escapeshellarg

(PHP 4 >= 4.0.3, PHP 5)

escapeshellarg -- Escape a string to be used as a shell argument

Description

string escapeshellarg ( string arg )

escapeshellarg() adds single quotes around a string and quotes/escapes any existing single quotes allowing you to pass a string directly to a shell function and having it be treated as a single safe argument. This function should be used to escape individual arguments to shell functions coming from user input. The shell functions include exec(), system() and the backtick operator. A standard use would be:

<?php
system
('ls '.escapeshellarg($dir));
?>

See also escapeshellcmd(), exec(), popen(), system(), and the backtick operator.