On Thu, 2 Jan 2003 23:36:04 -0600, [EMAIL PROTECTED] (Reactor)
wrote:
>I am fairly new to perl, so this is probably looks like a silly question:
>I am trying to write text to a file as specified by the query string
>environment variable. Since the file names are all numbers, I'm using a
>regex to strip anything other than a digit from the variable, and assign the
>new value to a variable. I've R-ed a few different FM's for the way to do
>this, and it says to use the regex memory value, which isn't tainted. When
>I try this using my current regex it leaves the $1 variable undefined. Code
>snipet:
>
>
>@temp = split(/=/, $ENV{'QUERY_STRING'});
>$temp[0] =~ s/([^0-9])//g;
>$filename = $1;
>
>
>I made a sort of mini-debug function that prints out each variable. It
>prints the unprocessed query string after spliting and the value of $temp[0]
>after processing (which is all numbers) correctly, but the variable
>$filename doesn't have a value... Not sure where I went wrong with this...
>Unless the $1 is null because the matched pattern is deleted... or does the $1 hold
>the return value?
Well you definitely are thinking "the right way" as far as using
the taint mode.
Your problem is a common one with regexes, "make sure you are
matching" or $1 will be undefined. Usually they do something like:
if($temp[0] =~ s/([^0-9])//g){$filename = $1}
else warn "no match\n";
Try some more debugging, I'm sure the regex isn't doing what you
think it supposed to be doing. Try printing $temp[0] before and
after the regex. It might be as simple as
$temp[0] =~ s/([^0-9])/$1/g;
Otherwise, post some sample data, and the regex experts can
help you make the proper match.
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
