in reply to
Re: Quotes In CGI
in thread Quotes In CGI
I'm sure that you realize that single-quotes aren't the only reason the above code is very, very bad. If, for example, someone were to figure out what you're doing, they could call your script like this:
This would eval (I think -- it's not tested), and do some potentially nasty things. I'm not devious enough to come up with something really nasty to do in a system call, but you get the idea...