Windows批处理文件中的安全数字比较 [英] Safe number comparison in Windows batch file
问题描述
我知道,在批处理文件中比较相等性时,通常将双方都用引号引起来,例如
I know that when comparing stuff for equality in a batch file it's common to enclose both sides in quotes, like
IF "%myvar% NEQ "0"
但是当使用大于"或小于"进行比较时,这将不起作用,因为操作数随后将被视为带有引号的字符串.因此,您可以只做
But when comparing using "greater than" or "less than", this doesn't work because the operands would then be treated as strings with quotes around them. So you can instead just do
IF %myvar% GTR 20000
需要说明的是,如果未声明变量%myvar%,那就像在做
The caveat is that if the variable %myvar% isn't declared, it would be like doing
IF GTR 20000
这是语法错误.
我想出了以下解决方法:
I came up with the following workaround:
IF 1%myvar% GTR 120000
我希望
如果未定义myvar会导致IF 1 GTR 120000,它似乎可以工作.
which I'm hoping would result in IF 1 GTR 120000 if myvar is undefined, and it seems to work.
这是比较数字并计算未声明变量的安全方法,还是我只是打开了一个全新的警告框?
Is this a safe way to compare numbers and accounting for undeclared variables, or did I just open up a whole new can of caveats?
推荐答案
让我们假设批处理文件包含:
Let us assume the batch file contains:
@echo off
:PromptUser
rem Undefine environment variable MyVar in case of being already defined by chance.
set "MyVar="
rem Prompt user for a positive number in range 0 to 20000.
set /P "MyVar=Enter number [0,20000]: "
正如我在我的回答中所解释的那样,如何停止Windows命令解释器退出在错误的用户输入下执行批处理文件?用户可以自由输入任何内容,包括字符串,这很容易由于语法错误而导致批处理文件的执行中断,或者导致做批处理文件不写的事情.
As I explained by my answer on How to stop Windows command interpreter from quitting batch file execution on an incorrect user input? the user has the freedom to enter really anything including a string which could easily result in breaking batch file execution because of a syntax error or resulting in doing something the batch file is not written for.
如果用户仅按下键 RETURN 或 ENTER ,则命令 SET 根本不会修改环境变量MyVar.在这种情况下,很容易在提示用户是否使用以下命令输入字符串之前,使用环境变量MyVar明确未定义进行验证:
If the user hits just key RETURN or ENTER, the environment variable MyVar is not modified at all by command SET. It is easy to verify in this case with environment variable MyVar explicitly undefined before prompting the user if the user entered a string at all with:
if not defined MyVar goto PromptUser
注意:可以使用与set "MyVar="不同的东西(如set "MyVar=1000")来定义默认值,该默认值甚至可以在提示时输出,从而使用户可以直接按 RETURN 或 ENTER 使用默认值.
Note: It is possible to use something different than set "MyVar=" like set "MyVar=1000" to define a default value which can be even output on prompt giving the user the possibility to just hit RETURN or ENTER to use the default value.
用户可能有意或错误地输入带有一个或多个"的字符串.例如,在非数字上按下德语键盘键 2 当前启用了 CapsLock 的键盘会导致输入",但使用德语(IBM)的键盘上的 CapsLock 仅在软件上处于活动状态字母.因此,如果用户快速敲击 2 和 RETURN 或没有像很多人在键盘上一样在屏幕上看,就会误输入双引号而不是2由用户.
The user could enter a string with one or more " intentionally or by mistake. For example pressing on a German keyboard key 2 on non-numeric keyboard with CapsLock currently enabled results in entering ", except German (IBM) is used on which CapsLock is by software only active for the letters. So if the user hits 2 and RETURN quickly or without looking on screen as many people do on typing on keyboard, a double quote character instead of 2 was entered by mistake by the user.
在MyVar上包含具有一个或多个"所有%MyVar%或"%MyVar%"环境变量引用的字符串是有问题的,因为Windows命令处理器将%MyVar%替换为具有一个或多个"几乎总是会导致语法错误,或者批处理文件执行了它不适合的操作.另请参见 Windows命令解释器(CMD.EXE)如何解析脚本?
On MyVar holding a string with one or more " all %MyVar% or "%MyVar%" environment variable references are problematic because of %MyVar% is replaced by Windows command processor by user input string with one or more " which nearly always results in a syntax error or the batch file does something it was not designed for. See also How does the Windows Command Interpreter (CMD.EXE) parse scripts?
有两种解决方案:
- 启用延迟扩展,并使用
!MyVar!或"!MyVar!"引用环境变量现在用户输入的字符串不再影响cmd.exe在解析后执行的命令行. - 如果该字符串永远不应包含双引号字符,则从用户输入字符串中删除全部
".
- Enable delayed expansion and reference the environment variable using
!MyVar!or"!MyVar!"as now the user input string does not affect anymore the command line executed bycmd.exeafter parsing it. - Remove all
"from user input string if this string should never contain a double quote character.
