I’m working on a php script, where I want to delete some files from a given folder using wildcard (*).
I’ve found some working examples like this one, where unlink()
and glob()
function are used.
Now, i was wondering, would it also be ok to delete the files using the exec
function and a command like rm -f /path/to/folder/_prefix_*
?
Are there any security risks taken using this?
And if it is ok, would it be better in terms of performance?
EDIT:
So, from the first answers i can see that indeed, using exec
could be an acceptable solution.
What about performance issues? Is there any chance the exec
option could be better (faster/less demanding) over the glob/unlink
technique?
Thank you in advance
Because there is no chance for user-supplied data to be injected, there is no security issue in using exec
over glob/unlink
. However, using glob/unlink
allows you to define exceptions:
foreach(glob("delete/*") as $f) {
if( $f == "delete/notme.txt") continue;
unlink($f);
}
And exec
is often disabled on shared servers so glob/unlink
is more portable. If you have a dedicated setup and don’t intend on giving it up, you don’t need to worry about that.
Answer:
Both options could be fine. However, if you not control your own server or are on shared hosting, the exec command could not be available.
To be on the save side, use glob and unlink.