stristr »
« stripos
- PHP-Handbuch
- Funktionsreferenz
- Textverarbeitung
- Zeichenketten
- String-Funktionen
(PHP 4, PHP 5, PHP 7, PHP 8)
stripslashes — Entfernt Maskierungszeichen aus einem String
Beschreibung
stripslashes(string $string
): string
Entfernt Maskierungszeichen aus einem String.
stripslashes() kann verwendet werden, wenn Sie die Daten nicht an einer Stelle einfügen wollen, die eigenes Maskieren erfordert (z.B. eine Datenbank). Zum Beispiel, wenn Sie Daten direkt aus einem HTML-Formular verarbeiten wollen.
Parameter-Liste
string
-
Die Eingabezeichenkette.
Rückgabewerte
Gibt einen String zurück, aus dem alle Backslashes ("\") entfernt wurden. (\'
wird zu '
usw.). Doppelte Backslashes (\\
) werden zu einem einfachen Backslash (\
) umgesetzt.
Beispiele
Beispiel #1 Ein stripslashes()-Beispiel
<?php
$str = "Ist Ihr Name O\'reilly?";// Ausgabe: Ist Ihr Name O'reilly?
echo stripslashes($str);
?>
Hinweis:
stripslashes() ist nicht rekursiv. Wenn Sie die Funktion auf ein mehrdimensionales Array anwenden wollen, müssen Sie eine rekursive Funktion verwenden.
Beispiel #2 Verwendung von stripslashes() in einem Array
return <?php
function stripslashes_deep($value)
{
$value = is_array($value) ?
array_map('stripslashes_deep', $value) :
stripslashes($value);
}// Beispiel
$array = array("f\\'oo", "b\\'ar", array("fo\\'o", "b\\'ar"));
$array = stripslashes_deep($array);// Ausgabe
print_r($array);
?>
Das oben gezeigte Beispiel erzeugt folgende Ausgabe:
Array( [0] => f'oo [1] => b'ar [2] => Array ( [0] => fo'o [1] => b'ar ))
Siehe auch
- addslashes() - Stellt bestimmten Zeichen eines Strings ein "\" voran
- get_magic_quotes_gpc() - Liefert die aktuelle Konfiguration von magic_quotes_gpc
Improve This Page
+add a note
User Contributed Notes 31 notes
up
down
72
ivijan dot stefan at gmail dot com ¶
10 years ago
<?php This flick has served me wery well, because I had this problem before.Sometimes for some reason is happens that PHP or Javascript or some naughty insert a lot of backslash. Ordinary function does not notice that. Therefore, it is necessary that the bit "inflate":
function removeslashes($string)
{
$string=implode("",explode("\\",$string));
return stripslashes(trim($string));
}/* Example */$text="My dog don\\\\\\\\\\\\\\\\'t like the postman!";
echo removeslashes($text);
?>
RESULT: My dog don't like the postman!
up
down
5
shredder at technodrome dot com ¶
15 years ago
Here are recursive addslashes / stripslashes functions. <?phpfunction add_slashes_recursive( $variable ) elseif ( return function return Hi,
given a string - it will simply add / strip slashes
given an array - it will recursively add / strip slashes from the array and all of it subarrays.
if the value is not a string or array - it will remain unmodified!
{
if ( is_string( $variable ) )
return addslashes( $variable ) ;
foreach( $variable as $i => $value )
$variable[ $i ] = add_slashes_recursive( $value ) ;
}
{
if ( is_string( $variable ) )
return stripslashes( $variable ) ;
if ( is_array( $variable ) )
foreach( $variable as $i => $value )
$variable[ $i ] = strip_slashes_recursive( $value ) ;
}?>
up
down
3
gregory at nutt dot ca ¶
17 years ago
I do it by passing the sql result and the sql columns to the function strip_slashes_mysql_results. This way, my data is already clean by the time I want to use it. function db_query($querystring, $array, $columns) $queryresult = mysql_query($querystring, $this->link) if(mysql_num_rows($queryresult)) if($array) function strip_slashes_mysql_results($result, $columns)Here is code I use to clean the results from a MySQL query using the stripslashes function.
