Escaping in PHP doesn’t mean breaking free and “doing a runner”.
It is a technique to prevent PHP from ending your strings too early, or for
making sure you have the correct string information returned. Here’s an example.
Try this script:
$string = ‘John’s Car’;
Make sure you type the script exactly as it is, with all the single quote
marks. Now run the script.
What you should find is that PHP gives you an error message. The reason is
that you have three single quote marks. PHP gets confused, because it doesn’t
know what your string is. To solve the problem, you could use double quotes
on the outside. Like this:
$string = “John‘s Car”;
Or you could escape the apostrophe. You escape a character by typing a “slash”
before it. Like this:
$string = ‘John‘s Car’;
If you try that out, you should find that the string prints correctly.
Now try this script:
$astring = ‘mypath’;
Again, you’ll get an error from PHP. Surround it with double quotes instead
of single quotes and run the script again. Does the string print?
The reason it doesn’t is because you haven’t escaped the slash. PHP sees
it as a special character, and is expecting more details after the slash.
But we want a slash in the string. To escape it, use another slash. Like this:
$astring = ‘mypath\’;
So now we have two slashes on the end of the string. When you run the script,
you should find that it prints out this:
If your PHP script is not returning the characters it should do, then you
may need to use the slash to escape them.
You also need to escape certain characters when working with databases, otherwise,
you’re opening yourself up to attack! You’ll hear more on this topic when
we get to that section.
In the next part, we’ll have a list of string functions that may come in
handy, and an example of how to use each one.
Kaynak : https://www.homeandlearn.co.uk/php/php7p7.html ‘sitesinden alıntı