What if $var1 contains something like this: my $var1 = "\\'; cat /etc/passwd";? I'm unsure why you'd want to use sed rather than perl to write some data to a file.

Well, it depends on the context - for *known* data input, I would rather use existing tools than re-invent the wheel.

In the example you gave, surely some sort of user input sanitisation goes on first?

Nick

"for *known* data input, I would rather use existing tools than re-invent the wheel.

As touched on in Passing a regex from a CGI HTML form security is an issue. Here you replied to someone who is obviously struggling with the basics and provided them a foot gun... 'I use this on a couple of my CGI scripts', mentioning nothing about sanitizing the data. Since you're already using perl I see no reason why you don't just write to a file from your script rather than shelling out, running sed with no error checking. Rather than reinvent the wheel this is like taking a unicycle along with you when riding your bike. Sure you could do it, but what's the point? Seems unnecessarily messy.

I just use sed ...

Yeah, lots of people use perl as a replacement for bash/csh ... nothing wrong with that

But even in 1994 even amateur bash programmers acknowledged the crazy insecurity of writing cgi programs in bash ...

using sed from perl or bash or any programming language, to print out some CGI data into a file , its about as silly as programming can get

but as actual advice to someone else, its mean and it stinks

P.S. ummm, for some reason the code tags fail here...

The code tags are working fine just like these code tags but single-line mostly don't end up in download code