thx. I agree to suggestion. just fyi the expanded string is pushed to run in a specialized shell which does not recongnize unix commands. i am still trying to do it in a simple, safe and (i dont mind lengthy) method. thx.
From: Shlomi Fish <[email protected]> To: Uri Guttman <[email protected]> Cc: Rajeev Prasad <[email protected]>; Perl Beginners <[email protected]> Sent: Friday, August 19, 2011 2:59 AM Subject: Re: why si this code not working (variable substitution) Hi, On Wed, 17 Aug 2011 16:15:18 -0400 "Uri Guttman" <[email protected]> wrote: > >>>>> "RP" == Rajeev Prasad <[email protected]> writes: > > RP> foreach $line (@arr1){ > RP> foreach (@arr2) { > RP> chomp($_); > RP> @arr3 = split(/ /,$_); > RP> $mystringvar = eval "qq{$line}"; <--------------this > RP> suggestion came from web search. > > and it is a very bad idea. string eval is very dangerous and shouldn't > be used for simple things like that. you can do the same thing with a > hash and an s/// operation and be safe. string eval can execute any code > that is in your data which could cause havoc in your program so don't do > it unless you know exactly what is going on. you were given other > working solutions so use those instead of string eval. > I agree with Uri here. Please don't use string eval here. If someone puts in $line something like: }.system("rm", "-fr", $ENV{HOME}).{ Then you'll lose your home directory. Regards, Shlomi Fish > uri > -- ----------------------------------------------------------------- Shlomi Fish http://www.shlomifish.org/ Best Introductory Programming Language - http://shlom.in/intro-lang We have nothing to fear but fear itself. Fear has nothing to fear but XSLT. Please reply to list if it's a mailing list post - http://shlom.in/reply . -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] http://learn.perl.org/
