Derick wrote:
> As far as I can see does shell_arg only escape the ' and shell_cmd the
> following characters: #&;`'\"|*?~<>^()[]{}$\\\x0A\xFF so I think
> _shell_cmd would be the best choice.

    This is probably a nit-picking point that I should not have
    wasted your time with. :) Here was my reasoning for recommending
    _shell_arg over _shell_cmd: 

    _shell_cmd escapes a range of characters to render them safe
    to use as part of a shell argument. It uses the strategy of
    escaping meta-characters and control operators with a
    leading backslash so that they are interpreted as literal

    _shell_arg single quotes a string, and converts any existing 
    single quotes (') in the value are to '\''. This sequence 
    temporarily ends the single-quoted string, inserts a literal 
    single quote, and then resumes the string.

    Shells don't interpret *anything* inside of a single quoted
    string, making this a very safe strategy (IMUO)

    However, given that no one cognizant of these matters has
    made the same recommendation, you are probably quite safe
    in your original choice! :)


PHP Development Mailing List <>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to