GET variables with spaces - they work, but is it correct or ok?

Question

I have a PHP page where I\'m passing the city name via a \"city\" URL/GET variable. Currently, it\'s passing the actual city name even if it has spaces (eg .php?city=

Answer 1

This works fine without using encodeURI() or encodeURIComponent() for parameters with blank spaces from Javascript to Php or Python.

echo shell_exec("python test.py \"".$_POST['ytitle']."\" \"".$_POST['yurl']."\"");

Thanks for the note from https://stackoverflow.com/users/8712097/tom-aranda Here's the safer code.

system(escapeshellcmd("python GreaseMonkey_Php_Youtube_srt_generator.py ".$_POST['yurl']));