why si this code not working (variable substitution)

why si this code not working (variable substitution)

am 17.08.2011 02:38:16 von Rajeev Prasad

    foreach $str1 (@arr1){  foreach (@arr2) {  @arr3 =3D sp=
lit(/ /,"$_");  print "array =3D @arr3=A0 element0 =3D $arr3[0] element=
1 =3D $arr3[1]";   #this is=A0just to check, it showing values 0 and 1 =
as correctly assigned  print "$str1";  }=0A}  =0Aarr1 contains =
lines like: (which will be values of str1 with each iteration)=0Acomm bbbb =
cc $arr3[0] sdf xyz=0Acomm scdrf cc $arr3[0] sdf xyz=0Acomm dddbb cc $arr3[=
0] sdf xyz  =0Aarr2 contains:=0A123 34 54=0A234 32 13=0A233 44 56  =
=0Atherefore i want to generate the final $str1 as:=0Acomm bbbb cc=A0123 sd=
f xyz=0Acomm scdrf cc=A0234 sdf xyz=0Acomm dddbb cc=A0233 sdf xyz  =0A=
    BUT I am getting:-----------SUBSTITUTION not happening!!!!=0Aco=
mm bbbb cc $arr3[0] sdf xyz=0Acomm scdrf cc $arr3[0] sdf xyz=0Acomm dddbb c=
c $arr3[0] sdf xyz    =0Aplease help resolve. thx.

--
To unsubscribe, e-mail: beginners-unsubscribe@perl.org
For additional commands, e-mail: beginners-help@perl.org
http://learn.perl.org/

Re: why si this code not working (variable substitution)

am 17.08.2011 17:54:39 von Shlomi Fish

Hi Rajeev,

On Tue, 16 Aug 2011 17:38:16 -0700 (PDT)
Rajeev Prasad wrote:

>  
>  
> foreach $str1 (@arr1){
>  foreach (@arr2) {
>  @arr3 =3D split(/ /,"$_");
>  print "array =3D @arr3  element0 =3D $arr3[0] element1 =3D $ar=
r3[1]";   #this
> is just to check, it showing values 0 and 1 as correctly assigned=20
> print "$str1";=20

That's your mistake. Perl does not have double-interpolation (which may
be considered a security vulnerability.). To overcome this in your case, you
can use this:

$str1 =3D~ s/\b\$arr3\[(\d+)\]\b/$arr3[$1]/ge; # Untested.

If you're looking for something better, then look at the various options in:

http://perl-begin.org/uses/text-generation/

A few comments on your code:

1. Use "strict" and "warnings".

2. Always do «foreach my $str1 (@arr1)» and limit the scope of th=
e variables
using "my".

3. Don't iterate using $_. It's very easy to devastate and pollute it.

4. Don't say «"$foo"» instead of «$foo», unless $foo is=
an object that needs to
be stringified (which is probably not the case).

5. See http://perl-begin.org/tutorials/bad-elements/ for more advice.

Regards,

Shlomi Fish

--=20
------------------------------------------------------------ -----
Shlomi Fish http://www.shlomifish.org/
Understand what Open Source is - http://shlom.in/oss-fs

* Backward compatibility is your worst enemy.
* Backward compatibility is your usersâ€=99 best friend.

Please reply to list if it's a mailing list post - http://shlom.in/reply .

--
To unsubscribe, e-mail: beginners-unsubscribe@perl.org
For additional commands, e-mail: beginners-help@perl.org
http://learn.perl.org/

Re: why si this code not working (variable substitution)

