<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <HTML ><HEAD ><TITLE >escapeshellcmd</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK REL="HOME" TITLE="Manual do PHP" HREF="index.html"><LINK REL="UP" TITLE="Programas, Funções de Execução" HREF="ref.exec.html"><LINK REL="PREVIOUS" TITLE="escapeshellarg" HREF="function.escapeshellarg.html"><LINK REL="NEXT" TITLE="exec" HREF="function.exec.html"><META HTTP-EQUIV="Content-type" CONTENT="text/html; charset=UTF-8"></HEAD ><BODY CLASS="refentry" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" >Manual do PHP</TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="function.escapeshellarg.html" ACCESSKEY="P" >Anterior</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" ></TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="function.exec.html" ACCESSKEY="N" >Próxima</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><H1 ><A NAME="function.escapeshellcmd" ></A >escapeshellcmd</H1 ><DIV CLASS="refnamediv" ><A NAME="AEN184526" ></A ><P > (PHP 3, PHP 4, PHP 5)</P >escapeshellcmd -- escapa metacaracteres shell</DIV ><DIV CLASS="refsect1" ><A NAME="AEN184529" ></A ><H2 >Descrição</H2 >string <B CLASS="methodname" >escapeshellcmd</B > ( string command )<BR ></BR ><P > <B CLASS="function" >escapeshellcmd()</B > escapa qualquer caractere em uma string que possa ser utilizado para enganar um comando shell para executar comandos arbritários. Esta função deve ser utilizada para ter certeza que quaisquer dados vindos do usuário é escapado antes que estes dados sejam passados para as funções <A HREF="function.exec.html" ><B CLASS="function" >exec()</B ></A > ou <A HREF="function.system.html" ><B CLASS="function" >system()</B ></A >, ou para <A HREF="language.operators.execution.html" >backtick operator</A >. </P ><P > Os seguintes caracteres são precedidos por uma barra invertida: <TT CLASS="literal" >#&;`|*?~<>^()[]{}$\</TT >, <TT CLASS="literal" >\x0A</TT > e <TT CLASS="literal" >\xFF</TT >. <TT CLASS="literal" >'</TT > e <TT CLASS="literal" >"</TT > são escapados apenas se não estiverem em pares. No windows, todos estes caracteres mais <TT CLASS="literal" >%</TT > são ao invés substituidos por um espaço. </P ></DIV ><DIV CLASS="refsect1" ><A NAME="AEN184549" ></A ><H2 >Parâmetros</H2 ><P > <P ></P ><DIV CLASS="variablelist" ><DL ><DT ><CODE CLASS="parameter" >command</CODE ></DT ><DD ><P > O comando que será escapado. </P ></DD ></DL ></DIV > </P ></DIV ><DIV CLASS="refsect1" ><A NAME="AEN184558" ></A ><H2 >Valores de retornado</H2 ><P > A string escapada. </P ></DIV ><DIV CLASS="refsect1" ><A NAME="AEN184561" ></A ><H2 >Exemplos</H2 ><P > <TABLE WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" CLASS="EXAMPLE" ><TR ><TD ><DIV CLASS="example" ><A NAME="AEN184564" ></A ><P ><B >Exemplo 1. Exemplo <B CLASS="function" >escapeshellcmd()</B ></B ></P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" CELLPADDING="5" ><TR ><TD ><code><font color="#000000"> <font color="#0000BB"><?php<br />$e </font><font color="#007700">= </font><font color="#0000BB">escapeshellcmd</font><font color="#007700">(</font><font color="#0000BB">$userinput</font><font color="#007700">);<br /><br /></font><font color="#FF8000">// Aqui não nos preocupamos se $e tem espaços<br /></font><font color="#0000BB">system</font><font color="#007700">(</font><font color="#DD0000">"echo $e"</font><font color="#007700">);<br /></font><font color="#0000BB">$f </font><font color="#007700">= </font><font color="#0000BB">escapeshellcmd</font><font color="#007700">(</font><font color="#0000BB">$filename</font><font color="#007700">);<br /><br /></font><font color="#FF8000">// aqui sim<br /></font><font color="#0000BB">system</font><font color="#007700">(</font><font color="#DD0000">"touch </font><font color="#007700">\"</font><font color="#DD0000">/tmp/$f</font><font color="#007700">\"</font><font color="#DD0000">; ls -l </font><font color="#007700">\"</font><font color="#DD0000">/tmp/$f</font><font color="#007700">\"</font><font color="#DD0000">"</font><font color="#007700">);<br /></font><font color="#0000BB">?></font> </font> </code></TD ></TR ></TABLE ></DIV ></TD ></TR ></TABLE > </P ></DIV ><DIV CLASS="refsect1" ><A NAME="AEN184568" ></A ><H2 >Veja também</H2 ><P > <P ></P ><TABLE BORDER="0" ><TBODY ><TR ><TD ><A HREF="function.escapeshellarg.html" ><B CLASS="function" >escapeshellarg()</B ></A ></TD ></TR ><TR ><TD ><A HREF="function.exec.html" ><B CLASS="function" >exec()</B ></A ></TD ></TR ><TR ><TD ><A HREF="function.popen.html" ><B CLASS="function" >popen()</B ></A ></TD ></TR ><TR ><TD ><A HREF="function.system.html" ><B CLASS="function" >system()</B ></A ></TD ></TR ><TR ><TD ><A HREF="language.operators.execution.html" >backtick operator</A ></TD ></TR ></TBODY ></TABLE ><P ></P > </P ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="function.escapeshellarg.html" ACCESSKEY="P" >Anterior</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" ACCESSKEY="H" >Principal</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="function.exec.html" ACCESSKEY="N" >Próxima</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >escapeshellarg</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="ref.exec.html" ACCESSKEY="U" >Acima</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >exec</TD ></TR ></TABLE ></DIV ></BODY ></HTML >