I guess it all comes down to whether your goal in calling system is to provide shell-like capacities, or simply to execute foreign code. I stand by my statement that there are very few instances where the multiple-argument form is a hinderance: it is only a hinderance where you need to interact with the shell directly.
Perhaps your direct experience with system is largely in that category; mine, however, is not -- most times, I see calls to system that are simply execution of foreign code, and require no shell capabilities in the first place.
As for the response to the shell escaping/quoting, it's technically correct if pedantic. The point is, one bypasses the issue when using the multi-arg form -- how isn't entirely important, sorry if the over-simplification confused or annoyed anyone.
Because there are clearly times when the single-argument forms are appropriate, I would not (as I have said before) suggest that this be a high-severity warning. However, it would be a good thing to tickle at a lower severity, from the point of view of "are you sure you know what you're doing, here?"
We've both made our points, and I certainly respect your point of view. I think we'll just have to agree to
disagree on this one.
A collection of thoughts and links from the minds of geeks
The Code that can be seen is not the true Code
I haven't found a problem yet that can't be solved by a well-placed trebuchet