Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

escapeshellcmd(3) [php man page]


escapeshellcmd - Escape shell metacharacters

string escapeshellcmd (string $command) DESCRIPTION
escapeshellcmd(3) escapes any characters in a string that might be used to trick a shell command into executing arbitrary commands. This function should be used to make sure that any data coming from user input is escaped before this data is passed to the exec(3) or system(3) functions, or to the backtick operator. Following characters are preceded by a backslash: #&;`|*?~<>^()[]{}$, x0A and xFF. ' and " are escaped only if they are not paired. In Windows, all these characters plus % are replaced by a space instead. PARAMETERS
o $command - The command that will be escaped. RETURN VALUES
The escaped string. EXAMPLES
Example #1 escapeshellcmd(3) example <?php // We allow arbitrary number of arguments intentionally here. $command = './configure '.$_POST['configure_options']; $escaped_command = escapeshellcmd($command); system($escaped_command); ?> Warning escapeshellcmd(3) should be used on the whole command string, and it still allows the attacker to pass arbitrary number of argu- ments. For escaping a single argument escapeshellarg(3) should be used instead. SEE ALSO
escapeshellarg(3), exec(3), popen(3), system(3), backtick operator. PHP Documentation Group ESCAPESHELLCMD(3)

Check Out this Related Man Page

PASSTHRU(3)								 1							       PASSTHRU(3)

passthru - Execute an external program and display raw output

void passthru (string $command, [int &$return_var]) DESCRIPTION
The passthru(3) function is similar to the exec(3) function in that it executes a $command. This function should be used in place of exec(3) or system(3) when the output from the Unix command is binary data which needs to be passed directly back to the browser. A common use for this is to execute something like the pbmplus utilities that can output an image stream directly. By setting the Content-type to image/gif and then calling a pbmplus program to output a gif, you can create PHP scripts that output images directly. PARAMETERS
o $command - The command that will be executed. o $return_var - If the $return_var argument is present, the return status of the Unix command will be placed here. RETURN VALUES
No value is returned. NOTES
Warning When allowing user-supplied data to be passed to this function, use escapeshellarg(3) or escapeshellcmd(3) to ensure that users can- not trick the system into executing arbitrary commands. Note If a program is started with this function, in order for it to continue running in the background, the output of the program must be redirected to a file or another output stream. Failing to do so will cause PHP to hang until the execution of the program ends. Note When safe mode is enabled, you can only execute files within the safe_mode_exec_dir. For practical reasons, it is currently not allowed to have .. components in the path to the executable. Warning With safe mode enabled, the command string is escaped with escapeshellcmd(3). Thus, echo y | echo x becomes echo y | echo x. SEE ALSO
exec(3), system(3), popen(3), escapeshellcmd(3), backtick operator. PHP Documentation Group PASSTHRU(3)
Man Page

15 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Extracting data from a string containing &;

:confused: How can I exrtact the code HU52143N200401 from a string that contains &amp;gt;HU52143N200401&amp;lt; (10 Replies)
Discussion started by: gugs
10 Replies

2. Shell Programming and Scripting

Counting the number of occurances of all characters (a-z) in a string

Hi, I am trying out different scripts in PERL. I want to take a line/string as an input from the user and count the number of occurrances of all the alphabets (a..z) in the string. I tried doingit like this : #! /opt/exp/bin/perl print "Enter a string or line : "; $string = <STDIN>; chop... (5 Replies)
Discussion started by: rsendhilmani
5 Replies

3. Shell Programming and Scripting

Escape Characters are driving me crazy!

Hi everyone, Is there anywhere I can find a complete table of all characters that must be escaped by the various UNIX shells and scripting languages? It seems every command/shell/scripting language has different rules about what characters must be escaped. I do a lot of searching and... (3 Replies)
Discussion started by: troym72
3 Replies

4. Shell Programming and Scripting

By using awk, how to '(backtick)?

