The php Function Stripslashes

The php function stripslashes is used to remove the escape sequence of backslashes that is added when string literals are quoted. It can be applied to individual strings or to arrays of strings. It is often useful when working with data that has been escaped or -escaped for security purposes (for example, quotes and apostrophes) as the striplashes() and stripslashes_deep() functions can be used to remove all the escaping characters from the entire string.

The stripslashes() function takes one argument, which is a string value from which the escaping characters are to be removed. The function scans the string and removes all backslashes it encounters. This is particularly useful when dealing with input from an HTML form where the -escapes are needed to properly display the data. It is also an excellent alternative to the sanitize_data() function when dealing with scalar values from a database or for cleaning up data submitted via a form.

The striplashes() function is available in all versions of PHP and is compatible with a range of web environments. However, it is important to note that from PHP 8.0 onwards the automatic magic quotes feature has been removed and this may reduce the need for the striplashes() function in many modern applications. It is recommended to use prepared statements for database interaction and proper sanitization/validation when dealing with input from HTML forms instead. Using these best practices will ensure that your code is both secure and compatible with most web servers.

Andreas Behr - CTO of DesertCoderz
You are a developer and looking for Shopware projects?
Apply Now!

stripslashes example

require ABSPATH . WPINC . '/script-loader.php';
require ABSPATH . WPINC . '/version.php';

$expires_offset = 31536000; // 1 year. $out            = '';

$wp_scripts = new WP_Scripts();
wp_default_scripts( $wp_scripts );
wp_default_packages_vendor( $wp_scripts );
wp_default_packages_scripts( $wp_scripts );

if ( isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) && stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] ) === $wp_version ) {
    header( "$protocol 304 Not Modified" );
    exit;
}

foreach ( $load as $handle ) {
    if ( ! array_key_exists( $handle$wp_scripts->registered ) ) {
        continue;
    }

    $path = ABSPATH . $wp_scripts->registered[ $handle ]->src;
    $out .= get_file( $path ) . "\n";
}
/** * Sanitize content with allowed HTML KSES rules. * * This function expects slashed data. * * @since 1.0.0 * * @param string $data Content to filter, expected to be escaped with slashes. * @return string Filtered content. */
function wp_filter_kses( $data ) {
    return addslashes( wp_kses( stripslashes( $data )current_filter() ) );
}

/** * Sanitize content with allowed HTML KSES rules. * * This function expects unslashed data. * * @since 2.9.0 * * @param string $data Content to filter, expected to not be escaped. * @return string Filtered content. */
$bad[] = './';
            $bad[] = '/';
        }

        $str = remove_invisible_characters($str, false);

        do {
            $old = $str;
            $str = str_replace($bad, '', $str);
        } while ($old !== $str);

        return stripslashes($str);
    }

    /** * Restore hash from Session or Cookie */
    private function restoreHash(): void
    {
        if ($this->isCSRFCookie()) {
            if ($this->isHashInCookie()) {
                $this->hash = $this->hashInCookie;
            }
        }

function get_search_link( $query = '' ) {
    global $wp_rewrite;

    if ( empty( $query ) ) {
        $search = get_search_query( false );
    } else {
        $search = stripslashes( $query );
    }

    $permastruct = $wp_rewrite->get_search_permastruct();

