Think about Loose Coupling | |
PerlMonks |
Re: Using Variables in Path Namesby Fastolfe (Vicar) |
on Nov 28, 2001 at 03:22 UTC ( [id://127954]=note: print w/replies, xml ) | Need Help?? |
Danger! Your script makes some very classic mistakes and has some very serious security vulnerabilities that could allow any person to write files anywhere on your system. Some things to look at: To literally answer the question you're asking, yes, you can put variables in a double-quoted string like that. It should do what you're expecting. So the problem must lie in how those variables are assigned. Some debugging code (e.g. print statements here and there) to check that each variable has the value you're expecting, and that each directory exists as you expect, etc., would help in your debugging efforts. But I wouldn't use this logic as it is at all without doing some serious sanitizing of input and/or verification of each parameter they're passing (e.g. ensuring that the class is a valid class name, that the user is a valid user, etc.). Anyone can put "../../../" in any of those variables and back-track their way out of your filesystem.
In Section
Seekers of Perl Wisdom
|
|