In the documentation for proc_open
, the text says
As of PHP 7.4.0, cmd may be passed as array of command parameters. In this case the process will be opened directly (without going through a shell) and PHP will take care of any necessary argument escaping.
I can't see any reason to do any processing other than converting a associative array into a number-based list and right-trimming strings to remove NUL characters.
What "escaping" does the documentation mean? Is such "escaping" platform-specific?