On Sat, Mar 31, 2012 at 1:37 AM, rene7705 <rene7705@xxxxxxxxx> wrote: > escapeshellcmd() seems simplest. It might be if all you care about are shell meta characters, and admittedly it will save you from someone entering "& rm -rf / &" in your input field. But dealing with generic user input, even escaped, can still be problematic. Say you want to let the user set the size of the output file, and the user enters a bunch of letters instead of a geometry. Do you really want to have to deal with all the possible ramifications of such GIGO stuff? Better to vet the data, untaint it, and deal with it that way. When you've gone to all that, you're almost all the way to where you need to be to use the library functions. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
