Now I remember - don't use winexec.
See:
http://windowssdk.msdn.microsoft.com/en-us/library/ms687393.aspxSecurity Remarks
The executable name is treated as the first white space-delimited string in lpCmdLine. If the executable or path name has a space in it, there is a risk that a different executable could be run because of the way the function parses spaces. The following example is dangerous because the function will attempt to run "Program.exe", if it exists, instead of "MyApp.exe".
Copy CodeWinExec("C:\\Program Files\\MyApp", ...)
If a malicious user were to create an application called "Program.exe" on a system, any program that incorrectly calls WinExec using the Program Files directory will run this application instead of the intended application.
To avoid this problem, use CreateProcess rather than WinExec. However, if you must use WinExec for legacy reasons, make sure the application name is enclosed in quotation marks as shown in the example below.
>Tracy,
>This is great! Thanks so much! By the way, is there some reason why you choose
>to use create process vs other methods such as WinExec.
>On
http://www.news2news.com/vfp/?group=58&function=2, they write:
>
>"The WinExec function runs the specified application. Note This function
>is provided only for compatibility with 16-bit Windows.
>Win32-based applications should use the CreateProcess function"
>
>So it looks like CreateProcess is a newer improved something?
>
>Steve
>
>m1 = "c:\program files\newbie\newbie.exe"
>m2 = " /login admin /password asdfasdf"
>m2b = " /exec ie"
>m3 = " /script c:\d\bull\americanbulls.nbl"
>m4 = " /autoclose true"
>m5 = " /hidescripts true"
>m6 = (m1) + (m2) + m3 + m4 + m5
>myCommand = m6
>
>*m.lcApp = 'NotePad.Exe'
>m.lcApp = myCommand
>*m.lcCmdLine = ' myfile.txt '
>*lcdir = 'c:\windows\'
>lcdir = 'c:\d\bull\'
>
>DO DECLPROCS
>#DEFINE INFINITE 0xFFFFFFFF
>LOCAL lcStartupInfo, lcProcInfo, hProcess, ;
> lnPrio, lnIBelieve1
>lnIBelieve1 = 1
>lnPrio = 32
>lcStartupInfo = CHR(68) + REPLI(CHR(0), 67)
>lcProcInfo = REPLI(CHR(0), 16)
>
>IF CreateProcess(0, m.lcApp+" "+CHR(0), 0,0,;
> m.lnIBelieve1, m.lnPrio,;
> 0, 0, @lcStartupInfo, @lcProcInfo) <> 0
> hProcess = buf2dword(SUBSTR(lcProcInfo, 1,4))
> hThread = buf2dword(SUBSTR(lcProcInfo, 5,4))
> = WaitForSingleObject(hProcess, INFINITE)
> = CloseHandle(hThread)
> = CloseHandle(hProcess)
>ELSE
> RETURN .F.
>ENDIF
>WAIT WINDOW "Press Anykey to return to VFP."
>RETURN
>
>PROCEDURE DECLPROCS
>DECLARE INTEGER CreateProcess IN kernel32;
> INTEGER lpAppName, STRING lpCmdLine, INTEGER lpProcAttr,;
> INTEGER lpThrAttr, INTEGER bInhHandles, INTEGER dwCrFlags,;
> INTEGER lpEnvir, INTEGER lpCurDir, ;
> STRING @lpStInfo, STRING @lpProcInfo
>DECLARE INTEGER GetLastError IN kernel32
>DECLARE INTEGER CloseHandle IN kernel32 INTEGER hObject
>DECLARE INTEGER WaitForSingleObject IN kernel32;
> INTEGER hHandle, INTEGER dwMilliseconds
>RETURN
>
>FUNCTION buf2dword(lcBuffer)
>RETURN ASC(SUBSTR(lcBuffer, 1,1)) + ;
> ASC(SUBSTR(lcBuffer, 2,1)) * 256 +;
> ASC(SUBSTR(lcBuffer, 3,1)) * 65536 +;
> ASC(SUBSTR(lcBuffer, 4,1)) * 16777216
>RETURN
>
.·*´¨)
.·`TCH
(..·*
010000110101001101101000011000010111001001110000010011110111001001000010011101010111001101110100
"When the debate is lost, slander becomes the tool of the loser." - Socrates
Vita contingit, Vive cum eo. (Life Happens, Live With it.)
"Life is not measured by the number of breaths we take, but by the moments that take our breath away." -- author unknown
"De omnibus dubitandum"
