Re: injection

new topic     » goto parent     » topic index » view thread      » older message » newer message
  • Posted by CChris Jul 13, 2008
  • 714 views
Shawn Pringle said...

system( ... , int )

Instead of passing a string with system() a better function should take what would be formated like the return value of command_line().

shell_execute( { "/bin/rm", file_name } ) illistrative use only

There are all kinds of problems using system( "rm file_name", 0 ). Imagine if the user installs the program under Program Files and this call is for deleting for an uninstall. The system answers as it cannot find the file c:\Programs.

Shawn 

system( "rm \"file_name\"", 0 )

Not good? CChris

btw I have cookies enabled, but still asked for my name.

new topic     » goto parent     » topic index » view thread      » older message » newer message

Search



Quick Links

User menu

Not signed in.

Misc Menu