perlquestion IraTarball I was reading <a href='http://www.oreilly.com/catalog/advperl/'>Advanced Perl Programming</a> and came across this little warning about double quote interpolation. <a href='http://www.oreilly.com/catalog/advperl/author.html'>The author</a> warns that a string like <code>"$a"</code> does variable interpolation. No surprise there. Then he say's <i>"But you now know that "a" can be replaced ba a block as long as it returns a reference to a scalar..."</i> and so we should be worried about someone filling a variable with <code>{system('/bin/rm -rf /*')}</code> and maybe doing 'bad things' to us. <p> Now for the question. <p> Isn't a variable only interpolated once? I mean, when I try the following... <code> perl -swe 'while (<STDIN>) {print "$_"}' </code> and I type in <code>{system('rm -rf *')}</code> it just prints <code>{system('rm -rf *')}</code> without executing the system call. This is just what I would have expected before reading the quoted material. Am I missing something though? <p> Along these lines, I'm under the impression that tainted data is mainly a concern if you're going to <code>eval</code> it, or pass it to <code>system</code> or backticks, are there any really sneaky situations that I'm missing? <p> The reason the above caught my attention was that it implied that every program where I echo user input would need to be run in [taint] mode. I think that would suck. <p> What do <i>you</i> think? <p> <A HREF="/index.pl?node=IraTarball&amp;amp;amp;amp;amp;lastnode_id=479">Ira</a>, <p><i> "So... What do all these little arrows mean?"<br> ~unknown</i>