Still this wouldn't prevent a visitor from passing something like :
../../../../bin/cat /etc/passwd
bvr.
>>if (action=="cgi") echo `./cgi-bin/cgiscripts/${scripts} 2&>1`;
>
>If you still want to use that method have a look at these two functions
>which can be used to make user input "safe" for use on a command line:
>
>http://www.php.net/manual/en/function.escapeshellarg.php
>http://www.php.net/manual/en/function.escapeshellcmd.php
>
>Simon
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
