<HTML
><HEAD
><TITLE
>escapeshellcmd</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
REL="HOME"
TITLE="PHP Manual"
HREF="index.html"><LINK
REL="UP"
TITLE="Program Execution functions"
HREF="ref.exec.html"><LINK
REL="PREVIOUS"
TITLE="escapeshellarg"
HREF="function.escapeshellarg.html"><LINK
REL="NEXT"
TITLE="exec"
HREF="function.exec.html"><META
HTTP-EQUIV="Content-type"
CONTENT="text/html; charset=ISO-8859-1"></HEAD
><BODY
CLASS="refentry"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>PHP Manual</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="function.escapeshellarg.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="function.exec.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><H1
><A
NAME="function.escapeshellcmd"
></A
>escapeshellcmd</H1
><DIV
CLASS="refnamediv"
><A
NAME="AEN78735"
></A
><P
> (PHP 3, PHP 4 )</P
>escapeshellcmd -- escape shell metacharacters</DIV
><DIV
CLASS="refsect1"
><A
NAME="AEN78738"
></A
><H2
>Description</H2
>string <B
CLASS="methodname"
>escapeshellcmd</B
> ( string command)<BR
></BR
><P
> <B
CLASS="function"
>escapeshellcmd()</B
> escapes any characters in a
string that might be used to trick a shell command into executing
arbitrary commands. This function should be used to make sure
that any data coming from user input is escaped before this data
is passed to the <A
HREF="function.exec.html"
><B
CLASS="function"
>exec()</B
></A
> or
<A
HREF="function.system.html"
><B
CLASS="function"
>system()</B
></A
> functions, or to the <A
HREF="language.operators.execution.html"
>backtick
operator</A
>. A standard use would be:</P
><P
> <DIV
CLASS="informalexample"
><A
NAME="AEN78752"
></A
><P
></P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
CELLPADDING="5"
><TR
><TD
><PRE
CLASS="php"
>$e = escapeshellcmd($userinput);
system("echo $e"); // here we don't care if $e has spaces
$f = escapeshellcmd($filename);
system("touch \"/tmp/$f\"; ls -l \"/tmp/$f\""); // and here we do, so we use quotes</PRE
></TD
></TR
></TABLE
><P
></P
></DIV
>
</P
><P
> See also <A
HREF="function.escapeshellarg.html"
><B
CLASS="function"
>escapeshellarg()</B
></A
>, <A
HREF="function.exec.html"
><B
CLASS="function"
>exec()</B
></A
>,
<A
HREF="function.popen.html"
><B
CLASS="function"
>popen()</B
></A
>, <A
HREF="function.system.html"
><B
CLASS="function"
>system()</B
></A
>, and the <A
HREF="language.operators.execution.html"
>backtick operator</A
>.
</P
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="function.escapeshellarg.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="function.exec.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>escapeshellarg</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="ref.exec.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>exec</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
distrib
>
Mandriva
>
9.1
>
ppc
>
media
>
main
>
by-pkgid
>
0afeee9cca140e167a996902b9a677c5
>
files
>
546
