I have the following script:
$user_input = $_POST['user_input'];
// If there is a way, I want to escape it here.
shell_exec("php some_file.php $user_input");
Is there a way to properly escape the user_input?
Asked
Active
Viewed 1,087 times
2
Vilican
- 2,703
- 8
- 21
- 35
Tim von Känel
- 197
- 1
- 8
1 Answers
6
The function escapeshellarg safely quotes a value (including escaping quotes in the name, etc) so that it can be used as an argument in a command string passed to a shell.
$user_input = $_POST['user_input'];
shell_exec('php some_file.php '.escapeshellarg($user_input));
Macil
- 1,482
- 9
- 11