bvr wrote:
>Please note that plain this:
>
>>or
>><?
>>if (action=="cgi") echo `./cgi-bin/cgiscripts/${scripts} 2&>1`;
>>?>
>>
>is not a good idea, because it allows a visitor to run arbitrary
>commands on your server.
>
>bvr.
>
If you still want to use that method have a look at these two functions
which can be used to make user input "safe" for use on a command line:
http://www.php.net/manual/en/function.escapeshellarg.php
http://www.php.net/manual/en/function.escapeshellcmd.php
Simon
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
