Source of: /manual/en/function.escapeshellcmd.php


<?php

include_once $_SERVER['DOCUMENT_ROOT'] . '/include/shared-manual.inc';

$TOC = array();

$PARENTS = array();

include_once dirname(__FILE__) ."/toc/ref.exec.inc";

$setup = array (

  'home' => 

  array (

    0 => 'index.php',

    1 => 'PHP Manual',

  ),

  'head' => 

  array (

    0 => 'UTF-8',

    1 => 'en',

  ),

  'this' => 

  array (

    0 => 'function.escapeshellcmd.php',

    1 => 'escapeshellcmd',

  ),

  'up' => 

  array (

    0 => 'ref.exec.php',

    1 => 'Program execution Functions',

  ),

  'prev' => 

  array (

    0 => 'function.escapeshellarg.php',

    1 => 'escapeshellarg',

  ),

  'next' => 

  array (

    0 => 'function.exec.php',

    1 => 'exec',

  ),

);

$setup["toc"] = $TOC;

$setup["parents"] = $PARENTS;

manual_setup($setup);



manual_header();

?>

<div id="function.escapeshellcmd" class="refentry">

 <div class="refnamediv">

  <h1 class="refname">escapeshellcmd</h1>

  <p class="verinfo">(PHP 4, PHP 5)</p><p class="refpurpose"><span class="refname">escapeshellcmd</span> &mdash; <span class="dc-title">Escape shell metacharacters</span></p>



 </div>



 <a name="function.escapeshellcmd.description"></a><div class="refsect1 description">

  <h3 class="title">Description</h3>

  <div class="methodsynopsis dc-description">

   <span class="type">string</span> <span class="methodname"><b>escapeshellcmd</b></span>

    ( <span class="methodparam"><span class="type">string</span> <tt class="parameter">$command</tt></span>

   )</div>



  <p class="para rdfs-comment">

   <b>escapeshellcmd()</b> escapes any characters in a

   string that might be used to trick a shell command into executing

   arbitrary commands.  This function should be used to make sure

   that any data coming from user input is escaped before this data

   is passed to the <a href="function.exec.php" class="function">exec()</a> or

   <a href="function.system.php" class="function">system()</a> functions, or to the <a href="language.operators.execution.php" class="link">backtick

   operator</a>.

  </p>

  <p class="para">

   Following characters are preceded by a backslash:

   <i>#&amp;;`|*?~&lt;&gt;^()[]{}$\</i>, <i>\x0A</i>

   and <i>\xFF</i>. <i>&#039;</i> and <i>&quot;</i>

   are escaped only if they are not paired. In Windows, all these characters

   plus <i>%</i> are replaced by a space instead.

  </p>

 </div>





 <a name="function.escapeshellcmd.parameters"></a><div class="refsect1 parameters">

  <h3 class="title">Parameters</h3>

  <p class="para">

   </p><dl>



    <dt class="varlistentry">



     <span class="term"><i><tt class="parameter">command</tt></i>

</span>



     </dt><dd class="listitem">



      <p class="para">

       The command that will be escaped.

      </p>

     </dd>



    

   </dl>

<p>

  </p>

 </div>





 <a name="function.escapeshellcmd.returnvalues"></a><div class="refsect1 returnvalues">

  <h3 class="title">Return Values</h3>

  <p class="para">

   The escaped string.

  </p>

 </div>





 <a name="function.escapeshellcmd.examples"></a><div class="refsect1 examples">

  <h3 class="title">Examples</h3>

  <p class="para">

   </p><div class="example">

    <p><b>Example #1 <b>escapeshellcmd()</b> example</b></p>

    <div class="example-contents programlisting">

<div class="phpcode"><code><span style="color: #000000">

<span style="color: #0000BB">&lt;?php<br />$e&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #0000BB">escapeshellcmd</span><span style="color: #007700">(</span><span style="color: #0000BB">$userinput</span><span style="color: #007700">);<br />&nbsp;<br /></span><span style="color: #FF8000">//&nbsp;here&nbsp;we&nbsp;don't&nbsp;care&nbsp;if&nbsp;$e&nbsp;has&nbsp;spaces<br /></span><span style="color: #0000BB">system</span><span style="color: #007700">(</span><span style="color: #DD0000">"echo&nbsp;</span><span style="color: #0000BB">$e</span><span style="color: #DD0000">"</span><span style="color: #007700">);<br /></span><span style="color: #0000BB">$f&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #0000BB">escapeshellcmd</span><span style="color: #007700">(</span><span style="color: #0000BB">$filename</span><span style="color: #007700">);<br />&nbsp;<br /></span><span style="color: #FF8000">//&nbsp;and&nbsp;here&nbsp;we&nbsp;do,&nbsp;so&nbsp;we&nbsp;use&nbsp;quotes<br /></span><span style="color: #0000BB">system</span><span style="color: #007700">(</span><span style="color: #DD0000">"touch&nbsp;\"/tmp/</span><span style="color: #0000BB">$f</span><span style="color: #DD0000">\";&nbsp;ls&nbsp;-l&nbsp;\"/tmp/</span><span style="color: #0000BB">$f</span><span style="color: #DD0000">\""</span><span style="color: #007700">);<br /></span><span style="color: #0000BB">?&gt;</span>

</span>

</code></div>

    </div>



   </div><p>

  </p>

 </div>





 <a name="function.escapeshellcmd.seealso"></a><div class="refsect1 seealso">

  <h3 class="title">See Also</h3>

  <p class="para">

   </p><ul class="simplelist">

    <li class="member"><a href="function.escapeshellarg.php" class="function" rel="rdfs-seeAlso">escapeshellarg()</a> - Escape a string to be used as a shell argument</li>

    <li class="member"><a href="function.exec.php" class="function" rel="rdfs-seeAlso">exec()</a> - Execute an external program</li>

    <li class="member"><a href="function.popen.php" class="function" rel="rdfs-seeAlso">popen()</a> - Opens process file pointer</li>

    <li class="member"><a href="function.system.php" class="function" rel="rdfs-seeAlso">system()</a> - Execute an external program and display the output</li>

    <li class="member"><a href="language.operators.execution.php" class="link">backtick operator</a></li>

   </ul><p>

  </p>

 </div>



</div><?php manual_footer(); ?>
Our source is open

Source of: /manual/en/function.escapeshellcmd.php
