Login or Register to Ask a Question and Join Our Community


Shell Programming and Scripting

Bash shell adding extra single quotes

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting Bash shell adding extra single quotes
# 8  
Old 07-12-2012
I suggested set -- as a replacement for putting the command in quotes. It's not a way to put the command in quotes.

What you want is not easy or straightforward for the reasons I already explained. Quotes are not usually a part of strings, quotes denote strings. If you want to give that command to a shell, run it in a shell.

A bourne shell will not evaluate quotes there without an eval, scrutinizer.

If you really wish to kludge it into running like that instead of just running it in the first place, you can feed it into a shell. This is not efficient and probably not the greatest idea.
Code:
echo "$COMMAND" | sh

This User Gave Thanks to Corona688 For This Post:
Scrutinizer
# 9  
Old 07-12-2012
This may shed some light:

Code:
$ STATEMENT="echo \"hello          there\""
+ STATEMENT='echo "hello          there"'
$ $STATEMENT
+ echo '"hello' 'there"'
"hello there"
$ eval "$STATEMENT"
+ eval 'echo "hello          there"'
++ echo 'hello          there'
hello          there

--
@corona, You are right of course. I jumped in after the last post, because of the the set statement. I had not really read the problem at hand... I'll correct post #7...
Last edited by Scrutinizer; 07-12-2012 at 06:18 PM..
This User Gave Thanks to Scrutinizer For This Post:
hpodhrad
# 10  
Old 07-13-2012
This works, but I thought eval was a bad thing? It opens the code up for an Injection attack, right?

Thank you very much for your help!!!!!
# 11  
Old 07-13-2012
Indeed eval is definitely a security risk, you would for example need to make sure that the variable content comes from a controlled source and not from user input or input files or any other source that you do not control or insufficiently control otherwise someone might gain access to the rights of the user executing the script.

So you would need to think if it isn't better to use a different setup that does not require the use of eval. So for example, just do not use the intermediate step of a command variable like $STATEMENT ( I personally never use those ), but execute the command directly without eval. If you do not like that, an alternative could be to create a function.
# 12  
Old 07-13-2012
Quote:
Originally Posted by hpodhrad
This works, but I thought eval was a bad thing? It opens the code up for an Injection attack, right?
Yes. So the correct way to prevent this is to not do what you're doing -- not put quotes inside quotes, and have to parse the quotes inside quotes... Store the string in such a way you don't need eval, echo | sh, or other such trickery to parse it. Every alternative we've shown you, you've turned around and tried to store it in a string again, causing the same problems you had before. It's not the way in which you're storing it inside a string that's doing it... It's the fact that you're doing it at all. That doesn't work, no matter how you cut it, without needing to use walking security holes like eval.

Which brings me to the real question. Why do you need to store it in a string like this?
Last edited by Corona688; 07-13-2012 at 12:23 PM..
# 13  
Old 07-13-2012
CVS has the ability to store commit messages for each version of a file. These messages tend to be very descriptive and are entered by the user explaining what they did to the file.
So, how would you suggest I get this information from the user as an input and pass it to cvs as a string?
# 14  
Old 07-13-2012
Code:
read MESSAGE

cvs commit -m "${MESSAGE}" ./q.s
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Beginners Questions & Answers

Bash not recognizing single quotes in Mac?

Hi, I just bought a new mac and have been running a program out of terminal, but even early on I noticed that my single quotes looked a lot different from the ones used in all of the namelists and other files of the program. Specifically, mine are kind of slanted whereas the others are very... (7 Replies)
Discussion started by: jtcastro99
7 Replies

2. Shell Programming and Scripting

Issue with Single Quotes and Double Quotes for prompt PS1

Hi, Trying to change the prompt. I have the following code. export PS1=' <${USER}@`hostname -s`>$ ' The hostname is not displayed <abc@`hostname -s`>$ uname -a AIX xyz 1 6 00F736154C00 <adcwl4h@`hostname -s`>$ If I use double quotes, then the hostname is printed properly but... (3 Replies)
Discussion started by: bobbygsk
3 Replies

3. Shell Programming and Scripting

shell script - to append single quotes and comma

file1 ---- 34556745 32678343 31576776 31455566 21356666 I want to assign the record values to a variable in the below format, so that I can use output in .sql file for querying in database. ('34556745', '32678343', '31576776', '31455566', '21356666') ----------- below is the... (11 Replies)
Discussion started by: rajivrsk
11 Replies

4. Shell Programming and Scripting

Having a terrible problem with quotes/single quotes!

Hello. I'm trying to write a bash script that uses GNU screen and have hit a brick wall that has cost me many hours... (I'm sure it has something to do with quoting/globbing, which is why I post it here) I can make a script that does the following just fine: test.sh: #!/bin/bash # make... (2 Replies)
Discussion started by: jondecker76
2 Replies

5. Shell Programming and Scripting

Replace single quote with two single quotes in perl

Hi I want to replace single quote with two single quotes in a perl string. If the string is <It's Simpson's book> It should become <It''s Simpson''s book> (3 Replies)
Discussion started by: DushyantG
3 Replies

6. UNIX for Dummies Questions & Answers

grep single quotes or double quotes

Unix superusers, I am new to unix but would like to learn more about grep. I am very familiar with regular expressions as i have used them for searching text files in windows based text editors. Since I am not very familiar with Unix, I dont understand when one should use GREP with the... (2 Replies)
Discussion started by: george_vandelet
2 Replies

7. Shell Programming and Scripting

removing extra double quotes between pipe dilimeter

I have a flat file sample like this - "COURSE"|"ddddd " " dddd"|"sssddd sdsdsdsdx" dddddddd ffffff "aaaaa" dddddddd ffffff sdsdsd"|"xxxxxxx"| "COURSE"|"ffff " " bbbb"|"lllll"| The delimiter is pipe character (|) and the text are enclosed in double quotes... (5 Replies)
Discussion started by: vishalzone
5 Replies

8. Shell Programming and Scripting

Single quotes and double quotes

Hi guys, I have a sed line in double quotes which works fine, but I want it to be in single quotes here is the sed line sed "/abc_def/s/\'.*\'/\'\${abc_def}\'/" can some one give the equivalent to the above script in single quotes Thanks a ton (5 Replies)
Discussion started by: sol_nov
5 Replies

9. Shell Programming and Scripting

How can i use single quotes for SQL command in shell script

Hi. please help me to write the following query in a shell script. the Query is :select no,salary from emp_info where name='$var_name' the following is my code. #! /bin/sh var_name=$1 sqlplus -s user/pwd@DB << EOF select no,salary from emp_info where name="'$var_name'";... (4 Replies)
Discussion started by: little_wonder
4 Replies

10. Shell Programming and Scripting

Double quotes or single quotes when using ssh?

I'm not very familiar with the ssh command. When I tried to set a variable and then echo its value on a remote machine via ssh, I found a problem. For example, $ ITSME=itsme $ ssh xxx.xxxx.xxx.xxx "ITSME=itsyou; echo $ITSME" itsme $ ssh xxx.xxxx.xxx.xxx 'ITSME=itsyou; echo $ITSME' itsyou $... (3 Replies)
Discussion started by: password636
3 Replies
Login or Register to Ask a Question