diff --git a/ajax/executecommand.php b/ajax/executecommand.php
index 8dda39e..7a15663 100644
--- a/ajax/executecommand.php
+++ b/ajax/executecommand.php
@@ -22,9 +22,9 @@
     # clean the command
     $fullcommand = $env_vars . $command . " ../" . $image . " ../" . $newimage;
     
-    system($fullcommand);
+    system(escapeshellarg($fullcommand));
     
     #return 2 images to update visualization and show paths
     #echo $ext . " " . $realpath;
     echo $image . " " . $newimage;
-    ?>
\ No newline at end of file
+    ?>