As someone else mentioned. The difference is in the quoting. Single quotes don't interpret variables in the string. Double quotes do.prompt> perl $foo = "cheese"; $bar = "stuff/$foo.txt"; print "Bar is [$bar]\n"; ^D Bar is [stuff/cheese.txt]
As the same person mentioned, you need to be careful with the characters which follow the variable name (the .txt in the example above). If perl can tell that these aren't part of the variable name then all is well. If perl can't be sure where your variable name finishes then you need to write the variable as ${foo}.prompt> perl $foo = "cheese"; $bar = 'stuff/$foo.txt'; print "Bar is [$bar]\n"; ^D Bar is [stuff/$foo.txt]
And the real reason I added this bit:$bar = "stuff/$foo1234"; # Bad $bar = "stuff/${foo}1234"; # Good
BE VERY CAREFUL WRITING CGI SCRIPTS! DON'T USE DATA FROM USERS WITHOUT CHECKING/SANITISING IT!
Sorry for shouting, but bad things can happen. Please read the 'perlsec' page from the perl documentation before writing CGI scripts which might be accessed by anyone apart from yourself and close friends :-)
Read up on the taint option (-T) which you can put on the #! line of your script (even on Windows...:-)
What if the user entered a filename of "../../../../../etc/passwd" (not much in most setups, but you get the idea of one way in which a malicious user can attack an insecure script).
There are lots of perl modules and pieces of advice on how to write good CGI scripts. Don't be scared off practicing with CGI but please don't put publically visible scripts up without decent security checking unless you don't mind losing your data and possibly everyone else's on the same server as you.
Have a nice day ;-)
In reply to RE: string combinations
by jbert
in thread string combinations
by parsifal
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |