in reply to How do you get s/// to look inside variables in the replacement string?

Another way is a string eval: 
$s="abc";
$m="(a)(.)";
$r=qw/$2$1/;

print "eval: \$s =~ s/$m/$r/";
eval "\$s=~s/$m/$r/";

print "\nresult: $s\n";

[download]
Handy rule of thumb for getting the escapes and interpolations right in string evals: if the string prints out looking like the expression that you want to execute, then you've got it right.

As for security concerns, it's a question of who the users are... I don't mind doing this sort of thing in a command-line shell program, because the users already have the ability to do all sorts of damage with other shell commands, and the reason they have login shell access is that they are trusted to avoid doing damage. (They'll make mistakes, but usually that just means the eval will fail with some sort of error message.)

In a web service, of course, you need to be very careful, and should avoid string evals based on user input altogether.

  • Comment on Re: How do you get s/// to look inside variables in the replacement string?
  • Download Code

In Section Seekers of Perl Wisdom