{
if (!$this->connect_to_mysql())
return 0;
or die("Invalid query: " . mysql_error());
{
$columns = mysql_field_names ($queryresult);
{
while($row = mysql_fetch_row($queryresult))
$row_meta[] = $this->strip_slashes_mysql_results($row, $columns);
return $row_meta;
}
else
{
while($row = mysql_fetch_object($queryresult))
$row_meta[] = $this->strip_slashes_mysql_results($row, $columns);
return $row_meta;
}
}
else
return 0;
}
{
foreach($columns as $column)
{
if($this->debug)
printp(sprintf("strip_slashes_mysql_results: %s",strip_slashes_mysql_results));
$result->$column = stripslashes($result->$column);
}
return $result;
}
up
down
1
tarmo at goyf dot de ¶
12 years ago
This code shows the behavior (copy into "test.php"). Replacing stripslashes worked for me. <?php echo When matching strings with approstrophes against the mysql database, my query kept failing while it worked fine when I copied the same query directly to perform the database query. After several hours I found that stripslashes() made the string longer and hence it wasn't "equal" for the query.
echo '<h2>Post-Data</h2>';
var_dump($_POST);$f1 = trim(filter_var(stripslashes($_POST[form]), FILTER_SANITIZE_STRING));
echo '<h2>stripslashes</h2>';
var_dump($f1);$f2 = trim(str_replace("|","'",filter_var(str_replace("\'","|",$_POST[form]), FILTER_SANITIZE_STRING)));
echo '<h2>workaround</h2>';
var_dump($f2);
<input type="text" name="form">
<input type="submit">
</form>';
?>
Entering "foo'bar" creates this output:
// Post-Data
// array(1) { ["form"]=> string(8) "foo\'bar" }
// stripslashes
// string(11) "foo'bar"
// workaround
// string(7) "foo'bar"
up
down
1
jeremycook0 at googlemail dot com ¶
13 years ago
<?phpHere's a way of stripping slashes in PHP 5.3 using a recursive closure:
if (get_magic_quotes_gpc()) {
$strip_slashes_deep = function ($value) use (&$strip_slashes_deep) {
return is_array($value) ? array_map($strip_slashes_deep, $value) : stripslashes($value);
};
$_GET = array_map($strip_slashes_deep, $_GET);
$_POST = array_map($strip_slashes_deep, $_POST);
$_COOKIE = array_map($strip_slashes_deep, $_COOKIE);
}
?>
Note that the variable '$strip_slashes_deep' has to be passed to the closure by reference. I think that this is because at the time the closure is created the variable '$strip_slashes_deep' doesn't exist: the closure itself becomes the value of the variable. Passing by reference solves this issue. This closure could easily be adapted to use other methods of stripping slashes such as preg_replace().
up
down
2
StefanoAI ¶
11 years ago
function Recursive stripslashes
<?php
if (get_magic_quotes_gpc()) {
foreach ($arr as $k => &$v) {
$nk = stripslashes($k);
if ($nk != $k) {
$arr[$nk] = &$v;
unset($arr[$k]);
}
if (is_array($v)) {
stripslashes_array($v);
} else {
$arr[$nk] = stripslashes($v);
}
}
}stripslashes_array($_POST);
stripslashes_array($_GET);
stripslashes_array($_REQUEST);
stripslashes_array($_COOKIE);
}
?>
up
down
1
Tom Worster ¶
15 years ago
A replacement that should be safe on utf-8 strings.
