bvr wrote: >Please note that plain this: > >>or >><? >>if (action=="cgi") echo `./cgi-bin/cgiscripts/${scripts} 2&>1`; >>?> >> >is not a good idea, because it allows a visitor to run arbitrary >commands on your server. > >bvr. > If you still want to use that method have a look at these two functions which can be used to make user input "safe" for use on a command line:
http://www.php.net/manual/en/function.escapeshellarg.php http://www.php.net/manual/en/function.escapeshellcmd.php Simon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php