The following takes a string and checks all files on the server (./*) to see if said string exists in any files, then outputs the data to > grep_results.txt:
$command = 'grep -ri "any string goes here" ./* > grep_results.txt';
shell_exec($command);
Anyway, if possible I would like to pass it a variable submitted by the following html form:
<form id='searchform' action='/GREP.php' method='post'>
<div class='form-group'>
<input type='text' name='SearchString' placeholder='Search string...'>
<input type='submit' name='submit' value='Find' class='button'>
</div>
</form>
I started off doing this:
$string = $_POST['SearchString'];
echo $string;
And, of course, any string submitted is echoed back.
The place where I'm stuck is, I tried this out and it didn't work:
$string = $_POST['SearchString'];
$command = 'grep -ri "'.$string.'" ./* > grep_results.txt';
shell_exec($command);
How do I pass $string to $command?
UPDATE:
To Michael Berkowski (in comments), thank you, escapeshellarg did the trick.
The working code is now:
$string = $_POST['SearchString'];
$searchstring = escapeshellarg($string);
$command = 'grep -ri "'.$searchstring.'" ./* > grep_results.txt';
shell_exec($command);