What potential issues can arise when using passthru() in PHP to execute external commands?

One potential issue that can arise when using passthru() in PHP to execute external commands is the risk of command injection attacks if user input is not properly sanitized. To solve this issue, it is important to validate and sanitize any user input before passing it to passthru().

// Example of properly sanitizing user input before using passthru()
$user_input = $_GET['input'];

// Validate and sanitize user input
$sanitized_input = escapeshellarg($user_input);

// Execute the command with sanitized input
passthru("ls " . $sanitized_input);