<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML
><HEAD
><TITLE
>escapeshellcmd</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
REL="HOME"
TITLE="Manual do PHP"
HREF="index.html"><LINK
REL="UP"
TITLE="Programas, Funções de Execução"
HREF="ref.exec.html"><LINK
REL="PREVIOUS"
TITLE="escapeshellarg"
HREF="function.escapeshellarg.html"><LINK
REL="NEXT"
TITLE="exec"
HREF="function.exec.html"><META
HTTP-EQUIV="Content-type"
CONTENT="text/html; charset=UTF-8"></HEAD
><BODY
CLASS="refentry"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>Manual do PHP</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="function.escapeshellarg.html"
ACCESSKEY="P"
>Anterior</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="function.exec.html"
ACCESSKEY="N"
>Próxima</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><H1
><A
NAME="function.escapeshellcmd"
></A
>escapeshellcmd</H1
><DIV
CLASS="refnamediv"
><A
NAME="AEN184526"
></A
><P
> (PHP 3, PHP 4, PHP 5)</P
>escapeshellcmd -- escapa metacaracteres shell</DIV
><DIV
CLASS="refsect1"
><A
NAME="AEN184529"
></A
><H2
>Descrição</H2
>string <B
CLASS="methodname"
>escapeshellcmd</B
> ( string command )<BR
></BR
><P
> <B
CLASS="function"
>escapeshellcmd()</B
> escapa qualquer caractere em uma string
que possa ser utilizado para enganar um comando shell para executar
comandos arbritários. Esta função deve ser utilizada para ter certeza
que quaisquer dados vindos do usuário é escapado antes que
estes dados sejam passados para as funções <A
HREF="function.exec.html"
><B
CLASS="function"
>exec()</B
></A
> ou
<A
HREF="function.system.html"
><B
CLASS="function"
>system()</B
></A
>, ou para <A
HREF="language.operators.execution.html"
>backtick
operator</A
>.
</P
><P
> Os seguintes caracteres são precedidos por uma barra invertida:
<TT
CLASS="literal"
>#&;`|*?~<>^()[]{}$\</TT
>, <TT
CLASS="literal"
>\x0A</TT
>
e <TT
CLASS="literal"
>\xFF</TT
>. <TT
CLASS="literal"
>'</TT
> e <TT
CLASS="literal"
>"</TT
>
são escapados apenas se não estiverem em pares. No windows, todos estes caracteres
mais <TT
CLASS="literal"
>%</TT
> são ao invés substituidos por um espaço.
</P
></DIV
><DIV
CLASS="refsect1"
><A
NAME="AEN184549"
></A
><H2
>Parâmetros</H2
><P
> <P
></P
><DIV
CLASS="variablelist"
><DL
><DT
><CODE
CLASS="parameter"
>command</CODE
></DT
><DD
><P
> O comando que será escapado.
</P
></DD
></DL
></DIV
>
</P
></DIV
><DIV
CLASS="refsect1"
><A
NAME="AEN184558"
></A
><H2
>Valores de retornado</H2
><P
> A string escapada.
</P
></DIV
><DIV
CLASS="refsect1"
><A
NAME="AEN184561"
></A
><H2
>Exemplos</H2
><P
> <TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
CLASS="EXAMPLE"
><TR
><TD
><DIV
CLASS="example"
><A
NAME="AEN184564"
></A
><P
><B
>Exemplo 1. Exemplo <B
CLASS="function"
>escapeshellcmd()</B
></B
></P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
CELLPADDING="5"
><TR
><TD
><code><font color="#000000">
<font color="#0000BB"><?php<br />$e </font><font color="#007700">= </font><font color="#0000BB">escapeshellcmd</font><font color="#007700">(</font><font color="#0000BB">$userinput</font><font color="#007700">);<br /><br /></font><font color="#FF8000">// Aqui não nos preocupamos se $e tem espaços<br /></font><font color="#0000BB">system</font><font color="#007700">(</font><font color="#DD0000">"echo $e"</font><font color="#007700">);<br /></font><font color="#0000BB">$f </font><font color="#007700">= </font><font color="#0000BB">escapeshellcmd</font><font color="#007700">(</font><font color="#0000BB">$filename</font><font color="#007700">);<br /><br /></font><font color="#FF8000">// aqui sim<br /></font><font color="#0000BB">system</font><font color="#007700">(</font><font color="#DD0000">"touch </font><font color="#007700">\"</font><font color="#DD0000">/tmp/$f</font><font color="#007700">\"</font><font color="#DD0000">; ls -l </font><font color="#007700">\"</font><font color="#DD0000">/tmp/$f</font><font color="#007700">\"</font><font color="#DD0000">"</font><font color="#007700">);<br /></font><font color="#0000BB">?></font>
</font>
</code></TD
></TR
></TABLE
></DIV
></TD
></TR
></TABLE
>
</P
></DIV
><DIV
CLASS="refsect1"
><A
NAME="AEN184568"
></A
><H2
>Veja também</H2
><P
> <P
></P
><TABLE
BORDER="0"
><TBODY
><TR
><TD
><A
HREF="function.escapeshellarg.html"
><B
CLASS="function"
>escapeshellarg()</B
></A
></TD
></TR
><TR
><TD
><A
HREF="function.exec.html"
><B
CLASS="function"
>exec()</B
></A
></TD
></TR
><TR
><TD
><A
HREF="function.popen.html"
><B
CLASS="function"
>popen()</B
></A
></TD
></TR
><TR
><TD
><A
HREF="function.system.html"
><B
CLASS="function"
>system()</B
></A
></TD
></TR
><TR
><TD
><A
HREF="language.operators.execution.html"
>backtick operator</A
></TD
></TR
></TBODY
></TABLE
><P
></P
>
</P
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="function.escapeshellarg.html"
ACCESSKEY="P"
>Anterior</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Principal</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="function.exec.html"
ACCESSKEY="N"
>Próxima</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>escapeshellarg</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="ref.exec.html"
ACCESSKEY="U"
>Acima</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>exec</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
