Use of XECUTE

The XECUTE command can be used to execute arbitrary commands from, for instance, string inputs:

    xecute "do ..something()"

However, this has both security and performance implications:

• Security: the command to be executed may be a user input; if validation is not performed thoroughly, malicious code may be executed.
• Performance: the string input needs to be constructed (if not a single string literal but a concatenation of strings, for instnace) and evaluated.

For these reasons, you should avoid using XECUTE and use a proper set of commands instead.