web application – Attempting remote code execution, why does this php webshell code fail with single quotes?

In working on a vulnerable box, I found a field in a database table where one can insert php code. Based on this exploit:


I tried to use this code to make a php webshell:

?php $cmd=$_GET(‘cmd’);system($cmd);?

It fails (results in the white screen of death). However, if I change the single quotes around cmd to double quotes, it works, as here:

?php $cmd=$_GET(“cmd”);system($cmd);?

Every source I looked at for code for a webshell had single quotes around cmd, no matter which variation it was, and none of them mentioned the possibility of it needing double quotes. Here’s an example of a page that outlines how to do it:


Does anyone know why it only works with the double quotes?
Why do all of the other examples I found show single quotes with no mention of the possibility of needing double quotes?