Hello
We all now that we shouldn’t build our own SQL statements and use Stored Procedures instead.
But what should I use to build Shell commands? Not escaping them is potentially a lot worse than not escaping SQL statements.
How do you guys do it?!
use FolderItem.ShellPath in shell
or for example
dim cmd as string
cmd = "ls '/my folder/my subfolder'"
shell.execute (cmd)
Remember - “” is translated to a single instance double quote to the shell:
theShell.Execute "ls -l ""/Library/Application Support"""Will properly enclose the path with the space. Or, if you know it’s a path, you could use ReplaceAllB:
theShell.execute "ls -l " + ReplaceAllB("/Library/Application Support", " ", "\\ ")Did you really name your son “Robert; rm -r”?