<?php
preg_replace(array('/\x5C(?!\x5C)/u', '/\x5C\x5C/u'), array('','\\'), $s);
?>
up
down
1
Anonymous ¶
9 years ago
Rather use str_replace than explode/implode for your purpose.
up
down
2
o-zone at zerozone dot it ¶
15 years ago
<?phpIf you need to remove all slashes from a string, here's a quick hack:
function stripallslashes($string) {
while(strchr($string,'\\')) {
$string = stripslashes($string);
}
}
?>
Hope it's usefull , O-Zone
up
down
1
stoic ¶
17 years ago
$value need not be passed by reference. The 'stripped' value is returned. The passed value is not altered.in response to crab dot crab at gmail dot com:
up
down
1
eugene at ultimatecms dot co dot za ¶
14 years ago
<?phpfunction no_magic_quotes($query) { echo With function: It's amaizing! Who's to say this isn't a simple function?This is a simple function to remove the slashes added by functions such as magic_quotes_gpc and mysql_escape_string etc.
$data = explode("\\",$query);
$cleaned = implode("",$data);
return $cleaned;
}// I'm using mysql_escape_string as a simple example, but this function would work for any escaped string.
$query = "It's amaizing! Who's to say this isn't a simple function?";
$badstring = mysql_escape_string($query);
echo '<br><br>';
echo '<b>With function:</b> '.no_magic_quotes($badstring);?>
Output:
Without funtion: It\'s amaizing! Who\'s to say this isn\'t a simple function?
up
down
1
Aditya P Bhatt (adityabhai at gmail dot com) ¶
16 years ago
<?phpHere is simple example code which you can use as a common function in your functions file:
function stripslashes_if_gpc_magic_quotes( $string ) {
if(get_magic_quotes_gpc()) {
return stripslashes($string);
} else {
return $string;
}
}
?>
up
down
1
dragonfly at networkinsight dot net ¶
17 years ago
If you are having trouble with stripslashes() corrupting binary data, try using urlencode() and urldecode() instead.
up
down
1
JAB Creations ¶
17 years ago
I replaced this line...When writing to a flatfile such as an HTML page you'll notice slashes being inserted. When you write to that page it's interesting how to apply stripslashes...
<?php fwrite($file, $_POST['textarea']); ?>
With...
<?php if (get_magic_quotes_gpc()) {fwrite ($file, stripslashes($_POST['textarea']));}?>
You have to directly apply stripslashes to $_POST, $_GET, $_REQUEST, and $_COOKIE.
up
down
1
lukas.skowronski at gmail dot com ¶
17 years ago
function no_slashes($array)If You want to delete all slashes from any table try to use my function:
{
foreach($array as $key=>$value)
{
if(is_array($value))
{
$value=no_slashes($value);
$array_temp[$key]=$value;
}
else
{
$array_temp[$key]=stripslashes($value);
}
}
return $array_temp;
}
up
down
powerofBBC at gmail dot com ¶
5 years ago
if( (strlen($_POST['query']) > 0) && (preg_match_all($regex_pattern, $_POST['query']) )$regex_pattern = "/<a href=\"(.*)\">(.*)<\/a>/";
{ echo "Tags found"; }
up
down
1
hash at samurai dot fm ¶
20 years ago
What a nightmare!Might I warn readers that they should be vary careful with the use of stripslashes on Japanese text. The shift_jis character set includes a number of two-byte code charcters that contain the hex-value 0x5c (backslash) which will get stripped by this function thus garbling those characters.
up
down
Yousef Ismaeil Cliprz ¶
11 years ago
as in example: <?phpif (!function_exists('strip_slashes')) return echo If you want to use stripslashes(); function for a string or array you can create a user function
{
/**
* Un-quotes a quoted string.
*
* @param (mixed) $str - The input string.
