escapeshellarg()

(PHP 4 >= 4.0.3, PHP 5, PHP 7)

把字符串转码为可以在 shell 命令里使用的参数

说明

escapeshellarg()将给字符串增加一个单引号并且能引用或者转码任何已经存在的单引号，这样以确保能够直接将一个字符串传入 shell 函数，并且还是确保安全的。对于用户输入的部分参数就应该使用这个函数。shell 函数包含exec(),system()执行运算符。

参数

需要被转码的参数。

返回值

转换之后字符串。

范例

Example #1escapeshellarg()的例子

参见

• escapeshellcmd()shell 元字符转义
• exec()执行一个外部程序
• popen()打开进程文件指针
• system()执行外部程序，并且显示输出
• 执行运算符

When escapeshellarg() was stripping my non-ASCII characters from a UTF-8 string, adding the following fixed the problem:

On Windows, this function naively strips special characters and replaces them with spaces. The resulting string is always safe for use with exec() etc, but the operation is not lossless - strings containing " or % will not be passed through to the child process correctly.
Correctly escaping shell commands on Windows is not a simple matter. Programs must consider two distinct escape mechanisms which serve different purposes:
 1) The convention used by the CommandLineToArgV() windows system function, used by the child process to interpret the command line string
 2) The convention used by cmd.exe to escape shell meta-characters (e.g. output redirection controls)
All commands should be escaped for CommandLineToArgV() - this mechanism is applied to each argument individually before it is appended to the command line string. The resulting string may be safely used with the CreateProcess() family of system functions. However...
In almost all cases when creating a child process from PHP on Windows, it is done indirectly by invoking cmd.exe - this is to enable the use of shell functionality such as I/O redirection and environment variable substitution. As a consequence, the entire command string must be further escaped for cmd.exe. If the executed command contains further indirect calls through cmd.exe, each child command must be escaped again for each level of indirection.
The following functions can be used to correctly escape strings such that they are safely passed through to a child process: