This function prepends backslashes to the following characters: \x00 , \n , \r , \ , ' , " and \x1a . This function is normally used to make data safe before sending a query to MySQL . 
PHP has similar functions for other database systems such as pg_escape_string() for PostgreSQL . The function addslashes(string $str) works for escaping characters, and is used especially for querying on databases that do not have escaping functions in PHP. It returns a string with backslashes before characters that need to be quoted in database queries, etc. These characters are single quote ('), double quote ("), backslash (\) and NUL (the NULL byte). 
Routinely passing escaped strings to SQL is error prone because it is easy to forget to escape a given string. Creating a transparent layer to secure the input can reduce this error-proneness, if not entirely eliminate it.