escapeshellarg() adds single quotes around a string and quotes/escapes any existing single quotes allowing you to pass a string directly to a shell function and having it be treated as a single safe argument. This function should be used to escape individual arguments to shell functions coming from user input. The shell functions include exec(), system() and the backtick operator. A standard use would be:
<?php
system('ls '.escapeshellarg($dir));
?>See also escshellcmd(), exec(), popen(), system(), and the backtick operator.
| This HTML Help has been published using the chm2web software. |