<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <HTML ><HEAD ><TITLE >escapeshellcmd</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK REL="HOME" TITLE="PHP 手册" HREF="index.html"><LINK REL="UP" TITLE="Program Execution Functions" HREF="ref.exec.html"><LINK REL="PREVIOUS" TITLE="escapeshellarg" HREF="function.escapeshellarg.html"><LINK REL="NEXT" TITLE="exec" HREF="function.exec.html"><META HTTP-EQUIV="Content-type" CONTENT="text/html; charset=UTF-8"></HEAD ><BODY CLASS="refentry" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" >PHP 手册</TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="function.escapeshellarg.html" ACCESSKEY="P" >上一页</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" ></TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="function.exec.html" ACCESSKEY="N" >下一页</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><H1 ><A NAME="function.escapeshellcmd" ></A >escapeshellcmd</H1 ><DIV CLASS="refnamediv" ><A NAME="AEN188808" ></A ><P > (PHP 3, PHP 4, PHP 5)</P >escapeshellcmd -- Escape shell metacharacters</DIV ><DIV CLASS="refsect1" ><A NAME="AEN188811" ></A ><H2 >说明</H2 >string <B CLASS="methodname" >escapeshellcmd</B > ( string command )<BR ></BR ><P > <B CLASS="function" >escapeshellcmd()</B > escapes any characters in a string that might be used to trick a shell command into executing arbitrary commands. This function should be used to make sure that any data coming from user input is escaped before this data is passed to the <A HREF="function.exec.html" ><B CLASS="function" >exec()</B ></A > or <A HREF="function.system.html" ><B CLASS="function" >system()</B ></A > functions, or to the <A HREF="language.operators.execution.html" >backtick operator</A >. </P ><P > Following characters are preceded by a backslash: <TT CLASS="literal" >#&;`|*?~<>^()[]{}$\</TT >, <TT CLASS="literal" >\x0A</TT > and <TT CLASS="literal" >\xFF</TT >. <TT CLASS="literal" >'</TT > and <TT CLASS="literal" >"</TT > are escaped only if they are not paired. In Windows, all these characters plus <TT CLASS="literal" >%</TT > are replaced by a space instead. </P ></DIV ><DIV CLASS="refsect1" ><A NAME="AEN188831" ></A ><H2 >参数</H2 ><P > <P ></P ><DIV CLASS="variablelist" ><DL ><DT ><CODE CLASS="parameter" >command</CODE ></DT ><DD ><P > The command that will be escaped. </P ></DD ></DL ></DIV > </P ></DIV ><DIV CLASS="refsect1" ><A NAME="AEN188840" ></A ><H2 >返回值</H2 ><P > The escaped string. </P ></DIV ><DIV CLASS="refsect1" ><A NAME="AEN188843" ></A ><H2 >范例</H2 ><P > <TABLE WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" CLASS="EXAMPLE" ><TR ><TD ><DIV CLASS="example" ><A NAME="AEN188846" ></A ><P ><B >例 1. <B CLASS="function" >escapeshellcmd()</B > example</B ></P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" CELLPADDING="5" ><TR ><TD ><code><font color="#000000"> <font color="#0000BB"><?php<br />$e </font><font color="#007700">= </font><font color="#0000BB">escapeshellcmd</font><font color="#007700">(</font><font color="#0000BB">$userinput</font><font color="#007700">);<br /> <br /></font><font color="#FF8000">// here we don't care if $e has spaces<br /></font><font color="#0000BB">system</font><font color="#007700">(</font><font color="#DD0000">"echo $e"</font><font color="#007700">);<br /></font><font color="#0000BB">$f </font><font color="#007700">= </font><font color="#0000BB">escapeshellcmd</font><font color="#007700">(</font><font color="#0000BB">$filename</font><font color="#007700">);<br /> <br /></font><font color="#FF8000">// and here we do, so we use quotes<br /></font><font color="#0000BB">system</font><font color="#007700">(</font><font color="#DD0000">"touch </font><font color="#007700">\"</font><font color="#DD0000">/tmp/$f</font><font color="#007700">\"</font><font color="#DD0000">; ls -l </font><font color="#007700">\"</font><font color="#DD0000">/tmp/$f</font><font color="#007700">\"</font><font color="#DD0000">"</font><font color="#007700">);<br /></font><font color="#0000BB">?></font> </font> </code></TD ></TR ></TABLE ></DIV ></TD ></TR ></TABLE > </P ></DIV ><DIV CLASS="refsect1" ><A NAME="AEN188850" ></A ><H2 >参见</H2 ><P > <P ></P ><TABLE BORDER="0" ><TBODY ><TR ><TD ><A HREF="function.escapeshellarg.html" ><B CLASS="function" >escapeshellarg()</B ></A ></TD ></TR ><TR ><TD ><A HREF="function.exec.html" ><B CLASS="function" >exec()</B ></A ></TD ></TR ><TR ><TD ><A HREF="function.popen.html" ><B CLASS="function" >popen()</B ></A ></TD ></TR ><TR ><TD ><A HREF="function.system.html" ><B CLASS="function" >system()</B ></A ></TD ></TR ><TR ><TD ><A HREF="language.operators.execution.html" >backtick operator</A ></TD ></TR ></TBODY ></TABLE ><P ></P > </P ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="function.escapeshellarg.html" ACCESSKEY="P" >上一页</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" ACCESSKEY="H" >起始页</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="function.exec.html" ACCESSKEY="N" >下一页</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >escapeshellarg</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="ref.exec.html" ACCESSKEY="U" >上一级</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >exec</TD ></TR ></TABLE ></DIV ></BODY ></HTML >