Perl function equivalent of PHP’s AddSlashes()

Here is a perl equivalent of PHP’s AddSlashes() function. It’s a quick an dirty way to clean up text to insert into a database. There are better ways to do this. It should exactly mimic PHP’s function. It adds slashes before single quotes(‘), double-quotes(“), backslashes(\), and NULL bytes (\0).

sub AddSlashes {
    $text = shift;
    ## Make sure to do the backslash first!
    $text =~ s/\\/\\\\/g;
    $text =~ s/'/\\'/g;
    $text =~ s/"/\\"/g;
    $text =~ s/\\0/\\\\0/g;
    return $text;
}

4 thoughts on “Perl function equivalent of PHP’s AddSlashes()”

  1. I’m not a Perl programmer but I needed to change the expressions to make it work in my PostgreSQL Perl stored Procedure.

    $text =~ s/\\/\\\\/g;
    $text =~ s/’/\\’/g;
    $text =~ s/”/\\”/g;
    $text =~ s//\/g;

  2. $term =~ s/([\\\’\”])/\\$1/gi; Is not the same, the backslash needs to be escaped first. The one liner will escape the first character that appears in $term. Also /i isn’t needed and is very wasteful*. To prevent SQL injection it’s better to use placeholders** where possible.

    *Friedl, J., 2006. Mastering Regular Expressions 3rd ed., O’Reilly Media, Inc.
    **http://www.perlmonks.com/?node_id=678757

Leave a Reply

Your email address will not be published. Required fields are marked *