Took me a while to realize this was NOT the command I wanted for escaping potentially harmful characters in a string that would be used as part of a system command. Instead, I needed either escapeshellarg() (http://www.php.net/manual/en/function.escapeshellarg.php) or escapeshellcmd() (http://www.php.net/manual/en/function.escapeshellcmd.php)