| Module Info
| Add a review of String-ShellQuote
I admit it. Ever since I know about escapeshellarg() and escapeshellcmd() in PHP, I've been reimplementing this function in Perl literally a million of times (mostly because of laziness and because it only takes a couple of lines in Perl). Only a few months ago after the millionth time I said enough is enough and started to look around in CPAN, and found this module.
The only problem for this module is lack of visibility. Before I've never read articles or blog posts mentioning this module, ever. Yes, we have system() that can bypass the shell, but qx() can't. So yes, this module needs to be marketed more!
Beginning Perl programmers may be tempted to do somethings like `ls $dir` or `ls "$dir"` or `ls '$dir'`. However, they all pose security risks because one can put shell characters inside. While system (@args) and open, "|-"/"-|", @args provide a partial solution to the problem, you still sometimes need the shell for help.
The String-ShellQuote module provides a good way to escape arguments for inclusion in shell commands for safety and robustness. It has a simple and clean interface and its use is highly recommended.
Simple module, just works. Use it when you have a lot of arguments to pass to system(). Works on every os I have tried.