Hello,
Sorry to bother but...
I have a script that I have to do an eval on code that someone else has put in a
database.
...
$code = "$row[1] $row[2] $row[3]"; # @row is from a database query
eval $code;
if($@) Print "sorry -$@-";
...
It works great except there is one variable that the script uses that I don't want
them to be able to use/modify.
for instance
if $code were to contain :
print $user;
that would be ok and actually encouraged for the purpose of this script but I can't
have them going
but if $code were to contain :
print $password;
that would be bad
so I try to do this :
if($code =~ m/\$password/) { print "NO way pal \n"; } # ie if $code contains the
string '$password' then don't do it!
else {
eval $code;
.....
It seems that since $code = "$row.. uses double quotes it seems that it is puting the
value of $password there instead of the actual string '$password'
I've also tried doing
$code .= $row[1];
$code .= $row[2];
etc..
and also just searching for 'password' instead of with the dollar sign
Is their any way to get that if statement to see $code as 'print $user;print
$password;' instead of 'print joemama;print MyPassWORD;'
Any ideas would be much appreciated.
Dan
