At 9:33 AM +0100 10/23/97, Philippe de Rochambeau wrote: >I have read in various Perl books that eval should be used in CGI >scripts because they are unsafe. Eval's not unsafe for common CGI stuff. It's unsafe if you get code from *outside* your own safe environment and try to eval it. In other words... if you get a string from *somewhere* and eval it it... you have no idea what the outside source is having you eval. However since you're using known options, I don't see anything too dangerous in your example. You might want to simply double check that your $opHeight is one of your valid ops (<,>,=) and double check $myheight and $height are numbers so your eval doesn't error. >I have also read that Safe.pm can help >alleviate this problem. However, documentation on Safe.pm is scarce in >books, on the Net, and elsewhere, and detailled examples almost non >existent. I use Safe.pm extensively in my product. For your example, I think Safe would be overkill. mark PowerPerl(tm), mailto:info@powerperl.com http://www.powerperl.com A product of Tyrell Software Corp. http://www.tyrell.com ***** Want to unsubscribe from this list? ***** Send mail with body "unsubscribe" to mac-perl-request@iis.ee.ethz.ch