It's dangerous because shell interpretation can change the behavior of your program in surprising ways. Command line programs work with positional parameters, and when you subject your command text to shell interpretation you have to very careful in the way you write the command to preserve those positional parameters.
For instance, this looks like it will invoke cmd with three arguments:
system("/bin/sh", "-c", "cmd $one $two $three");
Of course, what really will happen depends on what the strings $one, $two and $three contain.
That's why I like to avoid invoking a shell either explicitly or implicitly when calling external programs.
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.
|