Skip to Main Content
PHP in a Nutshell
book

PHP in a Nutshell

by Paul Hudson
October 2005
Intermediate to advanced content levelIntermediate to advanced
372 pages
11h 35m
English
O'Reilly Media, Inc.
Content preview from PHP in a Nutshell

Name

escapeshellcmd()

Synopsis

    string escapeshellcmd ( string command )

The escapeshellcmd() function is used to escape special characters in shell commands that may otherwise trick your script into running malicious code. If you ever plan to allow users to execute a program on your server—in itself a major security risk—you should always pass their variables through this function first. For example:

    $_GET["search"] = escapeshellcmd($_GET["search"]);
    passthru("grep {$_GET["search"] /var/www/meetinglogs/*");
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

PHP Cookbook

PHP Cookbook

Eric A. Mann
Programming PHP

Programming PHP

Rasmus Lerdorf, Kevin Tatroe
Learning PHP

Learning PHP

David Sklar

Publisher Resources

ISBN: 0596100671Errata Page