Perl interpolates variables in double quoted strings safely.
Everything in the variable is considered to be a literal.
So
my $a = q#${system('rm -rf /')}#;
print "The command in \$a is $a\n";
will print out:
The command in $a is ${system('rm -rf /')}
and not even attempt to remove my files. Likewise this
my $b = "The command in \$a is $a\n";
sets $b to the string we printed out. Printing $b does
exactly the same as the above. The only way this
is going to come and cause us grief is if we eval $a - as
you've suggested.
Perhaps the author is mistaken or you've misunderstood the
reference, can you post the paragraph or two? I've checked
the book errata and it's not mentioned anywhere there, but it's
a pretty big mistake if you haven't misunderstood it.
Even authors make mistakes. :)
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.
|