Unlike some other popen functions, this implementation will never
implicitly call a system shell. This means that all characters,
including shell metacharacters, can safely be passed to child
processes. If the shell is invoked explicitly, via shell=True, it is
the application’s responsibility to ensure that all whitespace and
metacharacters are quoted appropriately to avoid shell injection
vulnerabilities.
When using shell=True, the shlex.quote() function can be used to
properly escape whitespace and shell metacharacters in strings that
are going to be used to construct shell commands.
args is required for all calls and should be a string, or a sequence
of program arguments. Providing a sequence of arguments is generally
preferred, as it allows the module to take care of any required
escaping and quoting of arguments (e.g. to permit spaces in file
names). If passing a single string, either shell must be True (see
below) or else the string must simply name the program to be executed
without specifying any arguments.
从the python subprocess page
是否需要使用shell取决于如何调用它。从the subprocess popen info:
因此,如果您可以使用元素列表调用子流程,而不是构建字符串,那么在python中这样做比在shell脚本中更容易,这应该不是问题。你知道吗
抱歉,这些链接是不同版本的python,看起来更清楚,但他们说了类似的事情,所以请检查您的python版本的正确的一个。你知道吗
相关问题 更多 >
编程相关推荐