Title: escapeshellcmd on Windows
Last modified: August 24, 2016

---

# escapeshellcmd on Windows

 *  Resolved [Gregory Karpinsky (@tivnet)](https://wordpress.org/support/users/tivnet/)
 * (@tivnet)
 * [11 years ago](https://wordpress.org/support/topic/escapeshellcmd-on-windows/)
 * Hi,
 * `escapeshellcmd` converts `$backup['command']` into a caret-escaped (^) string,
   and then the `.bat` file fails to find `mysqldump`.
 * I had to remove the escaping to let the plugin work.
 * Thanks, Lester
 * [https://wordpress.org/plugins/wp-dbmanager/](https://wordpress.org/plugins/wp-dbmanager/)

Viewing 11 replies - 1 through 11 (of 11 total)

 *  Plugin Author [Lester Chan](https://wordpress.org/support/users/gamerz/)
 * (@gamerz)
 * [11 years ago](https://wordpress.org/support/topic/escapeshellcmd-on-windows/#post-6098072)
 * Thanks for the tip, I can’t remove that because it that prevents a security hole
   for Linux.
 *  Thread Starter [Gregory Karpinsky (@tivnet)](https://wordpress.org/support/users/tivnet/)
 * (@tivnet)
 * [11 years ago](https://wordpress.org/support/topic/escapeshellcmd-on-windows/#post-6098092)
 * OK, here is the reason:
 * If the path looks like this (with spaces):
 * `C:/Program Files/MySQL/MySQL Server 5.6/bin/mysqldump.exe`
 * then `$backup['mysqldumppath']` already has double quotes around it
 * `"C:/Program Files/MySQL/MySQL Server 5.6/bin/mysqldump.exe"`
 * You add `$brace` without checking that the quotes already there, so it becomes
 * `""C:/Program Files/MySQL/MySQL Server 5.6/bin/mysqldump.exe""`
 * and then, after the `escapeshellcmd`, it looks like:
 * `"^"C:/Program Files/MySQL/MySQL Server 5.6/bin/mysqldump.exe^""`
 * So, I guess, the fix could lie in checking for double-bracing.
 *  Plugin Author [Lester Chan](https://wordpress.org/support/users/gamerz/)
 * (@gamerz)
 * [11 years ago](https://wordpress.org/support/topic/escapeshellcmd-on-windows/#post-6098124)
 * Hmm your `$backup['mysqldumppath']` has double quotes itself in the settings 
   page?
 *  Thread Starter [Gregory Karpinsky (@tivnet)](https://wordpress.org/support/users/tivnet/)
 * (@tivnet)
 * [11 years ago](https://wordpress.org/support/topic/escapeshellcmd-on-windows/#post-6098159)
 * Here is the field content:
 *     ```
       a:16:{s:13:"mysqldumppath";s:57:"C:/Program Files/MySQL/MySQL Server 5.6/bin/mysqldump.exe";s:9:"mysqlpath";s:53:"C:/Program Files/MySQL/MySQL Server 5.6/bin/mysql.exe";
       ...
       ```
   
 *  Thread Starter [Gregory Karpinsky (@tivnet)](https://wordpress.org/support/users/tivnet/)
 * (@tivnet)
 * [11 years ago](https://wordpress.org/support/topic/escapeshellcmd-on-windows/#post-6098162)
 * OK, I believe what I wrote before was confusing. Forget it.
 * All is very simple:
 * escapeshellcmd(‘”notepad”‘)
 * returns “^”notepad^””
 * (Windows 8.1, PHP 5.5)
 * So, the real question is why need to $brace ?
 *  Plugin Author [Lester Chan](https://wordpress.org/support/users/gamerz/)
 * (@gamerz)
 * [11 years ago](https://wordpress.org/support/topic/escapeshellcmd-on-windows/#post-6098176)
 * I agree!
 * If you replace [https://github.com/lesterchan/wp-dbmanager/blob/master/database-backup.php#L27](https://github.com/lesterchan/wp-dbmanager/blob/master/database-backup.php#L27)
   with $brace = ”, does it work?
 * I need to be sure first before I remove it since I don’t have access to a windows
   computer
 *  Thread Starter [Gregory Karpinsky (@tivnet)](https://wordpress.org/support/users/tivnet/)
 * (@tivnet)
 * [11 years ago](https://wordpress.org/support/topic/escapeshellcmd-on-windows/#post-6098207)
 * No Lester, braces are needed because of the spaces in the “Program Files”… path.
   Not sure, by the way, why you do not need them in UNIX.
    You can create `mkdir"
   a b c"` folder. Then try php -r “echo escapeshellcmd(‘a b c/mysql’);” – it will
   keep the spaces.
 * So, I believe, the `$brace` is OK, but not before escaping. After. This way:
 *     ```
       $backup['command'] = $brace . escapeshellcmd( $backup['mysqldumppath'] ) . $brace . ' --force --host=' . escapeshellarg( $backup['host'] ) . ' --user=' . escapeshellarg( DB_USER ) . ' --password=' . escapeshellarg( DB_PASSWORD ) . $backup['port'] . $backup['sock'] . $backup['charset'] . ' --add-drop-table --skip-lock-tables ' . DB_NAME . ' > ' . $brace . escapeshellcmd( $backup['filepath'] ) . $brace;
       ```
   
 *  Plugin Author [Lester Chan](https://wordpress.org/support/users/gamerz/)
 * (@gamerz)
 * [11 years ago](https://wordpress.org/support/topic/escapeshellcmd-on-windows/#post-6098235)
 * Got it, thanks for your patience and the explanation, I will fix it.
 *  Plugin Author [Lester Chan](https://wordpress.org/support/users/gamerz/)
 * (@gamerz)
 * [11 years ago](https://wordpress.org/support/topic/escapeshellcmd-on-windows/#post-6098236)
 * I fixed it for the next version, could you let me know if it works? [https://github.com/lesterchan/wp-dbmanager/archive/master.zip](https://github.com/lesterchan/wp-dbmanager/archive/master.zip)
 *  Thread Starter [Gregory Karpinsky (@tivnet)](https://wordpress.org/support/users/tivnet/)
 * (@tivnet)
 * [11 years ago](https://wordpress.org/support/topic/escapeshellcmd-on-windows/#post-6098244)
 * Works OK on my Win machine, Lester.
 * Did you try placing `mysqldump` binary into a folder with spaces on Linux?
 *  Plugin Author [Lester Chan](https://wordpress.org/support/users/gamerz/)
 * (@gamerz)
 * [11 years ago](https://wordpress.org/support/topic/escapeshellcmd-on-windows/#post-6098249)
 * Nope not yet =) but without spaces works fine, I will try with spaces.

Viewing 11 replies - 1 through 11 (of 11 total)

The topic ‘escapeshellcmd on Windows’ is closed to new replies.

 * ![](https://ps.w.org/wp-dbmanager/assets/icon.svg?rev=977538)
 * [WP-DBManager](https://wordpress.org/plugins/wp-dbmanager/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wp-dbmanager/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wp-dbmanager/)
 * [Active Topics](https://wordpress.org/support/plugin/wp-dbmanager/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wp-dbmanager/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wp-dbmanager/reviews/)

## Tags

 * [caret](https://wordpress.org/support/topic-tag/caret/)
 * [windows](https://wordpress.org/support/topic-tag/windows/)

 * 11 replies
 * 2 participants
 * Last reply from: [Lester Chan](https://wordpress.org/support/users/gamerz/)
 * Last activity: [11 years ago](https://wordpress.org/support/topic/escapeshellcmd-on-windows/#post-6098249)
 * Status: resolved