Developer Forums | Newsletter Signup | About Us | developerworks Latest | Site Map
Search  
HOME > PHPMANUAL
Server Side Coding
PHP
Perl
Java
Python
Administration
Book Reviews

Client Side Coding
HTML
JavaScript
CSS
XML
DHTML
Flash

Sponsors


Getting Started
Domain Names
Web Hosting
Site Planning
Legal Issues
Privacy and Trust

Design and Layout
Usability
Accessibility
Design Principals

Databases
MySQL
PostgreSQL
mSQL

Useful Lists
Search Engine Optimization

Web Host
site hosted by netplex
Partners
Ask A Geek
Web Hosting
Dedicated Server

Online Manuals
php manual

PHP Manual
PrevNext

escapeshellcmd

(PHP 3, PHP 4 )

escapeshellcmd -- escape shell metacharacters

Description

string escapeshellcmd ( string command)

escapeshellcmd() escapes any characters in a string that might be used to trick a shell command into executing arbitrary commands. This function should be used to make sure that any data coming from user input is escaped before this data is passed to the exec() or system() functions, or to the backtick operator. A standard use would be:

<?php
$e = escapeshellcmd($userinput);
 
// here we don't care if $e has spaces
system("echo $e");
$f = escapeshellcmd($filename);
 
// and here we do, so we use quotes
system("touch \"/tmp/$f\"; ls -l \"/tmp/$f\"");
 ?>

See also escapeshellarg(), exec(), popen(), system(), and the backtick operator.

PrevHomeNext
escapeshellargUpexec
Copyright 2004-2008 GrindingGears.com. All rights reserved. Site hosted by NETPLEX