System("Whatever")
I've heard everywhere that you shouldn't use
thanks
system("Insert Here"); For anything because it's OS dependant and is a big Security hole in your program. and appearantly AntiViruses dont like it. I know it's OS dependant but how is it a security problem? and why do antiVirus programs not like it? Please enlighten me LOL :)thanks
Last edited on
@ patryk: It took me a while to understand why this site is so against the system() function. I got answers from some of the best coders on this site like Albatross and Duoas but you've probably noticed that they are kind of flimsey and make arguments like "you should take responsibility for the end users security, if that system command you're calling is compromised you may have just executed a virus!" when in fact it's the end users responsibility to keep their own house clean.
Another reason is that system() returns little or no useful information to your program. This is mainly because the OS commands you're calling return little or no useful information when they exists, but system() isn't even CAPABLE of returning anything to your program without a piping the data in some round about way.
My favorite one is "Quit being lazy and just use the OS's API!". I'm a windows guy so let me tell you something about the API function ProcessExec(). You will spend a week learning the 10 manditory arguments you must pass to ProcessExec(), of which maybe 4 are useful for EVERY program you write, the random and aggrivating Windows data types that are mostly the void data type with a different name, and pulling your hair out because "that's a pointer if your doing blah blah blah; but it's a direct referance in the case of blah". Only to find out that ProcessExec() passes a char array\string to the Operating System only to return a boolean yes\no (sound familiar?) to your program and isn't anymore secure or noticably faster then the system() call. Don't get me started on the Palm OS API, I gave up on writing C\C++ for an entire year after trying to play with that one.
In the end the real reason I've divined is that this site has a culture of writing your own stuff from the ground up. It's a good thing and isn't as bad as you might think, it challenges you as a hobbiest or kicks you in the butt if you plan on going pro. What's even better is the ones here that encourage this mindset the most have seen just about every error that can come up and would be able to help you with it.
EDIT: I forgot to mention, and so do any of the documents listed, that the system() command is useless if your want to run parallel loops without forking the parent process.
Another reason is that system() returns little or no useful information to your program. This is mainly because the OS commands you're calling return little or no useful information when they exists, but system() isn't even CAPABLE of returning anything to your program without a piping the data in some round about way.
My favorite one is "Quit being lazy and just use the OS's API!". I'm a windows guy so let me tell you something about the API function ProcessExec(). You will spend a week learning the 10 manditory arguments you must pass to ProcessExec(), of which maybe 4 are useful for EVERY program you write, the random and aggrivating Windows data types that are mostly the void data type with a different name, and pulling your hair out because "that's a pointer if your doing blah blah blah; but it's a direct referance in the case of blah". Only to find out that ProcessExec() passes a char array\string to the Operating System only to return a boolean yes\no (sound familiar?) to your program and isn't anymore secure or noticably faster then the system() call. Don't get me started on the Palm OS API, I gave up on writing C\C++ for an entire year after trying to play with that one.
In the end the real reason I've divined is that this site has a culture of writing your own stuff from the ground up. It's a good thing and isn't as bad as you might think, it challenges you as a hobbiest or kicks you in the butt if you plan on going pro. What's even better is the ones here that encourage this mindset the most have seen just about every error that can come up and would be able to help you with it.
EDIT: I forgot to mention, and so do any of the documents listed, that the system() command is useless if your want to run parallel loops without forking the parent process.
Last edited on
The real question is not so much why it's evil, but why do you want to use it in the first place? The two most common answers I've seen are system("cls") and system("pause"). The latter is a subject that's already been discussed to death a thousand times over. The former is a perfect example of something that could be significantly improved if replaced with system calls.
As for system() vs. system functions such as CreateProcess() ("ProcessExec"? MSDN returns nothing), there's a world of difference. Among other things, nothing passes through the shell (at least not that I remember. I may be wrong though), it's possible to use Unicode strings, it's possible to inherit handles (try pulling this one off using system(): http://www.cplusplus.com/forum/lounge/17371/ ), it's possible to give the new process specific security parameters (run with lower privileges), and it's non-blocking.
Of course, with great power comes great complexity. You have to actually read the documentation to find out about any of this.
As a final note, for the past four years I've never, not once, had to use system() for something that couldn't be done better some other way. I've written a grand total of three calls to CreateProcess(), one of them being that link.
If the number of people who ask about system() is any indication, it would seem one out of two programming projects is a shell.
As for system() vs. system functions such as CreateProcess() ("ProcessExec"? MSDN returns nothing), there's a world of difference. Among other things, nothing passes through the shell (at least not that I remember. I may be wrong though), it's possible to use Unicode strings, it's possible to inherit handles (try pulling this one off using system(): http://www.cplusplus.com/forum/lounge/17371/ ), it's possible to give the new process specific security parameters (run with lower privileges), and it's non-blocking.
Of course, with great power comes great complexity. You have to actually read the documentation to find out about any of this.
As a final note, for the past four years I've never, not once, had to use system() for something that couldn't be done better some other way. I've written a grand total of three calls to CreateProcess(), one of them being that link.
If the number of people who ask about system() is any indication, it would seem one out of two programming projects is a shell.
Yeah ProcessExec() was my attempt to write a default function that filled in what I would normally use CreateProcess() for :p . I'm kind of embarassed about that one... Oh well there goes my credibility lol!
Last edited on
hi guys i am new to programming... dont even know what IDE you guys are using... i am using turbo c++ which is vey basic when seeing the IDE you guys are posting screen shots of. can you please help me out ... what should i install to start with programming in c++ and what should i start with. i wanted to make efficient use of my innovative n creative skills. I know its quite a lame question to ask but i really need help..... asap !!!
@ ajuneja: Start a new thread and ask, then include what your abilities are already and we can tell you where to start.
Topic archived. No new replies allowed.