[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: name of a global variable to store the result of a function

From: Eli Schwartz
Subject: Re: name of a global variable to store the result of a function
Date: Sun, 24 May 2020 14:48:56 -0400
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0

On 5/24/20 2:08 PM, Pier Paolo Grassi wrote:
> why "useless"? what is wrong about using eval?

well... you have


And you'd like to assign it. So, do you use, apparently,

eval "$varname=\"\$result\""

or do you use

printf -v "$varname" "%s" "$result"
declare -g "$varname=$result"

How do you sanitize possible input values for $varname? printf/declare
are fairly simple, just ensure there are no square brackets on the LHS.
eval needs to protect against that, and also needs lots more sanitizing
on top.

How do you make sure you get your quoting and escaping straight? Most
uses of eval fall over for that exact reason. Why bother with any of
that at all? The purpose of eval is explicitly to parse a line of code
twice instead of once, and nothing you are trying to do requires this.


Entire books could be written on why eval is dangerous or evil and is
typically used a) with great care and after much thought and inability
to come up with a non-eval solution, b) in a small handful of well-known
cases of limited scope, c) by newbies...

... but I'll give you a head start:

Eli Schwartz
Arch Linux Bug Wrangler and Trusted User

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]