am 17.08.2011 22:05:44 von Rajeev Prasad

--0-1990229497-1313611544=:84940
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Thanks all.   I tried below it works:   foreach $line (@a=
rr1){ Â=A0foreach (@arr2) { Â=A0chomp($_); Â=A0@arr3 =3D split(=
/ /,$_); Â=A0$mystringvar =3D eval "qq{$line}";    =
         <--------------this sugges=
tion came from web search. Â=A0print $mystringvar; Â=A0}=0A} i=
got the key line in this code from web. thx to all coders out there. =
From: Shlomi Fish =0ATo: Rajeev Prasad hoo.com>=0ACc: Perl Beginners =0ASent: Wednesday, Augus=
t 17, 2011 10:54 AM=0ASubject: Re: why si this code not working (variable s=
ubstitution) Hi Rajeev, On Tue, 16 Aug 2011 17:38:16 -0700 (PDT)=
=0ARajeev Prasad wrote: >  =0A>  =0A> f=
oreach $str1 (@arr1){=0A>  foreach (@arr2) {=0A>  @arr3 =3D split=
(/ /,"$_");=0A>  print "array =3D @arr3  element0 =3D $arr3[0] el=
ement1 =3D $arr3[1]";   #this=0A> is just to check, it showi=
ng values 0 and 1 as correctly assigned =0A> print "$str1"; That's yo=
ur mistake. Perl does not have double-interpolation (which may=0Abe conside=
red a security vulnerability.). To overcome this in your case, you=0Acan us=
e this: $str1 =3D~ s/\b\$arr3\[(\d+)\]\b/$arr3[$1]/ge; # Untested.=0A=
=0AIf you're looking for something better, then look at the various options=
in: http://perl-begin.org/uses/text-generation/ A few comments o=
n your code: 1. Use "strict" and "warnings". 2. Always do «f=
oreach my $str1 (@arr1)» and limit the scope of the variables=0Ausing =
"my". 3. Don't iterate using $_. It's very easy to devastate and pollu=
te it. 4. Don't say «"$foo"» instead of «$foo», un=
less $foo is an object that needs to=0Abe stringified (which is probably no=
t the case). 5. See http://perl-begin.org/tutorials/bad-elements/ for =
more advice. Regards,     Shlomi Fish -- =0A-=
------------------------------------------------------------ ----=0AShlomi F=
ish      http://www.shlomifish.org/=0AUnderstand what Open S=
ource is - http://shlom.in/oss-fs * Backward compatibility is your wor=
st enemy.=0A* Backward compatibility is your usersâ€=99 best friend.=0A=
=0APlease reply to list if it's a mailing list post - http://shlom.in/reply=
. --=0ATo unsubscribe, e-mail: beginners-unsubscribe@perl.org=0AFor a=
dditional commands, e-mail: beginners-help@perl.org=0Ahttp://learn.perl.org=
/
--0-1990229497-1313611544=:84940--

Re: why si this code not working (variable substitution)

am 17.08.2011 22:15:18 von Uri Guttman

>>>>> "RP" == Rajeev Prasad writes:

RP> foreach $line (@arr1){
RP> =A0foreach (@arr2) {
RP> =A0chomp($_);
RP> =A0@arr3 =3D split(/ /,$_);
RP> =A0$mystringvar =3D eval "qq{$line}";          =
   <--------------this suggestion came from web search.

and it is a very bad idea. string eval is very dangerous and shouldn't
be used for simple things like that. you can do the same thing with a
hash and an s/// operation and be safe. string eval can execute any code
that is in your data which could cause havoc in your program so don't do
it unless you know exactly what is going on. you were given other
working solutions so use those instead of string eval.

uri

--=20
Uri Guttman -- uri AT perlhunter DOT com --- http://www.perlhunter.com =
--
------------ Perl Developer Recruiting and Placement Services -----------=
--
----- Perl Code Review, Architecture, Development, Training, Support -----=
--

--
To unsubscribe, e-mail: beginners-unsubscribe@perl.org
For additional commands, e-mail: beginners-help@perl.org
http://learn.perl.org/

Re: why si this code not working (variable substitution)

am 19.08.2011 09:59:56 von Shlomi Fish

Hi,

On Wed, 17 Aug 2011 16:15:18 -0400
"Uri Guttman" wrote:

> >>>>> "RP" == Rajeev Prasad writes:
>=20
> RP> foreach $line (@arr1){
> RP>  foreach (@arr2) {
> RP>  chomp($_);
> RP>  @arr3 =3D split(/ /,$_);
> RP>  $mystringvar =3D eval "qq{$line}";    =C2=
 Â Â Â Â Â Â Â=A0 <--------------this
> RP> suggestion came from web search.
>=20
> and it is a very bad idea. string eval is very dangerous and shouldn't
> be used for simple things like that. you can do the same thing with a
> hash and an s/// operation and be safe. string eval can execute any code
> that is in your data which could cause havoc in your program so don't do
> it unless you know exactly what is going on. you were given other
> working solutions so use those instead of string eval.
>=20

I agree with Uri here. Please don't use string eval here. If someone puts in
$line something like:

}.system("rm", "-fr", $ENV{HOME}).{

Then you'll lose your home directory.

