Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p><a href="https://stackoverflow.com/questions/5873148/input-and-arrays/5873219#5873219">gnovice's</a> &amp; <a href="https://stackoverflow.com/questions/5873148/input-and-arrays/5873250#5873250">Peter R.'s</a> answers address your question. However, I thought I'd mention why using evaluated responses for applications where where <em>you're not the end user</em> is a terrible idea.</p> <p>While the feature is certainly useful, as demonstrated by gnovice, it also evaluates system calls!</p> <pre><code>Enter values for mass: system('echo "hello world" ') hello world </code></pre> <p>That's a response from my OS. <code>vec</code> just stores the exit return value from the function. You can pretty much do anything, including</p> <pre><code>Enter values for mass: system('rm -rf /') </code></pre> <p>which will simply erase the entire drive, if running as super user. Granting users an entry to your OS is simply a bad, bad idea, and I mention this, because I've seen several science kiosks, where they have some small program written in MATLAB to illustrate some concept and and use <code>input</code> to request values from the users (random folks strolling by). Perhaps not everyone thinks like me, so they haven't had trouble so far :). However, this is just like <a href="http://en.wikipedia.org/wiki/SQL_injection" rel="nofollow noreferrer">SQL injections</a> and every argument that can be made for sanitizing databases, can be applied here too. </p> <p>The way around in this case, is to use <code>input</code> with an optional second input argument, as </p> <pre><code>vec=input('Enter values for mass: ','s'); </code></pre> <p>This stores the <em>unevaluated</em> string to the variable <code>vec</code>, and you can then check for malicious content before evaluating it (or only allow a whitelisted set of functions &amp; characters).</p> <pre><code>Enter values for mass: system('echo "hello world" ') &gt;&gt; vec vec = system('echo "hello world" ') </code></pre>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload