I’m working on a php script, where I want to delete some files from a given folder using wildcard (*).
I’ve found some working examples like this one, where unlink() and glob() function are used.
Now, i was wondering, would it also be ok to delete the files using the exec function and a command like rm -f /path/to/folder/_prefix_* ?
Are there any security risks taken using this?
And if it is ok, would it be better in terms of performance?
EDIT:
So, from the first answers i can see that indeed, using exec could be an acceptable solution.
What about performance issues? Is there any chance the exec option could be better (faster/less demanding) over the glob/unlink technique?
Thank you in advance
Because there is no chance for user-supplied data to be injected, there is no security issue in using exec over glob/unlink. However, using glob/unlink allows you to define exceptions:
foreach(glob("delete/*") as $f) {
if( $f == "delete/notme.txt") continue;
unlink($f);
}
And exec is often disabled on shared servers so glob/unlink is more portable. If you have a dedicated setup and don’t intend on giving it up, you don’t need to worry about that.
Answer:
Both options could be fine. However, if you not control your own server or are on shared hosting, the exec command could not be available.
To be on the save side, use glob and unlink.
