Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer
 
PerlMonks  

Executing perlcode from variable

by ASadon (Initiate)
on May 12, 2014 at 09:47 UTC ( #1085771=perlquestion: print w/ replies, xml ) Need Help??
ASadon has asked for the wisdom of the Perl Monks concerning the following question:

Hi guys, is there a way in Perl to execute code from a variable? I want to store rules (written in perl) in a table in a mysql-database. A perl-program reads the rules and must execute them. Is that possible somehow? Thanks a lot!

Comment on Executing perlcode from variable
Re: Executing perlcode from variable
by Anonymous Monk on May 12, 2014 at 09:56 UTC
Re: Executing perlcode from variable
by choroba (Abbot) on May 12, 2014 at 09:58 UTC
    It is possible, but it's a security risk. Are you 100% sure only lawful good Perl developers will be able to modify the database table? See eval for details if so.

    Using some kind of a dispatch table might be a more secure solution.

    لսႽ ᥲᥒ⚪⟊Ⴙᘓᖇ Ꮅᘓᖇ⎱ Ⴙᥲ𝇋ƙᘓᖇ
      Thanks Anonymous Monk and Choroba, that's what I was looking for!
      If at all possible, I would also rather go for a dispatch table within the program (or a used module), rather than a DB with code snippets.
Re: Executing perlcode from variable
by leslie (Pilgrim) on May 12, 2014 at 10:29 UTC

    Hi,

    Find this below example. It may be useful for you.

    use strict; use warnings; use Data::Dumper; my $val = q| my @array= qw(A R N D); splice(@array,0,4,qw(B N M C)); print Dumper \@array; |; eval($val);
Re: Executing perlcode from variable
by sundialsvc4 (Abbot) on May 12, 2014 at 11:06 UTC

    Uh huh ... I feel exactly the same way about “evaling code taken from a database” as I do about the original way that JSON used to work.   JSON was conceptually simple in those early, trusting days:   “simply send JavaScript to the client, who can then execute it.”   (And, if you recall, PHP allowed you to send arbitrary variable-names in URL-strings, too.)   It is simply “too unsafe to consider” nowadays ... in addition to the fact that it introduces into the program “source-code that is not here.”   A genie you just can’t afford to let out of its bottle, regardless of language or situation.

Re: Executing perlcode from variable
by jmmitc06 (Sexton) on May 12, 2014 at 14:30 UTC

    yes you can use 'eval' to evaluate code from an exogenous source, I did this some time ago. In my case I hadn't completely figured out how to use DBI and was generating some DBI commands, saving them as strings and evaluating them with eval. Although doable, I think this falls into the category of there has to be a better way not only due to security reasons but also because it can be very difficult to debug.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://1085771]
Front-paged by Arunbear
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (6)
As of 2014-11-26 00:59 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My preferred Perl binaries come from:














    Results (160 votes), past polls