Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical
 
PerlMonks  

Executing perlcode from variable

by ASadon (Initiate)
on May 12, 2014 at 09:47 UTC ( #1085771=perlquestion: print w/ replies, xml ) Need Help??
ASadon has asked for the wisdom of the Perl Monks concerning the following question:

Hi guys, is there a way in Perl to execute code from a variable? I want to store rules (written in perl) in a table in a mysql-database. A perl-program reads the rules and must execute them. Is that possible somehow? Thanks a lot!

Comment on Executing perlcode from variable
Re: Executing perlcode from variable
by Anonymous Monk on May 12, 2014 at 09:56 UTC
Re: Executing perlcode from variable
by choroba (Abbot) on May 12, 2014 at 09:58 UTC
    It is possible, but it's a security risk. Are you 100% sure only lawful good Perl developers will be able to modify the database table? See eval for details if so.

    Using some kind of a dispatch table might be a more secure solution.

    لսႽ ᥲᥒ⚪⟊Ⴙᘓᖇ Ꮅᘓᖇ⎱ Ⴙᥲ𝇋ƙᘓᖇ
      Thanks Anonymous Monk and Choroba, that's what I was looking for!
      If at all possible, I would also rather go for a dispatch table within the program (or a used module), rather than a DB with code snippets.
Re: Executing perlcode from variable
by leslie (Pilgrim) on May 12, 2014 at 10:29 UTC

    Hi,

    Find this below example. It may be useful for you.

    use strict; use warnings; use Data::Dumper; my $val = q| my @array= qw(A R N D); splice(@array,0,4,qw(B N M C)); print Dumper \@array; |; eval($val);
Re: Executing perlcode from variable
by sundialsvc4 (Abbot) on May 12, 2014 at 11:06 UTC

    Uh huh ... I feel exactly the same way about “evaling code taken from a database” as I do about the original way that JSON used to work.   JSON was conceptually simple in those early, trusting days:   “simply send JavaScript to the client, who can then execute it.”   (And, if you recall, PHP allowed you to send arbitrary variable-names in URL-strings, too.)   It is simply “too unsafe to consider” nowadays ... in addition to the fact that it introduces into the program “source-code that is not here.”   A genie you just can’t afford to let out of its bottle, regardless of language or situation.

Re: Executing perlcode from variable
by jmmitc06 (Sexton) on May 12, 2014 at 14:30 UTC

    yes you can use 'eval' to evaluate code from an exogenous source, I did this some time ago. In my case I hadn't completely figured out how to use DBI and was generating some DBI commands, saving them as strings and evaluating them with eval. Although doable, I think this falls into the category of there has to be a better way not only due to security reasons but also because it can be very difficult to debug.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://1085771]
Front-paged by Arunbear
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (8)
As of 2014-09-24 01:31 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    How do you remember the number of days in each month?











    Results (244 votes), past polls