Hello group!
I'm wanting to have a safe way to use variables in regexp.
I've heard its very dangerous to just run it because people could have evil stuff in the variable to do bad bad things...
so $foo =~ m/$evilregexhere/; could be bad unless $evilregex was untainted (no relation to -T ;p)
I've been scouring perldoc perlre and perldoc perlop for info on how to safely do this (not sure if qr() woudl be the ticket or not...)
Do what I'd like to be able to do is:
my ($find,$replacewith,$case) = $dbh->selectrow_array($query);
$string =~ s/$find/$replace/gi if $case; $string =~ s/$find/$replace/g if !$case;
Since a user could put whatever they want in the database what should I do to make that work so its safe?
TIA
Lee.M - JupiterHost.Net
-- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>