Regards,

Shlomi Fish

> uri
>=20



--=20
------------------------------------------------------------ -----
Shlomi Fish http://www.shlomifish.org/
Best Introductory Programming Language - http://shlom.in/intro-lang

We have nothing to fear but fear itself. Fear has nothing to fear but XSLT.

Please reply to list if it's a mailing list post - http://shlom.in/reply .

--
To unsubscribe, e-mail: beginners-unsubscribe@perl.org
For additional commands, e-mail: beginners-help@perl.org
http://learn.perl.org/

Re: why si this code not working (variable substitution)

am 19.08.2011 20:15:25 von Shlomi Fish

Hi Anant,

next time please reply to all recipients instead of only to me as you did just
now (as I suggest in my signature which you should have read.). I'll reply to
you while CCing the list.

On Fri, 19 Aug 2011 22:36:42 +0530
anant mittal wrote:

> what does this eval do?

There's block eval (which can be used to trap exceptions) and there's
string-eval, which while trapping exceptions, executes the code in the string
as a small perl program. See:

http://en.wikipedia.org/wiki/Eval

It has a small number of legitimate uses, but otherwise can be easily abused.
If you do in a program

#!/usr/bin/perl

use strict;
use warnings;

my $expr = shift(@ARGV);
eval $expr;

Then if you allow the user of the program to input arbitrary Perl code inside
$ARGV[0], which will then be executed. So don't abuse string eval this way.

> and also what this 'ge' is.'g' is for global substitution but 'ge' is for
> what.

Well, in Perl 5, each operation modifier is a single letter and can be studied
as is. So /ge is both "g" and "e". What /e (which stands for "expression" or
"evaluate") does is treat the right-hand-side of the substitution as a Perl
expression, instead of the string concatenation thing that is usually is. This
program:

[CODE]
#!/usr/bin/perl

use strict;
use warnings;

my $s = "The quick brown fox jumped over the lazy dog";

$s =~ s{\b(\w+)\b}{my $word = $1; print "Got word '$word'\n"; uc($word); }eg;

print "String is now '$s'.\n";
[/CODE]

Will print this:

[OUT]
Got word 'The'
Got word 'quick'
Got word 'brown'
Got word 'fox'
Got word 'jumped'
Got word 'over'
Got word 'the'
Got word 'lazy'
Got word 'dog'
String is now 'THE QUICK BROWN FOX JUMPED OVER THE LAZY DOG'.
[/OUT]

The /e flag of s/// is a very powerful tool - make sure you know it. One should
note that one can add another /e to the end of s/ to evaluate the expression
twice, but this is generally inadvised due from the same reasons that string
eval is dangerous.

Hope that helps.

