(PHP 4, PHP 5, PHP 7, PHP 8)

addcslashesQuote string with slashes in a C style


addcslashes(string $string, string $characters): string

Returns a string with backslashes before characters that are listed in characters parameter.



The string to be escaped.


A list of characters to be escaped. If characters contains characters \n, \r etc., they are converted in C-like style, while other non-alphanumeric characters with ASCII codes lower than 32 and higher than 126 converted to octal representation.

When you define a sequence of characters in the charlist argument make sure that you know what characters come between the characters that you set as the start and end of the range.

echo addcslashes('foo[ ]''A..z');
// output:  \f\o\o\[ \]
// All upper and lower-case letters will be escaped
// ... but so will the [\]^_`
Also, if the first character in a range has a higher ASCII value than the second character in the range, no range will be constructed. Only the start, end and period characters will be escaped. Use the ord() function to find the ASCII value for a character.
echo addcslashes("zoo['.']"'z..A');
// output:  \zoo['\.']

Be careful if you choose to escape characters 0, a, b, f, n, r, t and v. They will be converted to \0, \a, \b, \f, \n, \r, \t and \v, all of which are predefined escape sequences in C. Many of these sequences are also defined in other C-derived languages, including PHP, meaning that you may not get the desired result if you use the output of addcslashes() to generate code in those languages with these characters defined in characters.

Return Values

Returns the escaped string.


characters like "\0..\37", which would escape all characters with ASCII code between 0 and 31.

Example #1 addcslashes() example


See Also

add a note add a note

User Contributed Notes 6 notes

phpcoder at cyberpimp dot pimpdomain dot com
17 years ago
If you are using addcslashes() to encode text which is to later be decoded back to it's original form, you MUST specify the backslash (\) character in charlist!


= 'This text does NOT contain \\n a new-line!';
$encoded = addcslashes($originaltext, '\\');
$decoded = stripcslashes($encoded);
//$decoded now contains a copy of $originaltext with perfect integrity
echo $decoded; //Display the sentence with it's literal \n intact

If the '\\' was not specified in addcslashes(), any literal \n (or other C-style special character) sequences in $originaltext would pass through un-encoded, but then be decoded into control characters by stripcslashes() and the data would lose it's integrity through the encode-decode transaction.
glitchmr at myopera dot com
8 years ago
If you need JS escaping function, use json_encode() instead.
stein at visibone dot com
14 years ago
addcslashes() treats NUL as a string terminator:

   assert("any"  === addcslashes("any\0body", "-"));

unless you order it backslashified:

   assert("any\\000body" === addcslashes("any\0body", "\0"));

(Uncertain whether this should be declared a bug or simply that addcslashes() is not binary-safe, whatever that means.)
natNOSPAM at noworrie dot NO_SPAM dot com
20 years ago
I have found the following to be much more appropriate code example:

= addcslashes($not_escaped, "\0..\37!@\@\177..\377");

This will protect original, innocent backslashes from stripcslashes.
vishal dot ceeng at gmail dot com
3 years ago
echo addcslashes("zoo['.']", 'z..A');

Above code will create an error as per below

Invalid '..'-range, '..'-range needs to be incrementing -
14 years ago
Be carefull with adding the \ to the list of encoded characters. When you add it at the last position it encodes all encoding slashes. I got a lot of \\\ by this mistake.

So always encode \ at first.
To Top