http://qs1969.pair.com?node_id=11143006


in reply to Can I have a Perl script, initiated from a browser, fork itself, and not wait for the child to end?

I know this is an older thread but I saw that on StackOverflow, two days after this question, you posted "How can I have one perl script call another and get the return results?" involving the use of system, and you got a response from the venerable brian_d_foy. With all due respect to him, I do have to say that I disagree with the suggestion of system("$^X /var/www/cgi-bin/importOrig.pl filename=$filename"), especially from a CGI script. I wrote a longer node about the security issues (!!!) that the use of system with a single argument string has, and how to avoid them, here: Calling External Commands More Safely.

At the very least, you should use the multi-argument form system($^X,'/var/www/cgi-bin/importOrig.pl',"filename=$filename") - but even better would be a module like in this case IPC::System::Simple, as its systemx function guarantees to never invoke the shell, and its error handling is much better.