Join Up!
104887 members and counting!

 
downloads | documentation | faq | getting help | mailing lists | reporting bugs | php.net sites | links 
search for in the  
lookup:
PHP KäsikirjaPHP Käsikirja
Program ExecutionProgram Execution
 escapeshellargescapeshellarg
 escapeshellcmdescapeshellcmd
 execexec
 passthrupassthru
 proc_closeproc_close
 proc_openproc_open
 shell_execshell_exec
 systemsystem
previousescapeshellargexecnext
Last updated: Tue, 28 May 2002
view the printer friendly version or the printer friendly version with notes or change language to Czech | German | Spanish

escapeshellcmd

(PHP 3, PHP 4 >= 4.0.0)

escapeshellcmd -- escape shell metacharacters

Description

string escapeshellcmd ( string command)

escapeshellcmd() escapes any characters in a string that might be used to trick a shell command into executing arbitrary commands. This function should be used to make sure that any data coming from user input is escaped before this data is passed to the exec() or system() functions, or to the backtick operator. A standard use would be:

$e = escapeshellcmd($userinput);
system("echo $e"); // here we don't care if $e has spaces
$f = escapeshellcmd($filename);
system("touch \"/tmp/$f\"; ls -l \"/tmp/$f\""); // and here we do, so we use quotes

See also escapeshellarg(), exec(), popen(), system(), and the backtick operator.

User Contributed Notes
escapeshellcmd		 add a note about notes
There are no user contributed notes for this page.
previousescapeshellargexecnext
Last updated: Tue, 28 May 2002
Copyright © 2001, 2002 The PHP Group
All rights reserved.		 This mirror generously provided by: http://phpbuilder.com/
Last updated: Thu Oct 31 18:34:28 2002 EST