<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>Escape a string to be used as a shell argument</title>
</head>
<body><div class="manualnavbar" style="text-align: center;">
<div class="prev" style="text-align: left; float: left;"><a href="ref.exec.html">Program execution Functions</a></div>
<div class="next" style="text-align: right; float: right;"><a href="function.escapeshellcmd.html">escapeshellcmd</a></div>
<div class="up"><a href="ref.exec.html">Program execution Functions</a></div>
<div class="home"><a href="index.html">PHP Manual</a></div>
</div><hr /><div id="function.escapeshellarg" class="refentry">
<div class="refnamediv">
<h1 class="refname">escapeshellarg</h1>
<p class="verinfo">(PHP 4 >= 4.0.3, PHP 5, PHP 7)</p><p class="refpurpose"><span class="refname">escapeshellarg</span> — <span class="dc-title">Escape a string to be used as a shell argument</span></p>
</div>
<div class="refsect1 description" id="refsect1-function.escapeshellarg-description">
<h3 class="title">Description</h3>
<div class="methodsynopsis dc-description">
<span class="type">string</span> <span class="methodname"><strong>escapeshellarg</strong></span>
( <span class="methodparam"><span class="type">string</span> <code class="parameter">$arg</code></span>
)</div>
<p class="para rdfs-comment">
<span class="function"><strong>escapeshellarg()</strong></span> adds single quotes around a string
and quotes/escapes any existing single quotes allowing you to pass a
string directly to a shell function and having it be treated as a single
safe argument. This function should be used to escape individual
arguments to shell functions coming from user input. The shell functions
include <span class="function"><a href="function.exec.html" class="function">exec()</a></span>, <span class="function"><a href="function.system.html" class="function">system()</a></span> and the
<a href="language.operators.execution.html" class="link">backtick operator</a>.
</p>
<p class="para">
On Windows, <span class="function"><strong>escapeshellarg()</strong></span> instead replaces percent
signs, exclamation marks (delayed variable substitution) and double quotes
with spaces and adds double quotes around the string.
</p>
</div>
<div class="refsect1 parameters" id="refsect1-function.escapeshellarg-parameters">
<h3 class="title">Parameters</h3>
<p class="para">
<dl>
<dt>
<code class="parameter">arg</code></dt>
<dd>
<p class="para">
The argument that will be escaped.
</p>
</dd>
</dl>
</p>
</div>
<div class="refsect1 returnvalues" id="refsect1-function.escapeshellarg-returnvalues">
<h3 class="title">Return Values</h3>
<p class="para">
The escaped string.
</p>
</div>
<div class="refsect1 examples" id="refsect1-function.escapeshellarg-examples">
<h3 class="title">Examples</h3>
<p class="para">
<div class="example" id="example-4486">
<p><strong>Example #1 <span class="function"><strong>escapeshellarg()</strong></span> example</strong></p>
<div class="example-contents">
<div class="phpcode"><code><span style="color: #000000">
<span style="color: #0000BB"><?php<br />system</span><span style="color: #007700">(</span><span style="color: #DD0000">'ls '</span><span style="color: #007700">.</span><span style="color: #0000BB">escapeshellarg</span><span style="color: #007700">(</span><span style="color: #0000BB">$dir</span><span style="color: #007700">));<br /></span><span style="color: #0000BB">?></span>
</span>
</code></div>
</div>
</div>
</p>
</div>
<div class="refsect1 changelog" id="refsect1-function.escapeshellarg-changelog">
<h3 class="title">Changelog</h3>
<p class="para">
<table class="doctable informaltable">
<thead>
<tr>
<th>Version</th>
<th>Description</th>
</tr>
</thead>
<tbody class="tbody">
<tr>
<td>5.4.43, 5.5.27, 5.6.11</td>
<td>
Exclamation marks are replaced by spaces.
</td>
</tr>
</tbody>
</table>
</p>
</div>
<div class="refsect1 seealso" id="refsect1-function.escapeshellarg-seealso">
<h3 class="title">See Also</h3>
<p class="para">
<ul class="simplelist">
<li class="member"><span class="function"><a href="function.escapeshellcmd.html" class="function" rel="rdfs-seeAlso">escapeshellcmd()</a> - Escape shell metacharacters</span></li>
<li class="member"><span class="function"><a href="function.exec.html" class="function" rel="rdfs-seeAlso">exec()</a> - Execute an external program</span></li>
<li class="member"><span class="function"><a href="function.popen.html" class="function" rel="rdfs-seeAlso">popen()</a> - Opens process file pointer</span></li>
<li class="member"><span class="function"><a href="function.system.html" class="function" rel="rdfs-seeAlso">system()</a> - Execute an external program and display the output</span></li>
<li class="member"><a href="language.operators.execution.html" class="link">backtick operator</a></li>
</ul>
</p>
</div>
</div><hr /><div class="manualnavbar" style="text-align: center;">
<div class="prev" style="text-align: left; float: left;"><a href="ref.exec.html">Program execution Functions</a></div>
<div class="next" style="text-align: right; float: right;"><a href="function.escapeshellcmd.html">escapeshellcmd</a></div>
<div class="up"><a href="ref.exec.html">Program execution Functions</a></div>
<div class="home"><a href="index.html">PHP Manual</a></div>
</div></body></html>
