堆栈内存溢出
  简体   繁体   English

我如何告诉Linux bash忽略反引号?

[英]How do I tell linux bash to ignore backticks?

 原文  2015-01-06 00:47:29       mysql/ linux/ bash/ chef

问题描述

I'm writing a chef recipe that calls the mysql command and executes a query. 我正在写一个调用mysql命令并执行查询的厨师食谱。 The problem is that the query passed into this command can have backticks, and I have no control over that. 问题在于传递给该命令的查询可能带有反引号,而我对此无能为力。 EG I'll do something like this: EG我会做这样的事情:

execute "update_customer_segment_custom_condition_#{no_space_segment_name}" do action :run command "mysql --user=#{user} #{db_name} --execute="CALL someStoredProcedure(\\"A String\\", \\"A QUERY CONTAINING BACKTICKS OVER WHICH I HAVE NO CONTROL THAT NEEDS TO BE PASSED VERBATIM\\");" end

but Bash always complains about the syntax because it tries to interpret the backticks and evaluate. 但是Bash总是抱怨语法,因为它试图解释反引号并进行评估。 How can I tell it to completely ignore that character? 我如何告诉它完全忽略该字符?

FYI this is being called inside a chef execute block as a command , hence using # for variables. 仅供参考,这是在厨师execute块内作为command调用的,因此对变量使用#。

2 个解决方案

解决方案1
 2 已采纳  2015-01-06 00:59:47

You could also use an execute resource in Chef instead of bash . 您也可以在Chef中使用execute资源,而不是bash That won't use bash and thus backticks have no special meaning. 那不会使用bash,因此反引号没有特殊含义。

EDIT: 编辑:

To be more specific with the example resource you posted 更具体地讲,您发布的示例资源 

execute "update_customer_segment_custom_condition_#{no_space_segment_name}" do
  command ['mysql', "--user=#{user}", db_name, '--execute="CALL someStoredProcedure(\"A String\", \"A QUERY CONTAINING BACKTICKS OVER WHICH I HAVE NO CONTROL THAT NEEDS TO BE PASSED VERBATIM\");"']
end

The array form for command shuts off any processing by the shell. command的数组形式将关闭外壳程序的所有处理。

解决方案2
 0  2015-01-06 15:04:01

this is probably because you build a string with ruby (I dont' know ruby) and then pass it into a shell execute with action run 这可能是因为您使用ruby构建了一个字符串(我不知道ruby),然后将其传递到具有操作运行的shell中。

This already has a problem as your double quotes terminate in middle string: 这已经存在问题,因为双引号终止于中间字符串:

command " mysql --user=#{user} #{db_name} --execute= "CALL someStoredProcedure(\\"A String\\", \\"A QUERY CONTAINING BACKTICKS OVER WHICH I HAVE NO CONTROL THAT NEEDS TO BE PASSED VERBATIM\\");" 命令“ mysql --user =#{user}#{db_name} --execute = ” CALL someStoredProcedure(\\“ Astring \\”,\\“在我无法控制的情况下包含反引号,需要逐字逐句\\” );”

so I wonder if ruby does not give a syntax error here for the supplemental " at the end. 所以我想知道ruby是否在最后没有为补充“”给出语法错误。

the string you want to generate looks (probably) like this: 您要生成的字符串看起来(可能)是这样的: 

mysql --user=#{user} #{db_name} --execute="CALL someStoredProcedure(\"A String\", \"A QUERY\");"

you need to generate it like that: 您需要像这样生成它: 

mysql --user=#{user} #{db_name} --execute='CALL someStoredProcedure("A String", "A QUERY");"

And the part with "A QUERY" you need to replace all occurences of ' with '\\'' else you can still get a shell code injection. 而带有“ A QUERY”的部分需要用'\\''替换所有出现的' ,否则您仍然可以获得外壳代码注入。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用活动记录时,如何忽略codeigniter中的反引号? 我需要根据情况订购 - how do i ignore the backticks in codeigniter when using active records? i need to order by cases 如何将反引号放在名为key for hibernate的列名中 - How do I put backticks in a column name called key for hibernate 如何在格式化的 mysql 查询中删除反引号? - How do I remove backticks in formatted mysql query? INSERT IGNORE - 如何插入? - INSERT IGNORE - How can I tell if inserted? 我在哪里或如何告诉CakePHP(2.x)忽略数据库中的视图,以使其仅适用于表? - Where or how do I tell CakePHP (2.x) to ignore the Views in a database, so that it works only with the Tables? 如何结合mysql和linux bash脚本? - How do I combine a mysql and linux bash script? 重击循环:反引号 - Bash for loop: Backticks 我的MYSQL查询中需要在哪里使用反引号或引号? - Where do I need to use backticks or quotes in my MYSQL query? 如何判断 solr 索引中的内容? - How do I tell what is in solr index? 如何忽略空值? - How do I ignore the null values?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM