At 6:36 PM +0200 10/24/97, Matthias Ulrich Neeracher wrote: >"Mark F. Murphy" <markm@powerperl.com> writes: >>For eval purposes, something like: >> >>eval "qq/$var1/ eq qq/$var2/"; >> >>Will do a string compare with $var1 and $var2 being expanded with no fear >>of the strings being interpretted as code. > >Sorry, unless I misunderstand you, I have to disagree: $var1 could have been >set to something like > >xy/,SOMETHINGEVIL,qq/za > >And when interpolated and evaled, anything could happen. A similar effect can >be obtained when $var contains: > >@{[somethingevil]} Oops... at second glance there's a better solution. For the know vars that have a known op comparison like 'eq', there's not much reason to eval them if trying to do a string comparison. So: $test = $var1 eq $var2; Should work just fine. What's needed is to build the eval string for the op... and still use the variables. Since eval uses the my vars from the enclosed block, using the vars in the eval is the way to go. Here's an example: ########################## my $test; print "\nPlease enter for test Var1 Op Var2\n\n"; print "Var1: "; my $var1 = &get_choice; print "Var2: "; my $var2 = &get_choice; print "Op: "; my $op = &get_choice; $test = eval ('$var1' . $op . '$var2') if ($op =~ /^[<>]|==$/); print "\n$var1 $op $var2 is " . ($test ? "TRUE" : "FALSE") . "\n"; 1; sub get_choice { $_ = <STDIN>; chop; return $_; } ########################## My point with this, of course, is that eval can be used safely if care is given to know exactly what eval is doing. Obviously, quick first looks can leave holes (as my first example). However, before plunging into the overhead of Safe.pm... it's always worth seeing if a simple approach will work as well. In the above example, eval uses $var1 and $var2 without interpolation. $op is added to the string... and of course we don't do the eval at all unless $op is valid. For this simple example, checking an opcode is fine. If one is trying to do any further eval'ing of code from an outside source (like a full perl script or expression), Safe.pm is a good way to go... I use it. mark PowerPerl(tm), mailto:info@powerperl.com http://www.powerperl.com A product of Tyrell Software Corp. http://www.tyrell.com ***** Want to unsubscribe from this list? ***** Send mail with body "unsubscribe" to mac-perl-request@iis.ee.ethz.ch