[GLLUG] c++ help sanitizing

Mike msg at msu.edu
Fri Sep 19 15:49:27 EDT 2008

I think the system() function is a standard C (ISO 89, 99) function that 
always uses the shell, (cmd.exe, bash, <whatever's system dependant>).

I'd think it'd be better to use CreateProcess() or something, that 
doesn't use the shell at all.

Don't use WinExec().  It's only for 16-bit apps, so it's kinda deprecated.

I may be wrong, but... how about sanitizing each argument that goes into 
the command?  If a path has a space in it, it usually needs to be quoted 
to be an argument--that may apply to the EXE to run too.  If a path 
doesn't point to a valid file or directory, that's a problem.  If it's 
on Windows, maybe backslashes are needed.  On Linux... forward slashes.

Clay Dowling wrote:
> Sean O'Malley wrote:
>> This is probably offtopic but..
>> Is there a library in c++ that will sanitize a string for use with an
>> system()/exec() call to the windows command prompt so it can be passed as
>> a string without being interpreted by the command shell thing. Im not
>> wishing to reinvent the wheel with this.
> system() is a troublesome function and will probably cause you trouble.
>  Try instead some things from the exec() family of functions, which
> recognize discrete parameters.  Or WinExec, since you look like you're
> on that platform.
> Clay
> _______________________________________________
> linux-user mailing list
> linux-user at egr.msu.edu
> http://mailman.egr.msu.edu/mailman/listinfo/linux-user

More information about the linux-user mailing list