Re: Execute a string which has math operation

Use eval:

#! perl
use strict;
use warnings;

my ($a, $b, $c) = (4, 2, '-');
my  $op = "$a $c $b";
print "$op = ", eval $op, "\n";
[download]

Output:

14:39 >perl 823_SoPW.pl
4 - 2 = 2

14:39 >
[download]

Hope that helps,

Comment on Re: Execute a string which has math operation Select or Download Code

Replies are listed 'Best First'.
Re^2: Execute a string which has math operation by bulk88 (Priest) on Jan 05, 2014 at 07:23 UTC
That should be sanitized somehow. IDK exactly how but that looks like perl injection/rooting.	[reply]
Re^3: Execute a string which has math operation by Preceptor (Deacon) on Jan 05, 2014 at 10:22 UTC
It is - using eval to execute user supplied 'stuff' is dangerous. However it's _most_ dangerous when the program runs as a privileged user (e.g. web server, database instance). If I write a script, and then 'break' it, then I don't elevate my privileges, so at best it's a cute trick, on a part with using perl to 'process' STDIN. A case in point If however, you do have potential privilege escalation, then it's very important to sanitise your inputs. Normally, you'd do this by 'whitelisting' certain characters (e.g. numbers + arithmetic operators) and removing anything that isn't. URI::Escape may be useful for that - if you do it right, a regular expression will do the trick, but I can't elaborate off the top of my head.	[reply]
Re^2: Execute a string which has math operation by irah (Pilgrim) on Jan 05, 2014 at 04:44 UTC
Thanks Athanasius I was tried to execute directly without string into the variable. Thank you so much.	[reply]