   #PHP Manual Program Execution functions escapeshellarg exec

   PHP Manual
   Prev  Next
   ______________________________________________________________________

                                escapeshellcmd

   (PHP 3, PHP 4 )
   escapeshellcmd -- escape shell metacharacters

Description

   string escapeshellcmd ( string command)

   escapeshellcmd() escapes any characters in a string that might be used
   to trick a shell command into executing arbitrary commands. This
   function should be used to make sure that any data coming from user
   input is escaped before this data is passed to the exec() or system()
   functions, or to the backtick operator. A standard use would be:

   <?php
   $e = escapeshellcmd($userinput);
   // here we don't care if $e has spaces
   system("echo $e");
   $f = escapeshellcmd($filename);
   // and here we do, so we use quotes
   system("touch \"/tmp/$f\"; ls -l \"/tmp/$f\"");
   ?>

   See also escapeshellarg(), exec(), popen(), system(), and the backtick
   operator.
   ______________________________________________________________________

   Prev           Home Next
   escapeshellarg  Up  exec
