Search DaTutorials:  
HOME
Php Tutorials
Articles
Basics
Date and Time
File Manipulations
Forms
Functions
General
Interactivity
MySql
Navigation
News,Shoutboxes and Blogs
Language Structure and Data Types
Searching
Security
String Manipulation
User Information and Stats
Search For a Tutorial
Php Reference

escapeshellcmd

(PHP 3, PHP 4 , PHP 5)

escapeshellcmd -- escape shell metacharacters

Description

string escapeshellcmd ( string command)

escapeshellcmd() escapes any characters in a string that might be used to trick a shell command into executing arbitrary commands. This function should be used to make sure that any data coming from user input is escaped before this data is passed to the exec() or system() functions, or to the backtick operator. A standard use would be:

<?php
$e = escapeshellcmd($userinput);
 
// here we don't care if $e has spaces
system("echo $e");
$f = escapeshellcmd($filename);
 
// and here we do, so we use quotes
system("touch \"/tmp/$f\"; ls -l \"/tmp/$f\"");
?>

See also escapeshellarg(), exec(), popen(), system(), and the backtick operator.



Copyright © 2001-2004 The PHP Group
All rights reserved.

     Web Advertising | Advertising | Free Advertising | Advertising | Web Advertising
Home    Link To Us    Ad With Us    Contact Us    Tell A Friend    Affiliates    Blog    Stock Photos