On Fri, Aug 28, 2009 at 07:06:52AM -0700, Arenstar wrote: > What effects can eval have? that i am unaware of. In fact ive never used > eval before, it just wasnt neccessary.. > Thank you for your interesting reply > > query="mysqldump -h $DBSource -u rxxxxx -pxxxx $DB $TABLE --where '$Field > > $(($IDstart-1)) and $Field < $(($IDend+1))' > ./tmp/$TABLE$Dumpname" > eval $query
imadev:~$ DB='MyRealDB $(date >/dev/tty)' imadev:~$ query="mysqldump -h $DBSource -u rxxxxx -pxxxx $DB $TABLE --where '$Field > $(($IDstart-1)) and $Field < $(($IDend+1))' > ./tmp/$TABLE$Dumpname" imadev:~$ eval $query Fri Aug 28 10:49:12 EDT 2009 bash: ./tmp/: Is a directory As you can see, it executed the "date" command that I placed in the DB variable. Now imagine I had put "rm -rf /" in there instead. Or not redirected it to /dev/tty so I could see it. Or .... Since eval causes the parser to read the command a second time AFTER parameters have already been expanded, it will potentially execute code contained in those parameters. This means you have to sanitize all your variables and other substitutions to make them "eval safe". This is where the headaches start. In addition to the eval discussion, your quoting is... potentially odd. You're executing all the substitutions (such as $IDend + 1) at the time you assign to the query variable, NOT at the time you eval $query. This may or may not be what you intended.
