<?php
$bad_arg = '-al; rm -rf /';
$ok_arg = escapeshellarg($bad_arg);

// list all files, then delete everything!
system("ls $bad_arg");

// is there a file called "-al; rm -rf /"?
system("ls $ok_arg");
?>