28.17. Avoid Using exec, Backticks, and system If Possible
A common mistake that many PHP programmers make is overusing external processes for tasks that can be performed using PHP's built-in native functions. For instance, exec("/bin/ls –a $dirname", $files), which uses the external /bin/ls program, can be replaced by code in Listing 28.11.
Listing 28.11. Avoiding executing an external process
<?php
$dir = opendir($dirname);
while($entry = readdir($dir))
{
$files[] = $entry;
}
?>
|
Even though it's a few more lines of code, Listing 28.11 is much faster and is also much less prone to security hazards. The exec version requires you to make sure that dirname contains no malicious switches or code that may end up doing something other than you ...
Get Core PHP Programming, Third Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
