07-13-2012
Quote:
Originally Posted by
hpodhrad
This works, but I thought eval was a bad thing? It opens the code up for an Injection attack, right?
Yes. So the correct way to prevent this is to not do what you're doing -- not put quotes inside quotes, and have to parse the quotes inside quotes... Store the string in such a way you don't need
eval,
echo | sh, or other such trickery to parse it. Every alternative we've shown you, you've turned around and tried to store it in a string again, causing the same problems you had before. It's not the way in which you're storing it inside a string that's doing it... It's the fact that you're doing it at all. That doesn't work, no matter how you cut it, without needing to use walking security holes like
eval.
Which brings me to the real question.
Why do you need to store it in a string like this?
Last edited by Corona688; 07-13-2012 at 12:23 PM..
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
I'm not very familiar with the ssh command. When I tried to set a variable and then echo its value on a remote machine via ssh, I found a problem. For example,
$ ITSME=itsme
$ ssh xxx.xxxx.xxx.xxx "ITSME=itsyou; echo $ITSME"
itsme
$ ssh xxx.xxxx.xxx.xxx 'ITSME=itsyou; echo $ITSME'
itsyou
$... (3 Replies)
Discussion started by: password636
3 Replies
2. Shell Programming and Scripting
Hi.
please help me to write the following query in a shell script.
the Query is :select no,salary from emp_info where name='$var_name'
the following is my code.
#! /bin/sh
var_name=$1
sqlplus -s user/pwd@DB << EOF
select no,salary from emp_info where name="'$var_name'";... (4 Replies)
Discussion started by: little_wonder
4 Replies
3. Shell Programming and Scripting
Hi guys, I have a sed line in double quotes which works fine, but I want it to be in single quotes
here is the sed line
sed "/abc_def/s/\'.*\'/\'\${abc_def}\'/"
can some one give the equivalent to the above script in single quotes
Thanks a ton (5 Replies)
Discussion started by: sol_nov
5 Replies
4. Shell Programming and Scripting
I have a flat file sample like this -
"COURSE"|"ddddd " " dddd"|"sssddd
sdsdsdsdx" dddddddd ffffff
"aaaaa" dddddddd ffffff
sdsdsd"|"xxxxxxx"|
"COURSE"|"ffff " " bbbb"|"lllll"|
The delimiter is pipe character (|) and the text are enclosed in double quotes... (5 Replies)
Discussion started by: vishalzone
5 Replies
5. UNIX for Dummies Questions & Answers
Unix superusers,
I am new to unix but would like to learn more about grep. I am very familiar with regular expressions as i have used them for searching text files in windows based text editors. Since I am not very familiar with Unix, I dont understand when one should use GREP with the... (2 Replies)
Discussion started by: george_vandelet
2 Replies
6. Shell Programming and Scripting
Hi I want to replace single quote with two single quotes in a perl string.
If the string is <It's Simpson's book> It should become <It''s Simpson''s book> (3 Replies)
Discussion started by: DushyantG
3 Replies
7. Shell Programming and Scripting
Hello. I'm trying to write a bash script that uses GNU screen and have hit a brick wall that has cost me many hours... (I'm sure it has something to do with quoting/globbing, which is why I post it here)
I can make a script that does the following just fine:
test.sh:
#!/bin/bash
# make... (2 Replies)
Discussion started by: jondecker76
2 Replies
8. Shell Programming and Scripting
file1
----
34556745
32678343
31576776
31455566
21356666
I want to assign the record values to a variable in the below format, so that I can use output in .sql file for querying in database.
('34556745', '32678343', '31576776', '31455566', '21356666')
-----------
below is the... (11 Replies)
Discussion started by: rajivrsk
11 Replies
9. Shell Programming and Scripting
Hi,
Trying to change the prompt. I have the following code.
export PS1='
<${USER}@`hostname -s`>$ '
The hostname is not displayed
<abc@`hostname -s`>$ uname -a
AIX xyz 1 6 00F736154C00
<adcwl4h@`hostname -s`>$
If I use double quotes, then the hostname is printed properly but... (3 Replies)
Discussion started by: bobbygsk
3 Replies
10. UNIX for Beginners Questions & Answers
Hi, I just bought a new mac and have been running a program out of terminal, but even early on I noticed that my single quotes looked a lot different from the ones used in all of the namelists and other files of the program. Specifically, mine are kind of slanted whereas the others are very... (7 Replies)
Discussion started by: jtcastro99
7 Replies