Use escapeshellarg() on the query string passed to shell_exec(), to make sure its treated safely as a single argument.
Use `escapeshellarg()` on the query string passed to `shell_exec()`, …
…to make sure its treated safely as a single argument.
Good call, but doesn't escapeshellarg add the single-quotes? So you should get rid of those when you add it.
You're correct. Fixed.