* @author Yousef Ismaeil Cliprz
*/
function strip_slashes($str)
{
if (is_array($str))
{
foreach ($str as $key => $val)
{
$str[$key] = strip_slashes($val);
}
}
else
{
$str = stripslashes($str);
}
}
}$arr = array('Yousef\\\'s','\"PHP.net\"','user\\\'s');
print_r(strip_slashes($arr));
echo '<br />';
echo 'Without strip_slashes() function:<br />';
print_r($arr);/** You will get
With strip_slashes() function:
Array ( [0] => Yousef's [1] => "PHP.net" [2] => user's )
Without strip_slashes() function:
Array ( [0] => Yousef\'s [1] => \"PHP.net\" [2] => user\'s )
*/?>
up
down
todd at toddzebert dot com ¶
11 years ago
Attempting to use stripslashes on an array in 5.2.17 returns the string "Array", but in 5.3.6 it returns NULL.
up
down
michal at roszka dot pl ¶
14 years ago
a backslash ( \ ), a single-quote ( ' ), a double-quote ( " ) and a null character ( \0 ) Let's have two simple scripts: Script A: Case #1: * magic_quotes_gpc = Off A: a backslash ( \ ), a single-quote ( ' ), a double-quote ( " ) and a null character ( \0 ) Case #2 * magic_quotes_gpc = On A: a backslash ( \\ ), a single-quote ( \' ), a double-quote ( \" ) and a null character ( \\0 ) Case #3 * magic_quotes_gpc = On A: a backslash ( \ ), a single-quote ( '' ), a double-quote ( " ) and a null character ( \0 ) Case #4 * magic_quotes_gpc = Off A: a backslash ( \ ), a single-quote ( ' ), a double-quote ( " ) and a null character ( \0 ) Conclusions: 1) we do not need to do anything, if the magic_quotes_gpc is disabled (cases 1 and 4); <?php if ( 1) arrays need to be processed recursively; 2) both stripslashes and str_replace functions always return strings, so: * TRUE will become a string "1", On the other hand you only need to process strings, so use the is_string function to check; 3) when dealing with other (than GPC) data sources, such as databases or text files, remember to play with the magic_quotes_runtime setting as well, see, what happens and write a corresponding function, i.e. disable_magic_quotes_runtime() or something. 4) VERY IMPORTANT: when testing, remember the null character. Otherwise your tests will be inconclusive and you may end up with... well, serious bugs :)The goal is to leave the input untouched in PHP 5.2.8. Let's have this sample text given in $_POST['example']:
<?php echo $_POST['example']; ?>
Script B:
<?php echo stripslashes($_POST['example']); ?>
Let's have four different configurations and corresponding output:
* magic_quotes_sybase = Off
B: a backslash ( ), a single-quote ( ' ), a double-quote ( " ) and a null character ( � )
* magic_quotes_sybase = Off
B: a backslash ( \ ), a single-quote ( ' ), a double-quote ( " ) and a null character ( \0 )
* magic_quotes_sybase = On
B: a backslash ( \ ), a single-quote ( ' ), a double-quote ( " ) and a null character ( � )
* magic_quotes_sybase = On
B: a backslash ( ), a single-quote ( ' ), a double-quote ( " ) and a null character ( � )
2) stripslashes($_POST['example']) only works, if the magic_quotes_gpc is enabled, but the magic_quotes_sybase is disabled (case 2);
3) str_replace("''", "'", $_POST['example']) will do the trick if both the magic_quotes_gpc and the magic_quotes_sybase are enabled (case 3);
function disable_magic_quotes_gpc()
{
if (TRUE == function_exists('get_magic_quotes_gpc') && 1 == get_magic_quotes_gpc())
{
$mqs = strtolower(ini_get('magic_quotes_sybase'));
{
// we need to do stripslashes on $_GET, $_POST and $_COOKIE
}
else
{
// we need to do str_replace("''", "'", ...) on $_GET, $_POST, $_COOKIE
}
}
// otherwise we do not need to do anything
}
?>
Important notes:
* FALSE will become an empty string,
* integers and floats will become strings,
* NULL will become an empty string.
up
down
alex dot launi at gmail dot com ¶
16 years ago
function stripslashes_deep($value)kibby: I modified the stripslashes_deep() function so that I could use it on NULL values.
