Do what I'd like to be able to do is:
my ($find,$replacewith,$case) = $dbh->selectrow_array($query);
$string =~ s/$find/$replace/gi if $case; $string =~ s/$find/$replace/g if !$case;
Since a user could put whatever they want in the database what should I do to make that work so its safe?
If there are no metacharacters, you can use \Q to quote $find:
my $ci = $case ? '(?i)' : ''; $str =~ s/$ci\Q$find\E/-/g;
Thanks for the idea! One problem is they could put anything in there, metacharacters, a regex exploiting string, anything.
So i need a way to make it safe to run the variable's in the regex without knowing beforehand what's in it.
Does that make sense? Somthing like this:
# $string, $find, $replace all my() and strictified earlier ;p
my $find_safe = make_var_regex_safe($find);
my $replace_safe = make_var_regex_safe($replace);
$string =~ s/$find_safe/$replace_safe/g;
# we won't worry about the case yet, although I do like that idea Randy :) thanks!
Randy.
-- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>
