Search DaTutorials:  
HOME
Php Tutorials
Articles
Basics
Date and Time
File Manipulations
Forms
Functions
General
Interactivity
MySql
Navigation
News,Shoutboxes and Blogs
Language Structure and Data Types
Searching
Security
String Manipulation
User Information and Stats
Search For a Tutorial
Php Reference

escapeshellcmd

(PHP 3, PHP 4 , PHP 5)

escapeshellcmd -- escape shell metacharacters

Description

string escapeshellcmd ( string command)

escapeshellcmd() escapes any characters in a string that might be used to trick a shell command into executing arbitrary commands. This function should be used to make sure that any data coming from user input is escaped before this data is passed to the exec() or system() functions, or to the backtick operator. A standard use would be:

<?php
$e = escapeshellcmd($userinput);
 
// here we don't care if $e has spaces
system("echo $e");
$f = escapeshellcmd($filename);
 
// and here we do, so we use quotes
system("touch \"/tmp/$f\"; ls -l \"/tmp/$f\"");
?>

See also escapeshellarg(), exec(), popen(), system(), and the backtick operator.



Copyright © 2001-2004 The PHP Group
All rights reserved.

     Free Ringtone | Power Rangers | Bad Credit Mortgages | Internet Advertising | Remortgages
Home     Link To Us     Ad With Us     Contact Us     Tell A Friend     Affiliates     Blog     MsOfficeHelp