On Tue, Apr 22, 2008 at 04:52:42PM -0300, Facundo Batista wrote: > > I think that force me to write a tuple or a list just in case I'd need > to write a string that uses simple and double quotes, or backslashes, > because it's "ugly", don't worth it.
Or spaces, or user input, or any special shell characters. Basically, if you give a list or tuple of arguments, you can fork and exec. It's really simple, and it does what you expect. If you specify a string, then either Bash or something else has to parse the input and separate it into arguments. If any user input is involved, there will almost certainly be security problems. If not, it will frequently break anyway. As Guido pointed out, you can specify shell=True to get this latter behavior. But if you do this, you often sacrifice correctness and/or security. It's not a good habit. -- Andrew McNabb http://www.mcnabbs.org/andrew/ PGP Fingerprint: 8A17 B57C 6879 1863 DE55 8012 AB4D 6098 8826 6868
pgpChILn9JDUO.pgp
Description: PGP signature
_______________________________________________ Python-3000 mailing list Python-3000@python.org http://mail.python.org/mailman/listinfo/python-3000 Unsubscribe: http://mail.python.org/mailman/options/python-3000/archive%40mail-archive.com
