Derick wrote:
> As far as I can see does shell_arg only escape the ' and shell_cmd the
> following characters: #&;`'\"|*?~<>^()[]{}$\\\x0A\xFF so I think
> _shell_cmd would be the best choice.
This is probably a nit-picking point that I should not have
wasted your time with. :) Here was my reasoning for recommending
_shell_arg over _shell_cmd:
_shell_cmd escapes a range of characters to render them safe
to use as part of a shell argument. It uses the strategy of
escaping meta-characters and control operators with a
leading backslash so that they are interpreted as literal
values.
_shell_arg single quotes a string, and converts any existing
single quotes (') in the value are to '\''. This sequence
temporarily ends the single-quoted string, inserts a literal
single quote, and then resumes the string.
Shells don't interpret *anything* inside of a single quoted
string, making this a very safe strategy (IMUO)
However, given that no one cognizant of these matters has
made the same recommendation, you are probably quite safe
in your original choice! :)
--zak
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