{
if(isset($value)) {
$value = is_array($value) ?
array_map('stripslashes_deep', $value) :
stripslashes($value);
}
return $value;
}
up
down
Kibby ¶
18 years ago
Okay, if using stripslashes_deep, it will definitely replace any NULL to "". This will affect to coding that depends isset(). Please provide a workaround based on recent note.
up
down
Anonymous ¶
19 years ago
<?If you want to deal with slashes in double-byte encodings, such as shift_jis or big5, you may use this:
function stripslashes2($string) {
$string = str_replace("\\\"", "\"", $string);
$string = str_replace("\\'", "'", $string);
$string = str_replace("\\\\", "\\", $string);
return $string;
}
?>
up
down
mattyblah at gmail dot com ¶
19 years ago
It should be of note that if you are stripping slashes to get rid of the slashes added by magic_quotes_gpc then it will also remove slashes from \. This may not seem that bad but if you have someone enter text such as 'testing\' with a slash at the end, this will cause an error if not corrected. It's best to strip the slashes, then add a slash to every single slash using $text = str_replace('\\', '\\\\', $text);
up
down
-1
JacobRas.nl ¶
14 years ago
Here's an function that strips not only \', but also \\' and \\\' and so on (depending on $times). $text = the text that needs to be stripped, $times = how much backslashes should be stripped. <?phpfunction stripslashes_deep ($text, $times) {$i = 0;// loop will execute $times times. } return }Hi,
while (strstr($text, '\\') && $i != $times) {$text= stripslashes($text);
$i++;
Example: $text = \\'quote\\' . <?php stripslashes_deep($text, 2); ?> will return 'quote'.
Note: <?php stripslashes_deep($text, 3); ?> will also return 'quote'.
up
down
-1
techdesk100 ¶
16 years ago
public function addslashes_once($input){Function which checks if $input has correct slashes,
otherwise adds slashes. For cases when you are not sure the input is not already addslashed.
//These characters are single quote ('), double quote ("), backslash (\) and NUL (the NULL byte).
$pattern = array("\\'", "\\\"", "\\\\", "\\0");
$replace = array("", "", "", "");
if(preg_match("/[\\\\'\"\\0]/", str_replace($pattern, $replace, $input))){
return addslashes($input);
}
else{
return $input;
}
}
up
down
-3
jeremysawesome ¶
13 years ago
I'm using this to clean the $_POST array:
<?php
array_walk_recursive($_POST, create_function('&$val', '$val = stripslashes($val);'));
?>
up
down
-4
hauser dot j at gmail dot com ¶
18 years ago
Apparently stripslashes converts NULL to string(0) "" <?php NULLDon't use stripslashes if you depend on the values NULL.
$a = null;
var_dump($a);$b = stripslashes($a);
var_dump($b);
?>
Will output
string(0) ""
up
down
-3
dragon[dot]dionysius[at]gmail[dot]com ¶
15 years ago
<?phpI use this function in my class to stripslashes arrays including NULL-check:
private function stripslashes_deep($value) {
if(is_array($value)) {
foreach($value as $k => $v) {
$return[$k] = $this->stripslashes_deep($v);
}
} elseif(isset($value)) {
$return = stripslashes($value);
}
return $return;
}
?>
up
down
-5
alf at mitose dot net ¶
18 years ago
It should be no problem for XML, but is still boring ...Take care using stripslashes() if the text you want to insert in the database contain \n characters ! You'll see "n" instead of (not seeing) "\n".
up
down
-10
Evgeny ¶
16 years ago
function stripslashes_deep($value) {extended version of stripslashes_deep. This allow to strip one also in the array_keys
if (is_array($value)) {
if (count($value)>0) {
$return = array_combine(array_map('stripslashes_deep', array_keys($value)),array_map('stripslashes_deep', array_values($value)));
} else {
$return = array_map('stripslashes_deep', $value);
}
return $return;
} else {
$return = stripslashes($value);
return $return ;
}
}
+add a note