Posted by Pedro Graca on 01/20/06 17:17

Chung Leong wrote:
> There is bc under Unix. Although inserting user-supplied data into a
> shell command might be even more dangerous.

There's also bc for Windows:
http://gnuwin32.sourceforge.net/packages/bc.htm

And I agree that passing user data to a shell command is dangerous.
but maybe this is enough protection:

$formula = 'user data';
if preg_match('/^[-+*/^()\s0-9]+$/', $formula) {
/* do shell command with properly escaped data */
} else {
/* bad entry */
}

--
If you're posting through Google read <http://cfaj.freeshell.org/google>

• Next in forum: Re: To cange the last modidied date of a file
• Prev in forum: Re: To cange the last modidied date of a file
• Thread view: Re: eval() is insecure, but what are the alternatives?

[Reply to this message]