lisaw has asked for the wisdom of the Perl Monks concerning the following question:

Hi Guys, I have a question that I have been working on for a couple of days...Say I have the following: 
 $body = $FORM{'txtContent'};

[download]
And the 'txtContent' contains variable values...say for example "$name", or <NAME>. Here's an example of the txtContent: 
Hello $name, how are you today

[download]
What would I need to do in order to get my script to recognize the embedded values in the $body value? Thanks! Lis

Replies are listed 'Best First'.
Re: Inserting a Value
by Ovid (Cardinal) on Apr 17, 2003 at 18:38 UTC

    If possible, you want to interpolate those values before putting them in %FORM. However, if that's not possible, you want eval. Warning:: this is a very, very dangerous technique. Handled incorrectly, you could easily cause a lot of damage to your system.

    If you tell us how you are populating %FORM, we can probably help plug some of those security holes. I'm assuming you're getting the data from an HTML form. If so, read through my CGI course for some good security information (see link below).

    Cheers,
    Ovid

    New address of my CGI Course.
    Silence is Evil (feel free to copy and distribute widely - note copyright text)

[reply]
      Hi Ovid, thank you for your reply. The value for $name is already set. I'm just trying to figure out how to get the script to recognize and insert the preset $name value within the $body content.
[reply]
        Sounds like you want a templating system.

        Check out these modules. All 3 are excellent.:

      • Template Toolkit.
      • HTML::Template
      • HTML::Mason

        How you would use Template Toolkit:
        Create a template 'my_template.tmpl': 

        <html>
...
    <body>
      Hello [% name %], how are you today
    </body>
</html>

        [download]

        Your perl code:

        #!/usr/bin/perl -w
use strict;
use Template;
my $file = 'my_template.tmpl';
my $vars = {
       name  => "Schmidy"
    };
my $template = Template->new();
$template->process($file, $vars)
    || die "Template process failed: ", $template->error(), "\n";

        [download]

        You get to seperate your presentation from your code. No more digging through html in your perl code.

        grep
        Mynd you, mønk bites Kan be pretti nasti...

[reply]
[d/l]
[select]
Re: Inserting a Value
by arturo (Vicar) on Apr 17, 2003 at 19:01 UTC

    I can't emphasize Ovid's advice enough. Assume your input is *EVIL*, produced by those with the blackest of hearts, bent on your destruction for no reason other than that they can do it. That said, your script had better be running under -T (known as "Taint Mode", read perlsec). More to the present practical matters, see the old classic How can I expand variables in text strings?, this question has been asked often enough to be a FAQ.

    If not P, what? Q maybe?
    "Sidney Morgenbesser"

[reply]
Re: Inserting a Value
by Octavian (Monk) on Apr 17, 2003 at 18:45 UTC
    If I am reading it correctly, this sounds similar to a problem I had in the past, basically you have a variable that may contain other variables, and you want to display the value of the variable within the variable? (if that makes sense)

    If that is what you mean, check out out the problem I had and the solution that was given to me, it helped alot: resolving variable names within variable names
[reply]

Back to Seekers of Perl Wisdom