ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Do not use "eval". It is very dangerous to use unless you have checked that the strings do not contain any characters that are special to the shell. What you want is variable indirection:
If you want to know more about eval you can also look here
As it is also fraught with some dangers of what people could force your program to do if the know eval is around and not being used correctly, I generally try to stay clear.
My normal first question would be, what benefit do you get from being able to combine variable names in this way? (I also find it a little odd (funny) as well because when talking with programmers
in other languages this requirement rarely if ever actually comes up, yet many people try to do it with bash .. oh well)
Could your solution perhaps be solved using associative arrays instead? (see earlier in the page of the link above for details)
Code:
declare -A CUSTOMER_REFS
CUSTOMER_SHORT_NAME="ZZ"
CUSTOMER_REFS[$CUSTOMER_SHORT_NAME]="ZZ ZEE ZULU ZEBRA"
echo "${CUSTOMER_REFS[$CUSTOMER_SHORT_NAME]}"
Do not use "eval". It is very dangerous to use unless you have checked that the strings do not contain any characters that are special to the shell. What you want is variable indirection:
Yes it is dangerous IF you're getting the variable name from user input from users you don't trust, but you ALWAYS need to be careful when you're reading and using user input from users you don't trust, regardless of the language or what you're doing with the information. There's no need to jump into panic mode unless this is one of those situations.
Last edited by suicidaleggroll; 04-29-2014 at 01:09 PM.
The issues are more than just deliberate malice. You have to absolutely sure of what can show up in those fields. You can have a script that runs fine, then perhaps a short name "AT&T" gets put in the database and the ampersand makes your "eval" do something strange. A string with an embedded single quote would also make your script fail, and protecting against these with quoting gets complicated because strings are being parsed twice by the shell. Using "eval" when a simpler, more direct, and much safer alternative is available is just misguided.
You have to absolutely sure of what can show up in those fields.
Same with any script. 99.9999% of the solutions to questions posted on this forum use syntax that would break down if an ampersand or quote made its way into a variable. You can't protect against everything.
Quote:
Originally Posted by rknichols
You can have a script that runs fine, then perhaps a short name "AT&T" gets put in the database and the ampersand makes your "eval" do something strange. A string with an embedded single quote would also make your script fail
It would make both approaches fail...they would just fail in different ways. If an ampersand or quote gets into the variable that you're using to build up a dynamic variable name, the script is going to fail no matter what method you use to build that dynamic variable name.
Quote:
Originally Posted by rknichols
Using "eval" when a simpler, more direct, and much safer alternative is available is just misguided.
I'd argue that this approach in general is misguided, and there is almost always a better, cleaner, and more robust way of attacking the problem than dynamically building up a variable name using other variables. If it MUST be done, then yes ${!var} (if it's available) is a better way of getting to the result than eval, but ${!var} is not always an option, and its use would reduce the code's portability.
Last edited by suicidaleggroll; 04-29-2014 at 10:48 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.