About the Author

Chris Shiflett

Hi, I’m Chris: entrepreneur, community leader, husband, and father. I live and work in Boulder, CO.


Quoting PHP Strings

PHP developers generally understand the difference between using single quotes versus double quotes to enclose a string. If you need stuff to be interpreted, you use double quotes. If you need to indicate a literal string, you use single quotes:

<?php 

$string
= 'two';

echo
'<p>one $string three</p>';
echo
"<p>one $string three</p>";

?>

Do you know what this will output? I think most of you do. You'll see the variable name on the first line and its value on the second:

one $string three

one two three

Try this one:

<?php 

$one   
= 'the\quick\brown\fox';
$two   = 'the\\quick\\brown\\fox';
$three = 'the\\\quick\\\brown\\\fox';
$four  = 'the\\\\quick\\\\brown\\\\fox';

echo
"<p>$one</p><p>$two</p><p>$three</p><p>$four</p>";

?>

It surprises many people to see that this code produces the following:

the\quick\brown\fox

the\quick\brown\fox

the\\quick\\brown\\fox

the\\quick\\brown\\fox

Although it's not necessary to escape backslashes inside a string enclosed with single quotes, two consecutive backslashes are interpreted as one. Surprised?

If you want a string that contains single quotes, you need to escape them with a backslash (or enclose the string with double quotes:

<?php 

$name
= 'O\'Reilly';
$name = "O'Reilly";

?>

What do you do if you need to have a backslash followed by a single quote in your string? You have to escape both:

<?php 

echo 'Escape single quotes like this: \\\'';

?>

This will output the proper instructions for escaping a single quote:

Escape single quotes like this: \'

Therefore, within a string enclosed with single quotes, PHP needs to allow both single quotes and backslashes to be escaped. I'm not sure if this is explained very clearly in the manual:

To specify a literal single quote, you will need to escape it with a backslash (\), like in many other languages. If a backslash needs to occur before a single quote or at the end of the string, you need to double it. Note that if you try to escape any other character, the backslash will also be printed!

Hopefully it all makes more sense now. :-)

About this post

Quoting PHP Strings was posted on Thu, 25 Aug 2005. If you liked it, follow me on Twitter or share:

6 comments

1.Chris Shiflett said:

By the way, I bring this up to help dissect criticisms of stripslashes() that use this as a test case:

echo stripslashes('chris\\shiflett');

This is actually the same as:

echo stripslashes('chris\shiflett');

Therefore, only one slash is really being stripped. If you want to argue that stripslashes() should only remove slashes that could have been added by addslashes(), that's fine, but don't use misleading test cases just to give your argument more weight.

Fri, 26 Aug 2005 at 02:05:51 GMT Link


2.Don Laur said:

Thanks. That was very helpful. You got me on that. I will have to keep note of that for the future.

Fri, 26 Aug 2005 at 15:49:43 GMT Link


3.Jesse Burns said:

What is the behavior of single/double quotes when it come to arrays? Namely $_GET and $_POST variables.

For example, using $_POST variable for output. Which of the following would be correct? Or would both be correct?

echo "Hello, $_POST['name'], I hope you have a wonderful day.";

echo 'Hello, $_POST[\'name\'], I hope you have a wonderful day.';

The following example is how I usually use arrays and strings, because I'm not sure of the ramifications of the above:

echo "Hello,".$_POST['name'].", I hope you have a wonderful day.";

Plus, are there any advantages performance/security wise between the different ways of displaying variables/arrays?

Fri, 26 Aug 2005 at 23:00:33 GMT Link


4.Chris Shiflett said:

Hi Jesse,

For arrays, you can use curly braces around the entire variable name:

echo "Hello, {$_POST['name']}.";

This comes in handy in other situations, too:

$prefix = 'un';

echo "This is {$prefix}believable.";

Hope that helps.

Sat, 27 Aug 2005 at 01:26:11 GMT Link


5.Intchanter said:

I prefer to use the "{$var}" style everywhere for consistency, as it makes it far less likely that an innocent edit sometime down the road will break something.

I also eschew concatenating with '.' where possible, as concatenating strings tends to be slow and the variable interpolation step happens to all the strings anyway. The times when it is not possible (without tricks) are when including a constant, or the results of a function or unbound method.

Tue, 22 Nov 2005 at 22:08:17 GMT Link


6.Stephen said:

But the behavior breaks down if you go any further. The stripslashes() and addslashes() behaviors don't actually make much sense.

'the\\\\\quick\\\\\brown\\\\\fox';

will ALSO be output as

the\\quick\\brown\\fox

as will:

'the\\\\\\quick\\\\\\brown\\\\\\fox'

However, this:

'the\\\\\\\quick\\\\\\\brown\\\\\\\fox'

will be output as:

the\\\quick\\\brown\\\fox

Now how does THAT make any sense???

Fri, 29 Dec 2006 at 02:46:43 GMT Link


Hello! What’s your name?

Want to comment? Please connect with Twitter to join the discussion.