Gossamer Forum
Home : General : Perl Programming :

declaring variable

Quote Reply
declaring variable
In perl, how do I declar a variable so that its name is the value of another variable?

I.E.

my $name = "test";

I would like to declare a variable $test automatically.

I would think this would work but it doesn't:

my $$name = "successfully printed test variable";

print $test;

Please help... thanks,

- Jonathan
Quote Reply
Re: [jdgamble] declaring variable In reply to
Here Ya Go..

$name =
"Dave"; #First $name variable declared
$Dave =
"I am king"; # $Dave declared
print $$name,
"\n"; # $$name prints $Dave
print $name,
"\n"; # $name prints itself

SafePick...
Quote Reply
Re: [TheSafePick] declaring variable In reply to
Not quite what I'm thinking of. What I am trying to do is automatically declare any variables coming in through post or get method. (kind of like how php automatically declares the variables.)

If I have something like:

use CGI;
my $q = new CGI;

my $in = $q->param();

Thats probably not exactly right, but I would like to take any variables in a %in hash and automatically declare them.

I.E. say $in{'query'} = "declaring variables"; (for instance) I would like to automatically declare $query = "declaring variables";

Pondering...

- Jonathan
Quote Reply
Re: [jdgamble] declaring variable In reply to
The import_names method of CGI.pm does what you want. Be sure to read the warning on importing names into main (which is what you are trying to do) though.

~Charlie
Quote Reply
Re: [jdgamble] declaring variable In reply to
I was thinking about this again and I was Just curious why using a hashref doesn't work for you:

Code:
#!/usr/bin/perl
use strict;
use warnings;

use CGI;
my $q = CGI->new;

my %var = $q->Vars;

# Assuming a name and email field in your form:
print "My name is $var{'name'} and e-mail address is $var{'email'}.\n";

That's really not a whole lot different than using $name and $email. It's also much like PHP's syntax of $_POST['name']; and $_POST['email'];. If you really miss PHP that much you can always do this:

Code:
my $q = CGI->new;
$q->param(name => 'Charlie');
$q->param(email => 'piper@dev-null.net');

my %_POST = $q->Vars;

print $q->header;
print "<pre>\n";
print "My name is $_POST{'name'} and e-mail address is $_POST{'email'}.\n";
print "</pre>\n"

:)

~Charlie
Quote Reply
Re: [Chaz] declaring variable In reply to
Ok, lets say I get to this point...
Code:
my %var = $q->Vars;


How would I be able to set each set of variables ( $var{'title'} = "Yahoo"; $var{'Reply'} = "yes"; )

:::T0::::

$title = "yahoo";, "$Reply = "yes"; etc...

When I'm not sure how many variables are coming in through the form, or the names of the variables coming through the form?

Another example... lets say someone added this to the script : cgi_script.cgi?title=yahoo&Reply=yes&clock=working

I would want $clock = "working"...

Do you see what I mean...? Thanks so far you've been very helpful,

- Jonathan
Quote Reply
Re: [jdgamble] declaring variable In reply to
Take a look at the link to import_names in my original reply but I dont think it is the way to go:

Code:
$in->import_names('main');
print "This is my reply: $Reply\n";

But when you see something like this in the POD:

Quote:
WARNING: don't import anything into 'main'; this is a major security risk!!!!

You have to ask yourself if it is really worth doing that when you don't really need to.

I'm still not sure why your need to automagically have the variable $foo when you already have $var{'foo'}? The value is the same, they are just different boxes which are equally easy to get into.

Quote:
When I'm not sure how many variables are coming in through the form, or the names of the variables coming through the form?

Then how are you going to know to use $Reply? It sounds like something went amiss in the design phase of this project :) Perhaps if you can give more details of the project it will make more sense.

~Charlie
Quote Reply
Re: [Chaz] declaring variable In reply to
Code:
#!/usr/bin/perl
use CGI::Carp qw(warningsToBrowser fatalsToBrowser);
#use strict;
use CGI;my $q = CGI->new;

my %in = $q->Vars;
print $q->header;
foreach my $key (keys %in) {
print "$key => $in{$key}<br>\n";
$$key = $in{$key};
}
print $me . "<br>\n";
print $clock . "<br>\n";


This does what I want, but it only works when I turn off use strick...

Example if I call test.pl?me=yeah&clock=cooking... it will print that...

or I could add "&comp=dell" and $comp would automatically equal "dell".

See what I'm saying... I just makes things easier rather than calling it from $in{'comp'} or $q->param{comp} or whatever.

So since the above function works with use strict off, how can I get it more precise to work with use strict on?

I already tried

my $$key = $in{$key};

any ideas?

- Jonathan

Last edited by:

jdgamble: Sep 3, 2004, 4:11 PM
Quote Reply
Re: [jdgamble] declaring variable In reply to
You wont be able to use strict vars. This should bypass the major security hole:

Quote:
use strict qw/subs refs/;

Use are your own risk :)

~Charlie

[edit] Replaced "fix" with "bypass the major security hole"[/edit]

Last edited by:

Chaz: Sep 3, 2004, 5:32 PM
Quote Reply
Re: [jdgamble] declaring variable In reply to
it doesn't work with strict on because it's a security risk.

lets say you have a variable "foo" who's value is not supposed to be set through form input. What happens to the value when the user unexpectedly manually tacks on "foo=value" to the cgi request?

Code:
#!/usr/bin/perl
use CGI;

my $q = new CGI;
my $foo = "/path/to/harmless.file";

##
# other vars
##

my %in = $q->Vars;

print $q->header;

foreach my $key ( keys %in) {
$$key = $in{$key};
}

##
# do stuff with some legit vars
##

#print out a thank you page
open (FILE, $foo) or die $!;
while (<FILE>) {
print;
}
close FILE;

If you were paying attention, you will have seen that the user can now print out the contents of any file on your server, instead of your harmless "thank you" page.

Philip
------------------
Limecat is not pleased.
Quote Reply
Re: [fuzzy logic] declaring variable In reply to
Thanks everyone, that pretty much answers my questions about what I am trying to do.

However, since php automatically does this, wouldn't the same security risk be true for php?

Ex. cgi_script.pl?title=whatever

$title is automatically created...

So then php is not as secure? Just a thought.

- Jonathan
Quote Reply
Re: [jdgamble] declaring variable In reply to
yes, the same security risk exists in PHP. Many hosts have it turned off in their PHP configuration file, in favor of the safer $_POST (or $HTTP_POST_VARS) and $_GET (or $HTTP_GET_VARS) associate arrays.

Philip
------------------
Limecat is not pleased.

Last edited by:

fuzzy logic: Sep 4, 2004, 1:35 PM
Quote Reply
Re: [fuzzy logic] declaring variable In reply to
I guess that makes sense. Thanks for the help,

- Jonathan