If you then single quote your s/// expression to protect from shell interpolation

Adding single quotes does not protect from shell interpolation.

That will fail if $hash1 or $hash2 can contain «'», I don't think that's possible, but I don't know for sure.

That's why I use

   $s =~ s/'/'\\''/g;
   return "'$s'";
[download]

instead of

   return "'$s'";
[download]

Update: philipbailey has since pointed out that the hash cannot contains quotes. While you can't context text to a shell literal using the second snippet in general, it appears to be safe in this particular circumstance.

We've had this conversation before, ikegami. In this case the OP's base64-encoded strings never contain single quotes.

Update: this is clarified in later nodes in this thread. The OP's output largely consists of base-64 strings together with 4 other (non-quote) characters, explained below.

The OP doesn't have base64-encoded strings. He's got hashes which include base64 strings. They are not base64 strings, and I don't know if they can contain quotes or not.

As for your comment about having this discussion before, it makes no sense. I'm telling the OP that just adding single quotes is not always acceptable, and I'm sure I've never told this to him before since he's never posted here before.

You are probably referring to the thread where you recommended a buggy version of

my $passwd_lit = $passwd;
my $path_lit   = $path;
s#'#'\\''#g for $passwd_lit, $path_lit;
system("mysqldump --add-drop-table -uroot -p'$passwd_lit' mydatabase |
+ gzip -9c > '$path_lit'");
[download]

over

my ($passwd_lit, $path_lit) = map text_to_shell_lit, $passwd, $path;
system("mysqldump --add-drop-table -uroot -p$passwd_lit mydatabase | g
+zip -9c > $path_lit");
[download]

But that makes no sense either since you didn't use that code.