Escaping shell commands?


We all now that we shouldn’t build our own SQL statements and use Stored Procedures instead.
But what should I use to build Shell commands? Not escaping them is potentially a lot worse than not escaping SQL statements.

How do you guys do it?!

use FolderItem.ShellPath in shell

or for example

dim cmd as string cmd = "ls '/my folder/my subfolder'" shell.execute (cmd)

Remember - “” is translated to a single instance double quote to the shell:

theShell.Execute "ls -l ""/Library/Application Support"""

Will properly enclose the path with the space. Or, if you know it’s a path, you could use ReplaceAllB:

theShell.execute "ls -l " + ReplaceAllB("/Library/Application Support", " ", "\\ ")

Did you really name your son “Robert; rm -r”?