    if ( empty( $permastruct ) ) {
        $link = home_url( '?s=' . urlencode( $search ) );
    } else {
        $search = urlencode( $search );
        $search = str_replace( '%2F', '/', $search ); // %2F(/) is not valid within a URL, send it un-encoded.         $link   = str_replace( '%search%', $search$permastruct );
        $link   = home_url( user_trailingslashit( $link, 'search' ) );
    }
$comments_match = (
               isset( $comment1['comment_post_ID']$comment2['comment_post_ID'] )
            && intval( $comment1['comment_post_ID'] ) == intval( $comment2['comment_post_ID'] )
            && (
                // The comment author length max is 255 characters, limited by the TINYTEXT column type.                 // If the comment author includes multibyte characters right around the 255-byte mark, they                 // may be stripped when the author is saved in the DB, so a 300+ char author may turn into                 // a 253-char author when it's saved, not 255 exactly. The longest possible character is                 // theoretically 6 bytes, so we'll only look at the first 248 bytes to be safe.                 substr( $comment1['comment_author'], 0, 248 ) == substr( $comment2['comment_author'], 0, 248 )
                || substr( stripslashes( $comment1['comment_author'] ), 0, 248 ) == substr( $comment2['comment_author'], 0, 248 )
                || substr( $comment1['comment_author'], 0, 248 ) == substr( stripslashes( $comment2['comment_author'] ), 0, 248 )
                // Certain long comment author names will be truncated to nothing, depending on their encoding.                 || ( ! $comment1['comment_author'] && strlen( $comment2['comment_author'] ) > 248 )
                || ( ! $comment2['comment_author'] && strlen( $comment1['comment_author'] ) > 248 )
                )
            && (
                // The email max length is 100 characters, limited by the VARCHAR(100) column type.                 // Same argument as above for only looking at the first 93 characters.                 substr( $comment1['comment_author_email'], 0, 93 ) == substr( $comment2['comment_author_email'], 0, 93 )
                || substr( stripslashes( $comment1['comment_author_email'] ), 0, 93 ) == substr( $comment2['comment_author_email'], 0, 93 )
                || substr( $comment1['comment_author_email'], 0, 93 ) == substr( stripslashes( $comment2['comment_author_email'] ), 0, 93 )
                

function update_usermeta( $user_id$meta_key$meta_value ) {
    _deprecated_function( __FUNCTION__, '3.0.0', 'update_user_meta()' );
    global $wpdb;
    if ( !is_numeric( $user_id ) )
        return false;
    $meta_key = preg_replace('|[^a-z0-9_]|i', '', $meta_key);

    /** @todo Might need fix because usermeta data is assumed to be already escaped */
    if ( is_string($meta_value) )
        $meta_value = stripslashes($meta_value);
    $meta_value = maybe_serialize($meta_value);

    if (empty($meta_value)) {
        return delete_usermeta($user_id$meta_key);
    }

    $cur = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id$meta_key) );

    if ( $cur )
        do_action( 'update_usermeta', $cur->umeta_id, $user_id$meta_key$meta_value );

    
if ( '' === $args['name'] ) {
            $args['name'] = array();
        } else {
            $args['name'] = (array) $args['name'];
        }

        if ( ! empty( $args['name'] ) ) {
            $names = $args['name'];

            foreach ( $names as &$_name ) {
                // `sanitize_term_field()` returns slashed data.                 $_name = stripslashes( sanitize_term_field( 'name', $_name, 0, reset( $taxonomies ), 'db' ) );
            }

            $this->sql_clauses['where']['name'] = "t.name IN ('" . implode( "', '", array_map( 'esc_sql', $names ) ) . "')";
        }

        if ( '' === $args['slug'] ) {
            $args['slug'] = array();
        } else {
            $args['slug'] = array_map( 'sanitize_title', (array) $args['slug'] );
        }

        

function _wp_expand_nav_menu_post_data() {
    if ( ! isset( $_POST['nav-menu-data'] ) ) {
        return;
    }

    $data = json_decode( stripslashes( $_POST['nav-menu-data'] ) );

    if ( ! is_null( $data ) && $data ) {
        foreach ( $data as $post_input_data ) {
            /* * For input names that are arrays (e.g. `menu-item-db-id[3][4][5]`), * derive the array path keys via regex and set the value in $_POST. */
            preg_match( '#([^\[]*)(\[(.+)\])?#', $post_input_data->name, $matches );

            $array_bits = array( $matches[1] );

            
global $wp_current_db_version$wpdb;

    if ( $wp_current_db_version < 10360 ) {
        populate_roles_280();
    }
    if ( is_multisite() ) {
        $start = 0;
        while ( $rows = $wpdb->get_results( "SELECT option_name, option_value FROM $wpdb->options ORDER BY option_id LIMIT $start, 20" ) ) {
            foreach ( $rows as $row ) {
                $value = maybe_unserialize( $row->option_value );
                if ( $value === $row->option_value ) {
                    $value = stripslashes( $value );
                }
                if ( $value !== $row->option_value ) {
                    update_option( $row->option_name, $value );
                }
            }
            $start += 20;
        }
        clean_blog_cache( get_current_blog_id() );
    }
}

header( "$protocol 400 Bad Request" );
    exit;
}

$rtl            = ( isset( $_GET['dir'] ) && 'rtl' === $_GET['dir'] );
$expires_offset = 31536000; // 1 year. $out            = '';

