http://www.perlmonks.org?node_id=1085771

ASadon has asked for the wisdom of the Perl Monks concerning the following question:

Hi guys, is there a way in Perl to execute code from a variable? I want to store rules (written in perl) in a table in a mysql-database. A perl-program reads the rules and must execute them. Is that possible somehow? Thanks a lot!

Replies are listed 'Best First'.
Re: Executing perlcode from variable
by choroba (Cardinal) on May 12, 2014 at 09:58 UTC
    It is possible, but it's a security risk. Are you 100% sure only lawful good Perl developers will be able to modify the database table? See eval for details if so.

    Using some kind of a dispatch table might be a more secure solution.

    لսႽ† ᥲᥒ⚪⟊Ⴙᘓᖇ Ꮅᘓᖇ⎱ Ⴙᥲ𝇋ƙᘓᖇ
      Thanks Anonymous Monk and Choroba, that's what I was looking for!
      If at all possible, I would also rather go for a dispatch table within the program (or a used module), rather than a DB with code snippets.
Re: Executing perlcode from variable
by Anonymous Monk on May 12, 2014 at 09:56 UTC
Re: Executing perlcode from variable
by sundialsvc4 (Abbot) on May 12, 2014 at 11:06 UTC

    Uh huh ... I feel exactly the same way about “evaling code taken from a database” as I do about the original way that JSON used to work.   JSON was conceptually simple in those early, trusting days:   “simply send JavaScript to the client, who can then execute it.”   (And, if you recall, PHP allowed you to send arbitrary variable-names in URL-strings, too.)   It is simply “too unsafe to consider” nowadays ... in addition to the fact that it introduces into the program “source-code that is not here.”   A genie you just can’t afford to let out of its bottle, regardless of language or situation.

Re: Executing perlcode from variable
by leslie (Pilgrim) on May 12, 2014 at 10:29 UTC

    Hi,

    Find this below example. It may be useful for you.

    use strict; use warnings; use Data::Dumper; my $val = q| my @array= qw(A R N D); splice(@array,0,4,qw(B N M C)); print Dumper \@array; |; eval($val);
Re: Executing perlcode from variable
by jmmitc06 (Beadle) on May 12, 2014 at 14:30 UTC

    yes you can use 'eval' to evaluate code from an exogenous source, I did this some time ago. In my case I hadn't completely figured out how to use DBI and was generating some DBI commands, saving them as strings and evaluating them with eval. Although doable, I think this falls into the category of there has to be a better way not only due to security reasons but also because it can be very difficult to debug.