Regards,

Shlomi Fish

> plz let me known to it.
>
> On Fri, Aug 19, 2011 at 1:29 PM, Shlomi Fish wrote:
>
> > Hi,
> >
> > On Wed, 17 Aug 2011 16:15:18 -0400
> > "Uri Guttman" wrote:
> >
> > > >>>>> "RP" == Rajeev Prasad writes:
> > >
> > > RP> foreach $line (@arr1){
> > > RP> foreach (@arr2) {
> > > RP> chomp($_);
> > > RP> @arr3 = split(/ /,$_);
> > > RP> $mystringvar = eval "qq{$line}"; <--------------this
> > > RP> suggestion came from web search.
> > >
> > > and it is a very bad idea. string eval is very dangerous and shouldn't
> > > be used for simple things like that. you can do the same thing with a
> > > hash and an s/// operation and be safe. string eval can execute any code
> > > that is in your data which could cause havoc in your program so don't do
> > > it unless you know exactly what is going on. you were given other
> > > working solutions so use those instead of string eval.
> > >
> >
> > I agree with Uri here. Please don't use string eval here. If someone puts
> > in
> > $line something like:
> >
> > }.system("rm", "-fr", $ENV{HOME}).{
> >
> > Then you'll lose your home directory.
> >
> > Regards,
> >
> > Shlomi Fish
> >
> > > uri
> > >
> >
> >
> >
> > --
> > ------------------------------------------------------------ -----
> > Shlomi Fish http://www.shlomifish.org/
> > Best Introductory Programming Language - http://shlom.in/intro-lang
> >
> > We have nothing to fear but fear itself. Fear has nothing to fear but XSLT.
> >
> > Please reply to list if it's a mailing list post - http://shlom.in/reply .
> >
> > --
> > To unsubscribe, e-mail: beginners-unsubscribe@perl.org
> > For additional commands, e-mail: beginners-help@perl.org
> > http://learn.perl.org/
> >
> >
> >



--
------------------------------------------------------------ -----
Shlomi Fish http://www.shlomifish.org/
Rethinking CPAN - http://shlom.in/rethinking-cpan

Chuck Norris writes understandable Perl code.

Please reply to list if it's a mailing list post - http://shlom.in/reply .

--
To unsubscribe, e-mail: beginners-unsubscribe@perl.org
For additional commands, e-mail: beginners-help@perl.org
http://learn.perl.org/

Re: why si this code not working (variable substitution)

am 20.08.2011 00:32:37 von Rajeev Prasad

--0-1254397262-1313793157=:7809
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

thx. I agree to suggestion.  =0Ajust fyi the expanded string is pushed =
to run in a specialized shell which does not recongnize unix commands.=0A=
  i am still trying to do it in a simple, safe and (i dont mind lengthy=
) method. thx. From: Shlomi Fish =0ATo: Uri Gu=
ttman =0ACc: Rajeev Prasad ; Perl =
Beginners =0ASent: Friday, August 19, 2011 2:59 AM=0ASu=
bject: Re: why si this code not working (variable substitution) Hi,=0A=
=0AOn Wed, 17 Aug 2011 16:15:18 -0400=0A"Uri Guttman" =
wrote: > >>>>> "RP" == Rajeev Prasad writes:=
=0A> =0A>=A0 RP> foreach $line (@arr1){=0A>=A0 RP> =A0foreach (@arr2) {=0A>=
=A0 RP> =A0chomp($_);=0A>=A0 RP> =A0@arr3 =3D split(/ /,$_);=0A>=A0 RP> =A0=
$mystringvar =3D eval "qq{$line}";             <---=
-----------this=0A>=A0 RP> suggestion came from web search.=0A> =0A> and it=
is a very bad idea. string eval is very dangerous and shouldn't=0A> be use=
d for simple things like that. you can do the same thing with a=0A> hash an=
d an s/// operation and be safe. string eval can execute any code=0A> that =
is in your data which could cause havoc in your program so don't do=0A> it =
unless you know exactly what is going on. you were given other=0A> working =
solutions so use those instead of string eval.=0A> I agree with Uri h=
ere. Please don't use string eval here. If someone puts in=0A$line somethin=
g like:   =A0 }.system("rm", "-fr", $ENV{HOME}).{ Then you'll=
lose your home directory. Regards,   =A0 Shlomi Fish > =
uri=0A> -- =0A-------------------------------------------------=
----------------=0AShlomi Fish=A0 =A0 =A0 http://www.shlomifish.org/=0ABest=
Introductory Programming Language - http://shlom.in/intro-lang We hav=
e nothing to fear but fear itself. Fear has nothing to fear but XSLT. =
Please reply to list if it's a mailing list post - http://shlom.in/reply .=
--=0ATo unsubscribe, e-mail: beginners-unsubscribe@perl.org=0AFor add=
itional commands, e-mail: beginners-help@perl.org=0Ahttp://learn.perl.org/
--0-1254397262-1313793157=:7809--