JavaScript addslashes
Escapes single quote, double quotes and backslash characters in a string with backslashes
1 2 3 4 56 7 8 9 1011 12 13 14 1516 17 18 | function addslashes (str) { // Escapes single quote, double quotes and backslash characters in a string with backslashes // // version: 1008.1718 // discuss at: http://phpjs.org/functions/addslashes // + original by: Kevin van Zonneveld (http://kevin.vanzonneveld.net) // + improved by: Ates Goral (http://magnetiq.com) // + improved by: marrtins // + improved by: Nate // + improved by: Onno Marsman // + input by: Denny Wardhana // + improved by: Brett Zamir (http://brett-zamir.me) // + improved by: Oskar Larsson Högfeldt (http://oskar-lh.name/) // * example 1: addslashes("kevin's birthday"); // * returns 1: 'kevin\'s birthday' return (str+'').replace(/[\\"']/g, '\\$&').replace(/\u0000/g, '\\0'); } |
Examples
Running
1 | addslashes("kevin's birthday"); |
Should return
1 | 'kevin\'s birthday' |
Dependencies
No dependencies, you can use this function standalone.
Open syntax issues
php.js uses JsLint to help us keep our code consistent and prevent some common bugs.
Eventually we want all code to pass or at least take into consideration most fixes suggested by JsLint, following this JsLint configuration we’ve decided on.
Authors
Thanks to the following developers, you get to have addslashes goodness in JavaScript.
Oskar Larsson Högfeldt
Apr 11th 
Hi,
replace(/[\\"']/g, "\\$&")
might be faster than
replace(/([\\"'])/g, "\\$1")
Oskar Larsson Högfeldt
Apr 11th
Hi,
replace(/[\"']/g, "\\$&")
might be faster than
replace(/([\"'])/g, "\\$1")
Brett Zamir
30 Jun '09
@Denny: Thanks for the report. I've fixed it in SVN. (use \u0000 instead--"\u" indicates a 4-digit hexadecimal Unicode sequence and \0 was a shortcut for this)
Denny Wardhana
30 Jun '09
Under "Strict Warnings" setup,
/\0/g
produces Warning: non-octal digit in an escape sequence that doesn't match a back-reference.
How to remove that warning (and the function still working of course)?
Kevin van Zonneveld
21 Sep '08
@ Julien Paquit: Thank you but I believe PHP does not do that automatically? If not, then we should not either, because we may surprise developers & cause unexpected output.
Julien Paquit
21 Sep '08
Very useful code ! Because of some scripting needs (and compatibility), I add this portion of code to the original one :
[CODE="Javascript"]
return (str+'').replace(/(["])/g, """).replace(/([\\'])/g, "\\$1").replace(/\0/g, "\\0");
[/CODE]
Now I am able to pass recursively parameters without errors.
Kevin van Zonneveld
27 Aug '08
@ Nate & Onno Marsman: Awesome job guys! I have been fooled by my tester for a long time. Addslashes has ben updated, and you have been credited accordingly. I've also changed the new testsuite to support addslashes behaviour.
Onno Marsman
8 Aug '08
It's probably also a good idea to convert str to a string to make sure .replace exists.
addslashes(6) does work in PHP but not in this function
[CODE="Javascript"]
return (str+'').replace(/([\\"'])/g, "\\$1").replace(/\0/g, "\\0");
[/CODE]
Nate
22 Jul '08
I couldn't get the function to work at first. I made some changes, and here is what I came up with:
[CODE="Javascript"]
return str.replace(/([\\"'])/g, "\\$1").replace(/\0/g, "\\0");
[/CODE]
Also, the example should read,
"kevin\\\'s birthday" because the \' becomes '. That is why it appears to work in the tester script.
Sean Gallagher
24 May '08
Here is another quicky but good add slashes function!
P.S. I could not get your function to work.
[CODE="Javascript"]
function addslashes(str)
{
// http://www.atlwebsite.com
// By Sean Gallagher
// Example: addslashes('what "ya\'ll" doing?')
// Returns: what \"ya\'ll\" doing?
str = str.replace(/'/g,"\\'");
return str.replace(/"/g,'\\"');
}
[/CODE]
Kevin van Zonneveld
13 Apr '08
@ Jonas Raoni: I believe your proposal has the same regex, only here it's singlequoted for compatbility with Dean Edwards packer.
Jonas Raoni
12 Apr '08
It's missing the "\" escape.
return str.replace(/(["'\\])/g, "\\$1").replace(/\0/g, "\\0") ;
Or
return str.replace(/(["'\\\0])/g, function(_, n){
return "\\" + (n == "\0" ? "0" : n);
});
Kevin van Zonneveld
28 Feb '08
@ Martin: Thanks for noticing. If you look at the source code, you see that the example is correct. But my blog probably filters out the backslash again. I'll look into it!
Martin
27 Feb '08
example 1 (the only one) on this page is incorrect, in that it doesn't actually add the slash. hehe.
Ates Goral
23 Jan '08
Additional test case:
[CODE="Javascript"]
// * example 2: addslashes("\"'\\\0");
// * returns 2: "\\\"\\\'\\\\\\\0"
[/CODE]
Ates Goral
23 Jan '08
First, just a nitpick:
A set of characters can be used instead of the ORs:
[CODE="Javascript"]
return str.replace(/(["'\\])/g, "\\$1");
[/CODE]
To add support for NUL:
[CODE="Javascript"]
return str.replace(/(["'\\])/g, "\\$1").replace(/\0/g, "\\0");
[/CODE]
booeyOH
21 Jan '08
preg_quote() function for adding slashes to RegEx
Not sure if it is out there, but needed something quick, hope its helpful
[CODE="Javascript"]
function preg_quote( str ) {
var quote_chars = ["\\", ".", "+", "*", "?", "[", "^", "]", "$", "(", ")", "{", "}", "=", "!", "<", ">", "|", ":"];
var return_val = str;
for(var i=0;i<quote_chars.length;i++)
{
eval("var pattern = /\\"+quote_chars[i]+"/gi");
return_val = return_val.replace(pattern, chr(92)+quote_chars[i]);
}
return return_val;
}
[/CODE]
Brett Zamir
Apr 11th