On Tue, 27 Sep 2005, Bryan R Harris wrote:
> I'd like to evaluate user input only where it makes sense, e.g.
>
> "2*(3+2)" ==> 10
> "2*dog" ==> "2*dog"
> "mysquarefunction(2)" ==> 4
> "3*mysquarefunction(2)" ==> 12
> "some guy" ==> "some guy"
What happens when they put something in like
"system('rm -rf /')"
?
Blindly running input from users is a bad, bad, bad, bad idea.
Figure out what kind of input you need from them, specify it as narrowly
as you can manage, and then validate that it does match that spec.
--
Chris Devers
j<Ú÷õï·�¿
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