Can I know how to express the '(backtick) in awk?! By typing \' ??? (8 Replies)
Discussion started by: patrick87
8 Replies

5. Shell Programming and Scripting

Awk problem: How to express the backtick(')

For example: I got a list of file end at .txt. I want all of them do the same command like grep '^@' and attached it to a output .sh file. This is the command I type: ls *.txt | awk '{print "grep \' \^\@\' ",$1}' > My desired output is when I type the command "more " The... (4 Replies)
Discussion started by: patrick87
4 Replies

6. UNIX for Dummies Questions & Answers

Passing a command in a variable

I need to set up a strange system through which an arbitrary command is sent to a number of different servers (well, actually, VPS accounts). We have a command "vpass" that "passes" a command from the root level to resident VPS accounts. Suppose I wanted each VPS to do some trivial thing, like... (3 Replies)
Discussion started by: treesloth
3 Replies

7. Shell Programming and Scripting

Issues with expr command on Solaris Box

Hello Friends, I have written a code on a Linux box, however, am getting issues while running it on a Solaris server. The issue with Sed command is sortd out, however, am still lokking for solutions with expr command. Here is the issue, Linux : bash-2.03$ expr match (10 Replies)
Discussion started by: suffisandy
10 Replies

8. Shell Programming and Scripting

Copying subdirectories of a directory to some other directory and renaming them

Hi, I am a newbie in shell scripting. I have to copy a particular sub-directory (data) from a large no. of directories (all in the same folder) and paste them to another directory ( /home/hubble/data ) and then rename all the subdirectories (data) as the name of its parent directory. please... (8 Replies)
Discussion started by: sholay
8 Replies

9. Shell Programming and Scripting

How to configure Formail command

Hi, When i type formail command , i get an error "command not found". How to configure this command so that this command works in my machine. Kindly suggest me. Thanks in advance (3 Replies)
Discussion started by: krishna_gnv
3 Replies

10. Shell Programming and Scripting

Script to delete all something.txt~ file from a directory

There are some files in a directory like a.tx~ , b.txt~,c.txt~. I want to delete all these files inside that directory and sub directory. How can i do this? #!/bin/bash cd thatdirectory ...... rm -rf *~ ...... (7 Replies)
Discussion started by: cola
7 Replies

11. Shell Programming and Scripting

Help with convert string

Hi. I will be very appreciated for help. I need replace all characters into string with \ (backslash) I mean if I have word abcdefg as input. How I can convert it to \a\b\c\d\e\f\g Thanks and best regards. Staas. (5 Replies)
Discussion started by: beckss
5 Replies

12. Shell Programming and Scripting

Find Files and then convert them to Uppercase

Hi All, So I'm new to scripting and I've been put in a position to convert a bunch of files with specific extensions in a folder and all its subfolders to uppercase including their extension. I figure so far I could do something like this: ... ... and then input $line into another bash... (12 Replies)
Discussion started by: ideal2545
12 Replies

13. Shell Programming and Scripting

Escape special characters in SED

Need help in escaping special characters in sed command. Here is the the string which i am trying to find a replace with From :- REQUEST_TYPE=PIXEL&amp;MSG_ID={//MESSAGE_ID} To :- REQUEST_TYPE=PIXEL&amp;MSG_ID= X_EDELIVERY_MESSAGE_ID &amp; BATCH_ID= X_EDELIVERY_BATCH_ID Here is the sed command i am... (2 Replies)
Discussion started by: aakishore
2 Replies

14. SuSE

Linux SLES Gui Not coming up

I had sles 11 sp2 installed on my system some days back and it was running fine. Today after I restarted my system the gui is not coming up and system starts in command terminal. sax2 command returns error: sax: gui is missing, starting command line interface sax: no x-server... (4 Replies)
Discussion started by: rupeshkp728
4 Replies

15. Shell Programming and Scripting

Unable to identify the special characters beyond the range of "[\x80-\xFF]"

I want to filter out the special character whose ascii value doesn't fall within the range "" . Example:� or Ć. So in that case is there any defined range which will filter out this characters. I can filter those which falls withing "" . Need to filter those special chracter which doesn't... (14 Replies)
Discussion started by: Abhijit Sen
14 Replies

Featured Tech Videos