October 2005
Intermediate to advanced
372 pages
11h 35m
English
escapeshellcmd()
string escapeshellcmd ( string command )The escapeshellcmd() function is used to escape special characters in shell commands that may otherwise trick your script into running malicious code. If you ever plan to allow users to execute a program on your server—in itself a major security risk—you should always pass their variables through this function first. For example:
$_GET["search"] = escapeshellcmd($_GET["search"]);
passthru("grep {$_GET["search"] /var/www/meetinglogs/*");