PHP Manual: Escape a string to be used as a shell argument

Description

string escapeshellarg ( string $arg )

escapeshellarg adds single quotes around a string and quotes/escapes any existing single quotes allowing you to pass a string directly to a shell function and having it be treated as a single safe argument. This function should be used to escape individual arguments to shell functions coming from user input. The shell functions include exec, system and the backtick operator.

On Windows, escapeshellarg instead replaces percent signs, exclamation marks (delayed variable substitution) and double quotes with spaces and adds double quotes around the string.

Parameters

arg: The argument that will be escaped.

Return Values

The escaped string.

Examples

Example #1 escapeshellarg example


<?php
system('ls '.escapeshellarg($dir));
?>

Changelog

Version	Description
5.6.0	The default value for the `encoding` parameter was changed to be the value of the default_charset configuration option.
5.4.43, 5.5.27, 5.6.11	Exclamation marks are replaced by spaces.

escapeshellarg

Description

Parameters

Return Values

Examples

Changelog

See Also