escapeshellarg

escapeshellarg

Escape a string to be used as a shell argument

string **escapeshellarg** string $arg

adds single quotes around a string

and quotes/escapes any existing single quotes allowing you to pass a string directly to a shell function and having it be treated as a single safe argument. This function should be used to escape individual arguments to shell functions coming from user input. The shell functions include , and the . escapeshellarg``exec``systembacktick operator

On Windows, instead replaces percent signs, exclamation marks (delayed variable substitution) and double quotes with spaces and adds double quotes around the string. Furthermore, each streak of consecutive backslashes () is escaped by one additional backslash. escapeshellarg``\

argThe argument that will be escaped.

The escaped string.

Voorbeeld: example

<?php
system('ls '.escapeshellarg($dir));
?>

escapeshellcmd``exec``popen``systembacktick operator