That's the idea but the problem is is that @ row seems to transalet itself into 'print userrname; and print mysecretpassword;' so that when it checks to see if it contains that string '$password' it doesn't, it contiand the value of $password.
Thanks all for your time. I do appreciate it. I'm also trying stuff on this end so I'll post here if I figure it out. Thanks Dan -----Original Message----- From: Rob Dixon [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 14, 2003 9:31 AM To: [EMAIL PROTECTED] Subject: Re: finding variable name in string Hi Dan Not clear what your problem is. This works, is it representative? my @row = ('print $user;', 'print $password;' ); foreach (@row) { print $_; print ( /\$password/ ? "\t# Invalid" : "\t# OK"); print "\n"; } Cheers, Rob "Dan Muey" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello, Sorry to bother but... I have a script that I have to do an eval on code that someone else has put in a database. ... $code = "$row[1] $row[2] $row[3]"; # @row is from a database query eval $code; if($@) Print "sorry -$@-"; ... It works great except there is one variable that the script uses that I don't want them to be able to use/modify. for instance if $code were to contain : print $user; that would be ok and actually encouraged for the purpose of this script but I can't have them going but if $code were to contain : print $password; that would be bad so I try to do this : if($code =~ m/\$password/) { print "NO way pal \n"; } # ie if $code contains the string '$password' then don't do it! else { eval $code; ..... It seems that since $code = "$row.. uses double quotes it seems that it is puting the value of $password there instead of the actual string '$password' I've also tried doing $code .= $row[1]; $code .= $row[2]; etc.. and also just searching for 'password' instead of with the dollar sign Is their any way to get that if statement to see $code as 'print $user;print $password;' instead of 'print joemama;print MyPassWORD;' -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
