Will you please comment on the disadvantages of this method?
It depends on where your input is coming from and what
it contains, but in the general case, wherein the
input *might* contain shell metacharacters and *might*
potentially even be constructed with malice, the
shell *might* give complete control of your system
(or, at least, as much control as is available to the
user the code is running as) to whoever constructed
the input. More likely, however, a shell metacharacter
will get included randomly by someone who is not aware
of the implications and cause apparently random
example, you'll put an ampersand in the input one time
without thinking, and Weird Stuff(TM) will happen,
and you'll have to track down the problem and figure
out that the ampersand needs to be escaped, and so on.
This is bad: your program is not robust, and input
that's a little different from what was anticipated
causes it to unexpectedly fail.
It's also something of a portability nightmare, since
different shells have different metacharacters
that behave in different ways. This can create
all kinds of zany debugging fun.