Announcement

Collapse
No announcement yet.

VB Speech Marks Exception

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    VB Speech Marks Exception

    Hi guys,

    I'm quickly throwing togther a test app using vb. I'm trying to send a string to the command line using this code

    Code:
            Dim cmd As String
        cmd = ("C:\mplayer\mplayer.exe" + txtString.Text)
        Shell(cmd, AppWinStyle.NormalFocus)
    The only problem is that the txtString input box sometimes will need to send speech marks to the command line (")

    for example txtString.Text could equal "D:\a new movie.avi"

    Any idea on how i overcome this?

    cheers
    Tags: None
  • #2
    It isn't exactly clear what you want. So it will sometimes include punctuation, and...?

    By the way, that seems like a security hole waiting to happen. Doesn't VB provide a manner to execute a command and provide the arguments to the command separately?

    Comment

    • #3
      There are a couple easy ways to accomplish this... you could google something like "VB, escape quotes" or "VB, double quotes" for more details, but here are your options..

      Use the always handy Chr$ to add the character to your string line:
      Code:
              Dim cmd As String
        cmd = ("C:\mplayer\mplayer.exe " & [COLOR="Blue"]Chr$(34)[/COLOR] & txtString.Text & [COLOR="blue"]Chr$(34)[/COLOR] )
        Shell(cmd, AppWinStyle.NormalFocus)
      Use doublequotes:
      Code:
              Dim cmd As String
        cmd = ("C:\mplayer\mplayer.exe [COLOR="Blue"]""[/COLOR]" & txtString.Text & "[COLOR="blue"]""[/COLOR]")
        Shell(cmd, AppWinStyle.NormalFocus)
      Either should generate:
      > C:\mplayer\mplayer.exe "your text here"

      As Voltage Spike mentioned though, you'll need to be doing some ninjitsu validation operations on what people enter into that string, as it is a classic case for input attack. Consider this, let's say I write a little VB thing like this:

      Code:
      Shell(("c:\md5sum.exe " & chr$(34) & someinput.Text & chr$(34)), AppWinStyle.NormalFocus)
      What happens if someone enters something like "| echo test or "&& echo test into your input field? :) Redundant to say that you might end up with more than just an md5 sum of the entry.
      if it gets me nowhere, I'll go there proud; and I'm gonna go there free.

      Comment

      • #4
        cheers converge,

        was a great help. dont worry, this is jump a very quick app used as a throw away prototype to test some parts of a system. I'm not at all worried about security or validation/verification of data entry at this time.

        Cheers

        Comment

        Previous template Next
        Working...
        X