Mohamed CHAARI wrote:
> Hi all,
>
> I have to execute an external command, with an argument
> (filename or directory name) given by user input (via a
> form), ie something like this:
>
> exec('ls $_POST[...]')
>
> what do you think about using escapeshellarg() function in
> this case ?
> can I r
Hi all,
I have to execute an external command, with an argument (filename or
directory name) given by user input (via a form), ie something like this:
exec('ls $_POST[...]')
what do you think about using escapeshellarg() function in this case ?
can I rely on it to have a secure solution ? or
I'm finding that escapeshellarg() doesn't "protect" against malicious
strings
used against Windows' shell, cmd.exe. Is there a function in PHP for
escaping strings according to the Windows shell's rules?
For example, the command separator in cmd.exe is &&.
--
Jeff S.
--
PHP General Mailing L
3 matches
Mail list logo
