I've been working on a project for a few months which creates 'random' logos via c. Everything is working great, and the logos are looking sharp. What I'm worried about is argument injection. The arguments (company name , slogan) originate from an html form and are then passed into c via a php exec() call. I may be in the wrong forum here, as any special c sanitizing seems like it must be done with php before the exec() call. I have tried injecting things like ";rm *png" and the program just treats them as literals and displays a logo using the text. I can't find any good tutorials on this, and am also wondering if there is some blanket c function to sanitize argv[i] before doing anything with it. Although at execution time it seems that danger has already passed.
Ideas or links appreciated.