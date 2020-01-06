$var2=str_replace("\'", "", $var1)
Can I say the code above is escaping single quote?
or
Can I say the code below is escaping single quote?
$var2=str_replace("'", "\'", $var1)
Depends on what you’re doing
Your first example will never escape anything, the second might, depending on the context.
Consider this HTML:
alt='Conan O'Brian'
Any browser parsing will set start a the single quote and read up the first single quote after that. So the alt will be parsed as
Conan O and regard the rest as a syntax error.
To fix it you can do one of two things:
Use double quotes for the alt attribute: ``alt=“Conan O’Brian”`. Now the browser will parse from double quote to double quote. The single quote has no special meaning anymore.
Escape the single quote in the name:
alt='Conan O\'Brian'. With that you’re basically saying to the browser “look, I know the next character is a single quote, and it would indicate the end of the string, but I don’t want that, just treat it as a single quote”
Question to the reader: what happens when I combine these two solutions, so switching from single quotes and escaping the single quote?