. It's best to strip the slashes, then add a slash to every single slash using $text = str_replace('\\', '\\\\', $text);

hash at samurai dot fm
30-Nov-2003 11:34


Might I warn readers that they should be vary careful with the use of stripslashes on Japanese text. The shift_jis character set includes a number of two-byte code charcters that contain the hex-value 0x5c (backslash) which will get stripped by this function thus garbling those characters.



What a nightmare!

add a note