(stitcher.io)

201 points brentroose | 4 comments | 20 Nov 25 06:07 UTC | HN request time: 0s | source

1. habibur ◴[20 Nov 25 09:24 UTC] No.45990732[source]▶

    Backticks as an alias for shell_exec() are deprecated

Used that a lot in shell scripts. using php-cli.

like in `mkdir $dirname`;

replies(1): >>45991274 #

2. pabs3 ◴[20 Nov 25 10:45 UTC] No.45991274[source]▶

>>45990732 (TP) #

That is an anti-pattern, since it suffers from shell meta-character injection (and argument injection). Since PHP has mkdir, you should use that instead. And pcntl_exec() is the correct API for running processes.

replies(1): >>45992185 #

3. dgb23 ◴[20 Nov 25 13:09 UTC] No.45992185[source]▶

>>45991274 #

Typical users of this likely don't care the slightest about whether anyone considers it an anti-pattern, because you use those in order to write utility scripts. And those who care would use tooling to detect issues like that anyways.

replies(1): >>45992407 #

4. pabs3 ◴[20 Nov 25 13:37 UTC] No.45992407{3}[source]▶

>>45992185 #

Yeah, doing things wrong happens quite often. Especially for the meta-character injection issue. Personally I think language designers should deprecate and remove backticks and other shell-executing features from all languages.

↑

PHP 8.5