interpolating variable from file

[bobbybobbertson]

I've got a perl problem. I sort of want to use a php style "include" file in perl.

What I mean is that I have a file that has a bunch of html in it. However, inside that html file is a variable. I have a perl cgi program that reads that html file and includes it in its output to the browser.

So the perl program reads the html file and spits it out to the browser. However the variable is not interpolated. Is there a way to get the variable interpolated.
Below is a short version of what I'm doing. The goal is to be able to run the perl file and have it output "this is interpolated text":

include.html
==========
<html>
<head>
</head>
<body bgcolor=&quot;#ffffff&quot;>
@interpolate_me
</body>
</html>


output_include_file_with_interpolation.pl
=============================
use CGI:retty;
print $cgi->header();

my @interpolate_me = &quot;this is interpolated text&quot;

open INPUT , &quot;include.html&quot; or die $!;
my @include_file = <INPUT>;
print @include_file;
close INPUT;

 

[justice41]

One of the myriad ways is to change your print statement to

print eval qq^qq(@include_file)^;

jaa

 

[bobbybobbertson]

Thanks, I'll have to try that!!

Out of curiosity, is there a security concern with the eval? Does that statement just fill in the variables, or would it be possible to execute some maliscious code. Say someone put some backticks in the html file?

Its not a big concern, but I will have other's makin gthe template html files, so I should at least ask this question.

I also found another answer:
HTML::Templates

Thanks!

 

[bobbybobbertson]

Also, can you by chance explain that code. I dont' really understand it:
print eval qq^qq(@include_file)^;

 

[justice41]

HTML::Template is a much better (and safer) way to go. Malicious code could easily be inserted like:

<html>
 <head>
 </head>
 <body bgcolor=&quot;#ffffff&quot;>
    ${`rm -rf /`}
 </body>
</html>

where any code can be inserted in the backticks.

jaa