escapeshellarg
(PHP 4 >= 4.0.3, PHP 5, PHP 7)
escapeshellarg — Escape a string to be used as a shell argument
Description
string escapeshellarg ( string $arg )escapeshellarg() adds single quotes around a string and quotes/escapes any existing single quotes allowing you to pass a string directly to a shell function and having it be treated as a single safe argument. This function should be used to escape individual arguments to shell functions coming from user input. The shell functions include exec(), system() and the backtick operator.
On Windows, escapeshellarg() instead replaces percent signs, exclamation marks (delayed variable substitution) and double quotes with spaces and adds double quotes around the string.
Parameters
arg
The argument that will be escaped.
Return Values
The escaped string.
Examples
Example #1 escapeshellarg() example
<?php
system('ls?'.escapeshellarg($dir));
?>Changelog
Version | Description |
|---|---|
5.6.0 | The default value for the encoding parameter was changed to be the value of the default_charset configuration option. |
5.4.43, 5.5.27, 5.6.11 | Exclamation marks are replaced by spaces. |
See Also
- escapeshellcmd() - Escape shell metacharacters
- exec() - Execute an external program
- popen() - Opens process file pointer
- system() - Execute an external program and display the output
- backtick operator
escapeshellcmd →
? 1997–2017 The PHP Documentation GroupLicensed under the Creative Commons Attribution License v3.0 or later.
本文档系腾讯云开发者社区成员共同维护,如有问题请联系 cloudcommunity@tencent.com
