thx. I agree to suggestion.
just fyi the expanded string is pushed to run in a specialized shell which does
not recongnize unix commands.
i am still trying to do it in a simple, safe and (i dont mind lengthy) method.
thx.
From: Shlomi Fish <shlo...@shlomifish.org>
To: Uri Guttman <u...@stemsystems.com>
Cc: Rajeev Prasad <rp.ne...@yahoo.com>; Perl Beginners <beginners@perl.org>
Sent: Friday, August 19, 2011 2:59 AM
Subject: Re: why si this code not working (variable substitution)
Hi,
On Wed, 17 Aug 2011 16:15:18 -0400
"Uri Guttman" <u...@stemsystems.com> wrote:
> >>>>> "RP" == Rajeev Prasad <rp.ne...@yahoo.com> writes:
>
> RP> foreach $line (@arr1){
> RP> foreach (@arr2) {
> RP> chomp($_);
> RP> @arr3 = split(/ /,$_);
> RP> $mystringvar = eval "qq{$line}"; <--------------this
> RP> suggestion came from web search.
>
> and it is a very bad idea. string eval is very dangerous and shouldn't
> be used for simple things like that. you can do the same thing with a
> hash and an s/// operation and be safe. string eval can execute any code
> that is in your data which could cause havoc in your program so don't do
> it unless you know exactly what is going on. you were given other
> working solutions so use those instead of string eval.
>
I agree with Uri here. Please don't use string eval here. If someone puts in
$line something like:
}.system("rm", "-fr", $ENV{HOME}).{
Then you'll lose your home directory.
Regards,
Shlomi Fish
> uri
>
--
-----------------------------------------------------------------
Shlomi Fish http://www.shlomifish.org/
Best Introductory Programming Language - http://shlom.in/intro-lang
We have nothing to fear but fear itself. Fear has nothing to fear but XSLT.
Please reply to list if it's a mailing list post - http://shlom.in/reply .
--
To unsubscribe, e-mail: beginners-unsubscr...@perl.org
For additional commands, e-mail: beginners-h...@perl.org
http://learn.perl.org/
