Re: Exec'ing a regex stored in a scalar variable

Applying eval to a string is a great way to expose yourself to code injection attacks. Maybe you need to tell us more about the "somewhere else" your regex comes from. What types of regexes are you expecting?

Comment on Re: Exec'ing a regex stored in a scalar variable Download Code

Replies are listed 'Best First'.
Re^2: Exec'ing a regex stored in a scalar variable by brycen (Monk) on Mar 14, 2005 at 04:48 UTC
There's no injection problem here. This is just a small utility to convert an Excel spreadsheet into an SQL database. There is a hash to define the mapping, and another to apply any hacks needed to the data: my %column_match = ( 'SP_CITYNAME' => 'pod_city', 'SP_STATE' => 'pod_state', 'SP_POSTALCODE' => 'pod_zip', 'SP_LANDMARKNAME' => 'pod_short_name', ); my %column_regex = ( 'SP_CITYNAME' => 's/\s*$//g', 'SP_LANDMARKNAME' => 's/^Landmark - //', ); Though I now realize this is hardly flexible enough. What if someone wanted to hack the data with "`join(' ',map{ucfirst(lc($_))}split(/\s/,$_[0]));`"?	[reply] [d/l]

Replies are listed 'Best First'.

Re^2: Exec'ing a regex stored in a scalar variable
by brycen (Monk) on Mar 14, 2005 at 04:48 UTC

my %column_match = (
    'SP_CITYNAME'           => 'pod_city',
    'SP_STATE'              => 'pod_state',
    'SP_POSTALCODE'         => 'pod_zip',
    'SP_LANDMARKNAME'       => 'pod_short_name',
);
my %column_regex = (
    'SP_CITYNAME'       => 's/\s*$//g',
    'SP_LANDMARKNAME'   => 's/^Landmark - //',
);

join(' ',map{ucfirst(lc($_))}split(/\s/,$_[0]));

[reply]
[d/l]