search for in the  
<striposstristr>
Last updated: Thu, 19 May 2005

stripslashes

(PHP 3, PHP 4, PHP 5)

stripslashes --  Un-quote string quoted with addslashes()

Description

string stripslashes ( string str )

Returns a string with backslashes stripped off. (\' becomes ' and so on.) Double backslashes (\\) are made into a single backslash (\).

An example use of stripslashes() is when the PHP directive magic_quotes_gpc is on (it's on by default), and you aren't inserting this data into a place (such as a database) that requires escaping. For example, if you're simply outputting data straight from an HTML form.

Example 1. A stripslashes() example

<?php
$str = "Is your name O\'reilly?";

// Outputs: Is your name O'reilly?
echo stripslashes($str);
?>

Note: stripslashes() is not recursive. If you want to apply this function to a mutli-dimensional array, you need to use a recursive function.

Example 2. Using stripslashes() on an array

<?php
function stripslashes_deep($value)
{
   $value = is_array($value) ?
               array_map('stripslashes_deep', $value) :
               stripslashes($value);

   return $value;
}

// Example
$array = array("f\\'oo", "b\\'ar", array("fo\\'o", "b\\'ar"));
$array = stripslashes_deep($array);

// Output
print_r($array);
?>

The above example will output:

Array
(
    [0] => f'oo
    [1] => b'ar
    [2] => Array
        (
            [0] => fo'o
            [1] => b'ar
        )

)

For more information about "magic quotes", see get_magic_quotes_gpc().

See also addslashes() and get_magic_quotes_gpc().



User Contributed Notes
stripslashes
marijn78 at hotmail dot com
24-Apr-2005 11:50
If you have a string which might be null it won't be null anymore after you do a stripslashes.

$s = null;
$r = stripslashes($s);

if ($r == "") echo "this is the result";
if (is_null($r)) echo "instead of this";

It took me some time to figure this out it might safe you some time.
john at NOSPAMdoe dot com
29-Mar-2005 10:01
To avoid having to repeatedly check for magic quotes, use this piece of code:

<?php

eval('function cndstrips($str)
{
  return ' . (get_magic_quotes_gpc() ? 'stripslashes($str)' : '$str') . ';
}');

?>

somewhere in the first lines. After this, you can use cndstrips (conditional strip slashes, ofcourse you can rename) instead of stripslashes, and without having to worry about stripping normal strings.

Don't overdo it, however.

If stripping slashes just once is all that matters, try something like this:

<?php

if (get_magic_quotes_gpc())
{
  if (is_array($_POST)
   foreach($_POST  as  $k=>$v) if (is_string($v) $_POST[$k] = stripslashes($v);
  if (is_array($_COOKIE)
   foreach($_COOKIE as $k=>$v) if (is_string($v)$_COOKIE[$k]= stripslashes($v);
  if (is_array($_GET)
   foreach($_GET    as $k=>$v) if (is_string($v) $_GET[$k]  = stripslashes($v);
}

?>

This works with PHP4.
ferik100 at flexis dot com dot br
14-Feb-2005 06:05
Here's a function to get rid of slashes added by magic_quotes_gpc. The parameter it takes can be either a string or an array. I use it to clean up $_POST arrays before processing their contents (rather than stripping slashes from each key and value as the contents are being processed).

function strip_gpc_slashes ($input)
{
   if ( !get_magic_quotes_gpc() || ( !is_string($input) && !is_array($input) ) )
   {
       return $input;
   }

   if ( is_string($input) )
   {
       $output = stripslashes($input);
   }
   elseif ( is_array($input) )
   {
       $output = array();
       foreach ($input as $key => $val)
       {
           $new_key = stripslashes($key);
           $new_val = strip_gpc_slashes($val);
           $output[$new_key] = $new_val;
       }
   }

   return $output;
}

Note: With PHP5 at least this function will preserve user-submitted slashes, so if a user types 'test\' in a form field, this function will return exactly 'test\', not 'test', as suggested by mattyblah at gmail dot com.
10-Feb-2005 09:45
If you want to deal with slashes in double-byte encodings, such as shift_jis or big5, you may use this:

<?
function stripslashes2($string) {
   $string = str_replace("\\\"", "\"", $string);
   $string = str_replace("\\'", "'", $string);
   $string = str_replace("\\\\", "\\", $string);
   return $string;
}
?>
pasamio AT sirdurkus DOT net
29-Sep-2004 06:55
If your trying to pull out some variables from $_REQUEST and directly output them (in my case, quoted text from a search query directly into a HTML text box) with magic_quotes_gpc on use:

htmlspecialchars(stripslashes($searchtext));

For example:

<input type="Text" name="searchtext" value="<?php echo htmlspecialchars(stripslashes($searchtext)); ?>"><br>

$searchtext was pulled from the $_REQUEST variable where $searchtext = "lifeline \"darling downs\""; It properly returns this (including quotes) in the text box.
mattyblah at gmail dot com
10-Sep-2004 10:51
It should be of note that if you are stripping slashes to get rid of the slashes added by magic_quotes_gpc then it will also remove slashes from \. This may not seem that bad but if you have someone enter text such as 'testing\' with a slash at the end, this will cause an error if not corrected. It's best to strip the slashes, then add a slash to every single slash using $text = str_replace('\\', '\\\\', $text);
hash at samurai dot fm
30-Nov-2003 11:34
Might I warn readers that they should be vary careful with the use of stripslashes on Japanese text. The shift_jis character set includes a number of two-byte code charcters that contain the hex-value 0x5c (backslash) which will get stripped by this function thus garbling those characters.

What a nightmare!

<striposstristr>
 Last updated: Thu, 19 May 2005
Copyright © 2001-2005 The PHP Group
All rights reserved.		 This unofficial mirror is operated at: The Server Pages
Last updated: Thu May 19 17:35:34 2005 CDT