$bad_format = 'html <a>';
$also_bad_format = escapeshellarg($bad_format);
$ok_format = escapeshellcmd($bad_format);
// redirection error
system("/usr/local/bin/formatter-$bad_format");
// no such program
system("/usr/local/bin/formatter-$also_bad_format");
// runs program with correct argument
system("/usr/local/bin/formatter-$ok_format");