in reply to Re: Using a scalar as an array name
in thread Using a scalar as an array name

Warning: doing what the previous reply says is really insecure and should not be used!

There is only one thing I can say about that: it is bad, even worse then not using 'use strict'

What will happen is that it will evaluate $varname as perl-code(!), not just as a string.

And Since $varname is really coming from a cgi script, meaning user input, it allows anyone to run commands! secure? I don't think so.

What do you think happens when $varname = qq(system("echo running the echo command");); for example ?

Replies are listed 'Best First'.
Re^3: Using a scalar as an array name
by rvosa (Curate) on May 15, 2005 at 23:05 UTC
    Okay, you are all right. I'm using a hash. See - I've learned. Happens every time I come here. :)

    Thank you all.
[reply]

In Section Seekers of Perl Wisdom