Daniel Brown wrote: > On Tue, Mar 3, 2009 at 11:22, PJ <af.gourmet@xxxxxxxxxxxx> wrote: > >> Ok, but how does this relate to a command passed from a php Web page? >> I don't understand the processus. >> I use bash on my FreeBSD and have not needed a back quote yet that I can >> recall... and on WinXP? >> > > As in the email I just sent, remember to sanitize any commands > passed from the web (or anywhere, for that matter), but here are some > examples. > > <?php > > $name = "Dan"; > > echo "Hello, my name is $name."; // Output: Hello, my name is Dan. > echo 'Hello, my name is $name.'; // Output: Hello, my name is $name. > echo `Hello, my name is $name.`; // Will run "Hello, my name is > Dan." run as a shell command. > > $name = `whoami`; // Presume that your Linux web server is as user 'apache'. > > echo "Hello, my name is $name."; // Output: Hello, my name is apache."; > echo 'Hello, my name is $name.'; // Output: Hello, my name is $name. > ?> > > Single quotes means literal, double quotes means translatable, and > backticks means executable. > I'll try to digest all this today if not sooner... :-) As to the sanitize, that is on my list of todos; I am not doing it as, for the moment, I am only developing on my intranet server and do not fear much external threats... anyway, "inch Allah" :-) I appreciate the input and I take the chastizing with a ton of salt. -- Phil Jourdan --- pj@xxxxxxxxxxxxx http://www.ptahhotep.com http://www.chiccantine.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
