Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw
 
PerlMonks  

Calling a method within a double-quoted string?

( #17466=categorized question: print w/ replies, xml ) Need Help??
Contributed by Anonymous Monk on Jun 10, 2000 at 03:27 UTC
Q&A  > object-oriented programming


Description:

I want to have a double-quoted string like this, where $dbh is a DBI database handle and $userinput is (potentially hostile) user input:

"select * from foo where bar = $dbh->quote($userinput)"
It doesn't work. That quote method isn't called. Instead, the $dbh object itself is converted to a string.

This works like I want:

"select foo from bar where baz = ${ \$dbh->quote($userinput) }"
But that is an ugly hack, referencing and dereferencing just to trick Perl's string parser into doing what I want.

Any better ideas? I know I can do "blah".$whatever."blah" but that's even harder for my eyes to parse.

Answer: Calling a method within a double-quoted string?
contributed by plaid

You should use place holders in this case, as they automatically take care of quoting:

my $sth = $dbh->prepare("select * from foo where bar = ?"); $sth->execute($userinput);
In the more general case, you can use sprintf to interpolate functions into strings:
my $sql = sprintf "select * from foo where bar = %s", $dbh->quote($use +rinput);

Answer: Calling a method within a double-quoted string?
contributed by btrott

For the DBI case, the correct answer is definitely placeholders.

However, in the general case, consider Interpolation. It's pretty nifty. It lets you define "arbitrary interpolation semantics".

From its man page:

For example, you can say use Interpolation money => \&commify_with_dollar_sign, E => 'eval', placename => 'ucwords'; And then you can write these: print "3 + 4 = $E{3+4}"; # Prints ``3 + 4 = 7'' $SALARY = 57500; print "The salary is $money{$SALARY}"; # Prints ``The salary is $57,500.00''
For your need, you could use this:
use vars qw/$dbh/; use DBI; $dbh = DBI->connect('baz', 'foo', 'bar', 'Oracle'); use Interpolation quoteit => sub { $dbh->quote(@_) }; print "select * from foo where bar = $quoteit{baz}";
Which is quite handy. Still, in your particular case, placeholders are better.

Answer: Calling a method within a double-quoted string?
contributed by pemungkah

The cheap but punctuation-heavy answer:

my $string = "this is an interpolated method call: @{[$obj->method]}";
What's happening here, working from the inside out:
  1. The method call happens, and it returns a list of zero or more values.
  2. Outside that, we have an anonymous array constructor, so now we've got a reference to an anonymous array containing the value(s) returned from the method.
  3. Outside that, we have @{ }, which dereferences the array reference, so we have an array.
  4. Perl now happily interpolates the dynamically-generated anonymous array into the string, because it knows how to do that.
This is essentially what Interpolation.pm does, cut down to adding a few extra characters in your string. Drawback: ugly, and possibly really confusing to the reader. Advantage: only 5 extra characters.

Please (register and) log in if you wish to add an answer



  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • Outside of code tags, you may need to use entities for some characters:
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?
    Username:
    Password:

    What's my password?
    Create A New User
    Chatterbox?
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others musing on the Monastery: (6)
    As of 2014-07-30 21:54 GMT
    Sections?
    Information?
    Find Nodes?
    Leftovers?
      Voting Booth?

      My favorite superfluous repetitious redundant duplicative phrase is:









      Results (241 votes), past polls