There's more than one way to do things | |
PerlMonks |
Re: Re: Quotes In CGIby Anonymous Monk |
on Oct 07, 2002 at 22:35 UTC ( [id://203518]=note: print w/replies, xml ) | Need Help?? |
I'm sure that you realize that single-quotes aren't the only reason the above code is very, very bad. If, for example, someone were to figure out what you're doing, they could call your script like this: script.cgi?x=1;system('rm%20-rf%20/etc/');print%20'gotcha!This would eval (I think -- it's not tested), and do some potentially nasty things. I'm not devious enough to come up with something really nasty to do in a system call, but you get the idea... jpt
In Section
Seekers of Perl Wisdom
|
|