PHP/String/String Escape
Содержание
addslashes(): escapes quotes, double quotes, backslashes, and NULLs with backslashes
<?php
$escapedstring = addslashes("He said, "I"m a dog."");
$query = "INSERT INTO test (quote) values ("$escapedstring")";
echo($query);
?>
quotemeta(): escapes \ + * ? [ ^ ] ( $ )
<?
$literal_string = "AAA ($, *) are very special to me\n<BR>";
$qm_string = quotemeta($literal_string);
echo $qm_string;
?>
String SQL command escape
<?php
$query = "SELECT quote FROM test WHERE \"ID\"=1";
$quote = stripslashes($query);
echo $quote;
?>
To embed a single quote in a singly quoted string, escape it with a backslash
<?
$singly_quoted = "This quote mark\"s no big deal either";
echo ($singly_quoted);
?>