How to escape special characters in PowerShell?

by

You’re using Invoke-Expression to call an external program:

  • There’s no reason to do that, and Invoke-Expression should generally be avoided: it causes quoting headaches (as in your case), but, more importantly, it can be a security risk and there are typically better solutions.

    • As an aside: Unfortunately, even with direct invocation there can be quoting challenges around empty-string arguments and arguments with embedded " chars. – see footnote [1] and this answer.

  • If you instead invoke the external program directly – as any shell, including PowerShell is designed to do – your problem will likely go away:[1]

& <path_to_exe> -install $user $password

Note: &, PowerShell’s call operator, is only needed if your executable’s path is quoted (e.g, "C:\Program Files\foo.exe") and/or is specified via a variable reference (e.g., $HOME\foo.exe); otherwise, you can invoke the executable as-is (e.g., to invoke cmd.exe, use something like
cmd /c 'echo hi').

Separately, if you do ever find yourself needing to escape any of the characters in a set of characters, use -replace with a character class, [...]:

Note: This is not necessary for passing arguments, neither to external programs, as shown above, nor to PowerShell commands; however, due to PowerShell’s broken handling of " characters embedded in argument values passed to external programs, you may have to escape " characters (only), as \"[1].

PS> 'a*b\c~d;e(f%g?h.i:j@k/l' -replace '[*\\~;(%?.:@/]', '`$&'
a`*b`\c`~d`;e`(f`%g`?h`.i`:j`@k`/l  # all chars. inside [...] were `-escaped

Note: Since \ has special meaning even inside a character class, it had to be escaped as \\ – all other chars. are used as-is.

For more information about the -replace operator, see this answer.

[1] There is one character that still causes problems: embedded ". For historical reasons, PowerShell does not properly pass embedded " correctly to external programs, and annoyingly requires manual \-escaping – see this GitHub issue for details.
Applied to your solution:& <path_to_exe> -install $user ($password -replace '"', '\"')

More Related Contents:

  1. Powershell: passing json string to curl
  2. For PowerShell cmdlets, can I always pass a script block to a string parameter?
  3. How to run an EXE file in PowerShell with parameters with spaces and quotes
  4. Escaping the and (&) sign in Powershell
  5. How to create windows installer [closed]
  6. Why do PowerShell comparison operators not enumerate collections of size 1?
  7. Split a string with spaces on a new line in PowerShell
  8. How to sort by file name the same way Windows Explorer does?
  9. Function return value in PowerShell
  10. Read file line by line in PowerShell
  11. how do I loop through a line from a csv file in powershell
  12. Access PSObject property indirectly with variable
  13. How to remove all quotations mark in the csv file using powershell script?
  14. Is there a way to set a variable up to place output to stdout or null?
  15. Executing an EXE file using a PowerShell script
  16. Set-Content appends a newline (line break, CRLF) at the end of my file
  17. Progress during large file copy (Copy-Item & Write-Progress?)
  18. How do I execute a PowerShell script automatically using Windows task scheduler?
  19. How to export data to CSV in PowerShell?
  20. Waiting for user input with a timeout
  21. Echo equivalent in PowerShell for script testing
  22. Why is an empty PowerShell pipeline not the same as null?
  23. PowerShell script to check the status of a URL
  24. Out-FINcodedCommand.ps1 is not recognized – executing a script in the current directory
  25. ConvertTo-JSON an array with a single item
  26. Copy file with square brackets [ ] in the filename and use * wildcard
  27. Check if a file exists or not in Windows PowerShell?
  28. Variable scoping in PowerShell
  29. Read a Csv file with powershell and capture corresponding data
  30. PS Script is exporting an empty CSVs

Leave a Comment