L
Larry W. Virden
In a small application I am seeing the following. The program uses DBI
to fetch rows of information such as first and last names, then uses
the system() call to pass the information like this:
$message = "$first_name $last_name phone number: $phone";
system("mycommand arg1='abc' arg2='123 456' details='$message'");
While it works for most cases, this morning I hit the error
mycommand warning: the parameter "phone" is ignored.
mycommand warning: the parameter "number:" is ignored.
mycommand warning: the parameter "1234" is ignored.
sh: : cannot execute
Turns out that the user was John O'Smith - the ' is causing the system
command to parse wrong.
Now, I know I can use s/'// and remove the quote. But is there
anything I can do to get the ' to pass through unscathed?
I tried, for instance, using $last_name =~ s/'/\'/;
as well as s/'/\\'/ and s/'/\\'/ and s/'/\\\'/ and in each case, even
when I could see the \ was making it to the system command, it didn't
make it through the shell's parser.
Just wondering about alternate approaches. I tried using qq
($first_name $last_name phone number: $phone) , but that was just
bypassing things on the perl side.
to fetch rows of information such as first and last names, then uses
the system() call to pass the information like this:
$message = "$first_name $last_name phone number: $phone";
system("mycommand arg1='abc' arg2='123 456' details='$message'");
While it works for most cases, this morning I hit the error
mycommand warning: the parameter "phone" is ignored.
mycommand warning: the parameter "number:" is ignored.
mycommand warning: the parameter "1234" is ignored.
sh: : cannot execute
Turns out that the user was John O'Smith - the ' is causing the system
command to parse wrong.
Now, I know I can use s/'// and remove the quote. But is there
anything I can do to get the ' to pass through unscathed?
I tried, for instance, using $last_name =~ s/'/\'/;
as well as s/'/\\'/ and s/'/\\'/ and s/'/\\\'/ and in each case, even
when I could see the \ was making it to the system command, it didn't
make it through the shell's parser.
Just wondering about alternate approaches. I tried using qq
($first_name $last_name phone number: $phone) , but that was just
bypassing things on the perl side.