Samn has asked for the wisdom of the Perl Monks concerning the following question:

Replies are listed 'Best First'.
Re: Executing code in a string
by fruiture (Curate) on Jul 09, 2002 at 19:03 UTC
    by Samn (Monk) on Jul 09, 2002 at 19:12 UTC
          Specifically, consider using the Safe module to restrict the kinds of things that the external code is allowed to do. For example, the following:
          use Safe; my $compartment = new Safe; $compartment->permit_only(':base_core'); my $result = $compartment->reval($foo);
          will forbid a great number of operations but leaves enough allowed so that $foo could be a configuration file - written in Perl syntax. In that case, the rdo() method is also interesting: my $result = $compartment->rdo($filename); which is a safe replacement for my $result = do $filename; For information about the tags and names you can use in the permit() call, see the documentation to the Opcode module.

          Makeshifts last the longest.

    Re: Executing code in a string
    by aufrank (Pilgrim) on Jul 09, 2002 at 19:21 UTC
      eval is a function that lets you execute a block of code, but it can be mighty tricky and I suggest you read up on it first. Of special use is $@, or EVAL_ERROR, which you can read about in perlvar, here.

      I know that I did things which I thought made sense while I was starting out, and later realized were pretty dangerous because I wasn't checking $@, so I had no clue what was being spit out of the blocks I was trying to execute.

      It's also really important to understand __DIE__ , but you'll get that feeling when you read the eval docs.

      good luck,

    Re: Executing code in a string
    by gav^ (Curate) on Jul 09, 2002 at 19:06 UTC
      If you search for eval you'll find that eval $foo; works...


      Update: first time round it came out slightly more scathing than I intended. Apologies all round.

        If you don't have anything nice to say...