$wp_styles = new WP_Styles();
wp_default_styles( $wp_styles );

if ( isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) && stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] ) === $wp_version ) {
    header( "$protocol 304 Not Modified" );
    exit;
}

foreach ( $load as $handle ) {
    if ( ! array_key_exists( $handle$wp_styles->registered ) ) {
        continue;
    }

    $style = $wp_styles->registered[ $handle ];

    

    public function denormalize(mixed $data, string $type, ?string $format = null, array $context = [])
    {
        /** @var string $value */
        $value = $data[__CLASS__];

        // @deprecated tag:v6.6.0 - Remove this workaround         if (str_starts_with($value, 'O:')) {
            return unserialize(stripslashes($value));
        }

        $value = base64_decode($value, true);

        if ($value === false) {
            throw MessageQueueException::cannotUnserializeMessage($data[__CLASS__]);
        }

        return unserialize($value);
    }

    
$this->attributePersister->persist($attributeData, 's_order_details_attributes', $orderDetailId);
        } // For every product in basket     }

    /** * Finally save order and send order confirmation to customer * * @return string|false */
    public function sSaveOrder()
    {
        $this->sComment = stripslashes($this->sComment ?? '');
        $this->sComment = stripcslashes($this->sComment);

        $this->sShippingData[CartKey::AMOUNT_NUMERIC] = $this->sShippingData[CartKey::AMOUNT_NUMERIC] ?? '0';

        if ($this->isTransactionExist($this->bookingId)) {
            return false;
        }

        // Insert basic-data of the order         $orderNumber = $this->sGetOrderNumber();
        $this->sOrderNumber = $orderNumber;

        

    function strip_slashes($str)
    {
        if (is_array($str)) {
            return stripslashes($str);
        }

        foreach ($str as $key => $val) {
            $str[$key] = strip_slashes($val);
        }

        return $str;
    }
}

if (function_exists('strip_quotes')) {
    
</td> </tr> <?php if ( ! $user_table ) : ?> <tr class="form-field form-required user-pass1-wrap"> <th scope="row"> <label for="pass1"> <?php _e( 'Password' ); ?> </label> </th> <td> <div class="wp-pwd"> <?php $initial_password = isset( $_POST['admin_password'] ) ? stripslashes( $_POST['admin_password'] ) : wp_generate_password( 18 ); ?> <div class="password-input-wrapper"> <input type="password" name="admin_password" id="pass1" class="regular-text" autocomplete="new-password" spellcheck="false" data-reveal="1" data-pw="<?php echo esc_attr( $initial_password ); ?>" aria-describedby="pass-strength-result admin-password-desc" /> <div id="pass-strength-result" aria-live="polite"></div> </div> <button type="button" class="button wp-hide-pw hide-if-no-js" data-start-masked="<?php echo (int) isset( $_POST['admin_password'] ); ?>" data-toggle="0" aria-label="<?php esc_attr_e( 'Hide password' ); ?>"> <span class="dashicons dashicons-hidden"></span> <span class="text"><?php _e( 'Hide' ); ?></span> </button> </div> <p id="admin-password-desc"><span class="description important hide-if-no-js"> <strong><?php _e( 'Important:' ); ?></strong>


        if (empty($groupID)) {
            $groupID = $this->config->get('sNEWSLETTERDEFAULTGROUP');
            $sql = ' INSERT IGNORE INTO s_campaigns_groups (id, name) VALUES (?, ?) ';
            $this->db->query($sql[$groupID, 'Newsletter-Empfänger']);
        }

        $email = strtolower(trim(stripslashes($email)));
        if (empty($email)) {
            return [
                'code' => 6,
                'message' => $this->snippetManager->getNamespace('frontend/account/internalMessages')
                    ->get('NewsletterFailureMail', 'Enter eMail address'),
            ];
        }
        if (!$this->emailValidator->isValid($email)) {
            return [
                'code' => 1,
                'message' => $this->snippetManager->getNamespace('frontend/account/internalMessages')
                    
Home | Imprint | This part of the site doesn't use cookies.