Still this wouldn't prevent a visitor from passing something like :
../../../../bin/cat /etc/passwd bvr. >>if (action=="cgi") echo `./cgi-bin/cgiscripts/${scripts} 2&>1`; > >If you still want to use that method have a look at these two functions >which can be used to make user input "safe" for use on a command line: > >http://www.php.net/manual/en/function.escapeshellarg.php >http://www.php.net/manual/en/function.escapeshellcmd.php > >Simon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php