escapeshellcmd in PHP

Syntax of escapeshellcmd in PHP

string escapeshellcmd(string command)

Escapes any characters in command that could cause a shell command to run additional commands. When directly passing user input (such as from forms) to the exec() or system() functions, you should use this function to escape the data to ensure that the argument isn’t a security risk.

Example of escapeshellcmd in PHP

<?php
// We allow arbitrary number of arguments intentionally here.
$command = './configure '.$_POST['configure_options'];

$escaped_command = escapeshellcmd($command);
 
system($escaped_command);
?>

Leave a Comment