Avoiding backticks in Perl

^ click above ^

04.15.04

Avoiding backticks in Perl
In Perl, backticks (``) and the system and exec functions provide a convenient means to run external programs. While these methods are easy to use in personal scripts, security problems can result from their use in Common Gateway Interface (CGI) scripts on a webserver or in multiuser environments where the script has elevated privileges. Examples of insecure code are demonstrated below. Replacement code and other methods of handling potential security problems- such as input validation and using perl’s taint mode- are then illustrated.

For background information on the Perl functions and operators in question, see the system and exec documentation in perlfunc and `STRING` documentation in perlop. This can be doing using the perldoc(1) command.
Read The Whole Article

Regular Expressions Primer
"Regular Expression" is a fancy way to say "pattern matcher." Humans can match patterns with relative ease. A machine has a bit more difficulty deciphering patterns, especially in text. As computing became more powerful, the methods for matching text grew into more flexible dialects.

Regular expressions can be one of the toughest concepts to grasp and use effectively in any programming language. Perl is no exception because its regular expressions engine is perhaps the most advanced regex engine in existence. Its power and flexibility also serve to confuse and intimidate many newcomers. It is important to understand the Regular Expression engine because it's often the cause of serious bottlenecks in programs of all shapes and sizes.
Read The Whole Article

Yahoo! Search Technology: Take it for a spin

Processing Command Line Options with PERL
Over the course of the next few pages, I will introduce you to one of the more interesting modules in the Perl pantheon, the Getopt::Long.pm module. This module provides a simple API to parse options passed to your Perl scripts at the command line and convert them into Perl scalars or arrays.

If you've ever used a shell (UNIX or MS-DOS) before, you're probably already familiar with command-line options - they're the little arguments you pass to a program you're executing on the command line in order to modify its behaviour. For example, if you're deleting a directory, you could add a parameter to the command line to tell the system to delete all sub-directories under it as well or, if you're retrieving a directory listing with the "ls" command, you could add the "-l" command-line option to obtain a detailed listing instead of the abbreviated version.
Read The Whole Article

Managing IP space with Perl
A while ago, I wrote NetAddr::IP to help me work out tedious tasks such as finding out which addresses fell within a certain subnet or allocating IP space to network devices.

This article discusses many common tasks along with solutions using NetAddr::IP. Since Perl lacks a native type to represent either an IP address or an IP subnet, I feel this module has been quite helpful for fellow Perl programmers who like me, need to work in this area.
Read The Whole Article

Effective online ads.

Automating Perl Database Applications
A number of options are available for Perl developers who want to reduce the amount of work and tedium involved in writing Perl CGI scripts that interact with a database server. Some of these alternatives include CGI::Application and Class::DBI with the Template toolkit. However, these solutions may not be appropriate for every situation. Web sites hosted at an ISP may not include these Perl modules or allow customers to install these modules within the Perl directory hierarchy. These solutions still do require some programming and therefore may not be suitable for entry-level developers.
Read The Whole Article

*** Consumer Targeting ***
Deliver contextually relevant messages that drive click-through and conversion rates 20-40 times higher than traditional banner ads. >> 2 min. Quick Tour

Automating MapPoint with Perl
This article shows how to access the MapPoint API from Perl using the Win32::OLE module. Topics include basic Perl syntax, how to call MapPoint methods, and how to set MapPoint API properties.

I've been a fan of using Perl for manipulating text files for some years having previously used AWK. Both are free, but the main advantage of using Perl is the enormous variety of modules available ranging from HTML and XML parsers, image manipulation libraries, communications and networking, mathematics libraries and so on.
Read The Whole Article

Read this newsletter at: http://www.perlpronews.com/2004/0415.html

Free Newsletters

Part of the iEntry Network
over 4 million subscribers

PerlProNews

EcommNewz

ITcertificationNews

Send me relevant info on products and services.

WebmasterFree Downloads

From the Forum:

Best "All-in-One" PHP Download

Assuming I get time I've been teetering for ages on 'trying' to get into PHP and MySQL.

After my last break I downloaded the latest stable release of MySQL but lost confidence when it required connection to the web (Monitor) with no explaination on starting up?

I've seen a number of downloads with various software/server combinations (IIS and Apache) and different versions (not necessarilly the latest stable release), but none with (I'm guessing) all the tools required? ...

Go Here

-- PerlProNews is an iEntry, Inc. publication --
iEntry, Inc. 880 Corporate Drive, Lexington, KY 40503
2004 iEntry, Inc. All Rights Reserved Privacy Policy Legal

archives | advertising info | news headlines | free newsletters | comments/feedback | submit article