Do I Need to Escape Backslashes in PHP

Do I need to escape backslashes in PHP?

In single quoted strings only the escape sequences \\ and \' are recognized; any other occurrence of \ is interpreted as a plain character.

So since \M and \U are no valid escape sequences, they are interpreted as they are.

Do (back-slashes in) paths need to be escaped?

Single quotes inhibit all escape sequences other than \\ and \', so there is no need to escape backslashes within them unless it appears as the final character in the string literal.

PHP backslash escaping

That's as expected. '-quoted strings have only two meta-characters which need to be escaped within them: ' and \. The ' has to be escaped, or you'd terminate the string early, and since \ itself is the escape character, it has to be escaped as well.

e.g.

<?php
$foo = '\\\';
echo $foo;

when executed will produce:

PHP Parse error:  syntax error, unexpected T_ENCAPSED_AND_WHITESPACE in test.php on line 3

because the first two \ escape each other, becoming a single literal \ inside the string, and the 3rd \ escapes the ', causing the string to run off the end of the line and make the echo $foo PART of the string.

I cannot reproduce your second example. $foo = '\\'; will assign a SINGLE backslash to the string, and since you're printing out the variable twice, SHOULD get \\ as your output.

followup: with this code:


$two_slashes = '\\';
$four_slashes = '\\\\';
echo $two_slashes . $two_slashes . "\n";
echo $four_slashes . $four_slashes . "\n";

I get:

\\
\\\\

as output, as expected. This is on PHP 5.3.3 (Redhat enterprise 65.3)

How to properly escape a backslash to match a literal backslash in single-quoted and double-quoted PHP regex patterns

A backslash character (\) is considered to be an escape character by both PHP's parser and the regular expression engine (PCRE). If you write a single backslash character, it will be considered as an escape character by PHP parser. If you write two backslashes, it will be interpreted as a literal backslash by PHP's parser. But when used in a regular expression, the regular expression engine picks it up as an escape character. To avoid this, you need to write four backslash characters, depending upon how you quote the pattern.

To understand the difference between the two types of quoting patterns, consider the following two var_dump() statements:

var_dump('~\\\~');
var_dump("~\\\\~");

Output:

string(4) "~\\~"
string(4) "~\\~"

The escape sequence \~ has no special meaning in PHP when it's used in a single-quoted string. Three backslashes do also work because the PHP parser doesn't know about the escape sequence \~. So \\ will become \ but \~ will remain as \~.

Which one should you use:

For clarity, I'd always use ~\\\\~ when I want to match a literal backslash. The other one works too, but I think ~\\\\~ is more clear.

Backslashes breaking string in PHP

The \ is special character, that says: 'The next character has special meaning'.

So if you want to dispaly \ you should write... \\ to get one \ in output

Right way to escape backslash [ \ ] in PHP regex?

The thing is, you're using a character class, [], so it doesn't matter how many literal backslashes are embedded in it, it'll be treated as a single backslash.

e.g. the following two regexes:

/[a]/
/[aa]/

are for all intents and purposes identical as far as the regex engine is concerned. Character classes take a list of characters and "collapse" them down to match a single character, along the lines of "for the current character being considered, is it any of the characters listed inside the []?". If you list two backslashes in the class, then it'll be "is the char a blackslash or is it a backslash?".

Is it really required to escape backslashes in regex patterns?

Not necessarily, because the string literal rules say that if \ is followed by anything other than another \ or a ' it is treated as any other character. This general rule also affects double-quoted strings, although in that case there are more recognized escape sequences than just these two.

You could escape it if you wanted to, but personally I think the world has enough backslashes already.

PHP mysqli query searching for backslashes

It's because php escape character is backslash, you need to escape them too like.

$mysqli->query('SELECT id, name FROM `posts` WHERE content LIKE \'%[insert=\\\\"userform\\\\",id=\\\\"1\\\\"]%\' ESCAPE "|"');

A good solution to check it's to echo the query before execute to check if the final result is good.


Related Topics

PHP Rounding Error

Change Innerhtml of a PHP Domelement

How to Extract HTML Comments and All HTML Contained by Node

How to Download a File on Clicking the Name of File Using PHP

Multi Dimensional Array in Random Order

Mysqli Prepared Statement Num_Rows Returns 0 While Query Returns Greater Than 0

Laravel Password Validation Rule

What Does Header('P3P: Cp="Cao Psa Our"'); Do

PHP Random X Digit Number

When to Use Filter_Input()

How to Run the Bind_Param() Statement in PHP

Simplexml Get Element Content Based on Attribute Value

Reverse the Order of Space-Separated Words in a String

How to Sum All Values of a Specific Array Key Recursively

Detect If Uploaded File Is Too Large

.Htaccess Mod_Rewrite > 500 Internal Server Error

Converting a Postman Request to Curl

How to Use Imagick to Merge and Mask Images


Leave a reply



Submit