Add a backslash before each double quote ("):
<?php $str = addslashes('What does "yolo" mean?');echo($str); ?>The addslashes() function returns a string with backslashes added before predefined characters.
The predefined characters are:
Single quote (')
Double quotes (")
backslash()
NULL
Tip: This function can be used to prepare suitable strings for strings stored in the database and for database query statements.
Note: By default, the PHP directive magic_quotes_gpc is on, automatically running addslashes() on all GET, POST and COOKIE data. Do not use addslashes() on strings that have been escaped by magic_quotes_gpc, as this will result in double escaping. When encountering this situation, you can use the function get_magic_quotes_gpc() to detect it.
addslashes( string )
| parameter | describe |
|---|---|
| string | Required. Specifies the string to be escaped. |
| Return value: | Returns the escaped string. |
|---|---|
| PHP version: | 4+ |
Add backslashes to predefined characters in a string:
<?php$str = "Who's Peter Griffin?";echo $str . " This is not safe in a database query.<br>";echo addslashes($str) . " This is safe in a database query."; ?>