The "safe and clean" way to do that would be to interpolate the environment variables from an "allowed list" into the string yourself; the example below is a little limited in that it doesn't allow escaping $FOO variables (i.e. "\$FOO" is still interpolated). The unsafe way to do it would be to have the shell do the interpolation for you, which might still be an acceptable solution if and only if you completely trust the value stored in the database; this method allows you to use the full power of the shell (dangerous!).
$ENV{P2KTMP} = '/foo/bar'; my $consolidatedPath = '$P2KTMP/data'; my $unsafe = '$P2KTMP/data'; # Method 1 my @ALLOWED_VARS = qw/ P2KTMP FOO BAR /; my $VAR_RE = join '|', map {quotemeta} @ALLOWED_VARS; $consolidatedPath =~ s/\$($VAR_RE)\b/$ENV{$1}/g; # Method 2 chomp( $unsafe = `echo $unsafe` ); print "$consolidatedPath\n"; print "$unsafe\n"; __END__ /foo/bar/data /foo/bar/data
By the way, you should probably use make_path from File::Path instead of system("mkdir ...")
In reply to Re: Reading environment variables in perl
by Anonymous Monk
in thread Reading environment variables in perl
by raja567
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |