Posted by Pedro Graca on 01/20/06 17:17

Chung Leong wrote:
> There is bc under Unix. Although inserting user-supplied data into a
> shell command might be even more dangerous.

There's also bc for Windows:
http://gnuwin32.sourceforge.net/packages/bc.htm

And I agree that passing user data to a shell command is dangerous.
but maybe this is enough protection:

$formula = 'user data';
if preg_match('/^[-+*/^()\s0-9]+$/', $formula) {
/* do shell command with properly escaped data */
} else {
/* bad entry */
}

--
If you're posting through Google read <http://cfaj.freeshell.org/google>

[Back to original message]