comment on

I thought using eval in that way, on a scalar to execute a command is a NO-NO for security and not best practice! cant you just use the qx or system call?

You must think about where the scalar came from, and how much you trust that source (taint checking can help you keep track of that, but you still have to think about it), but if you do trust it, it is fine.

You similarly have to think about it if you interpolate it (uselessly) into a string.

Even more so for qx or system.

In reply to Re^5: Executing a string as a Perl command by ctilmes
in thread Executing a string as a Perl command by tel2

Are you posting in the right place? Check out Where do I post X? to know for sure.
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
Want more info? How to link or How to display code and escape characters are good places to start.


Just another Perl shrine
	PerlMonks