字符"在字符串中绝对无效,该字符串应为0至20000范围内的数字(十进制).因此,可以使用另外两行来防止由"引起的用户输入字符串的错误处理.
Character " is definitely invalid in a string which should be a number in range 0 to 20000 (decimal). For that reason two more lines can be used to prevent wrong processing of user input string caused by ".
set "MyVar=%MyVar:"=%"
if not defined MyVar goto PromptUser
在将%MyVar:"=%替换为结果字符串之前,Windows命令处理器将在解析此行时删除所有双精度引号.因此,最终执行的命令行set "MyVar=whatever was entered by the user"在执行时是安全的.
The Windows command processor removes all doubles quotes already on parsing this line before replacing %MyVar:"=% with the resulting string. Therefore the finally executed command line set "MyVar=whatever was entered by the user" is safe on execution.
上面的示例错误地输入了"而不是2导致执行set "MyVar=",这未定义环境变量MyVar,这就是 IF 条件为之前使用过的必须在进一步处理用户输入之前再次使用.
The example above with a by mistake entered " instead of 2 results in execution of set "MyVar=" which undefines the environment variable MyVar which is the reason why the IF condition as used before must be used again before further processing of the user input.
用户应在0到20000的范围内输入一个正数十进制.因此,用户输入字符串中除0123456789以外的任何其他字符绝对无效.例如,可以使用以下命令检查任何无效字符:
The user should enter a positive decimal number in range 0 to 20000. So any other character than 0123456789 in user input string is definitely invalid. Checking for any invalid character can be done for example with:
for /F delims^=0123456789^ eol^= %%I in ("%MyVar%") do goto PromptUser
如果整个字符串仅由数字组成,则命令 FOR 不执行goto PromptUser.在所有其他情况下,包括零个或多个数字之后以;开头的字符串,都会导致执行goto PromptUser,因为输入字符串包含非数字字符.
The command FOR does not execute goto PromptUser if the entire string consists of just digits. In all other cases including a string starting with ; after zero or more digits results in execution of goto PromptUser because of input string contains a non-digit character.
Windows命令处理器将前导0的数字解释为八进制数字.但是,即使用户在开头输入一个或多个0,也应将其解释为十进制数.因此,应先删除前导零,然后再处理变量值.
Windows command processor interprets numbers with a leading 0 as octal numbers. But the number should be interpreted as decimal number even on user input it with one or more 0 at beginning. For that reason the leading zero(s) should be removed before further processing variable value.
for /F "tokens=* delims=0" %%I in ("%MyVar%") do set "MyVar=%%I"
if not defined MyVar set "MyVar=0"
FOR 删除分配给MyVar的字符串开头的所有0,并将分配给环境变量MyVar的其余字符串分配给循环变量I.
FOR removes all 0 at beginning of string assigned to MyVar and assigns to loop variable I the remaining string which is assigned next to environment variable MyVar.
FOR 也会运行set "MyVar=%%I",并执行set "MyVar="的结果,在这种特殊情况下,该set "MyVar="会取消定义环境变量MyVar.但是0是有效数字,因此必须使用 IF 条件在用户输入的具有一个或多个零的数字0上用字符串值0重新定义MyVar.
FOR runs in this case set "MyVar=%%I" even on user entered 0 or 000 with the result of executing set "MyVar=" which undefines environment variable MyVar in this special case. But 0 is a valid number and therefore the IF condition is necessary to redefine MyVar with string value 0 on user entered number 0 with one or more zeros.
现在可以安全地将命令 IF 与运算符GTR一起使用,以验证用户输入的数字是否过多.
Now it is safe to use the command IF with operator GTR to validate if the user entered a too large number.
if %MyVar% GTR 20000 goto PromptUser
即使在用户输入的82378488758723872198735897大于最大正32位整数值2147483647的情况下,最后一次验证也有效,因为范围溢出会导致在执行此 IF 时使用2147483647健康)状况.详情请参见使用IF的奇怪结果.
This last verification works even on user entering 82378488758723872198735897 which is larger than maximum positive 32 bit integer value 2147483647 because of the range overflow results in using 2147483647 on execution of this IF condition. See my answer on weird results with IF for details.
一个完整的批处理文件,用于安全评估仅十进制数字的用户输入数字,范围为0至20000:
An entire batch file for safe evaluation of user input number in range 0 to 20000 for only decimal numbers is:
@echo off
set "MinValue=0"
set "MaxValue=20000"
:PromptUser
rem Undefine environment variable MyVar in case of being already defined by chance.
set "MyVar="
rem Prompt user for a positive number in range %MinValue% to %MaxValue%.
set /P "MyVar=Enter number [%MinValue%,%MaxValue%]: "
if not defined MyVar goto PromptUser
set "MyVar=%MyVar:"=%"
if not defined MyVar goto PromptUser
for /F delims^=0123456789^ eol^= %%I in ("%MyVar%") do goto PromptUser
for /F "tokens=* delims=0" %%I in ("%MyVar%") do set "MyVar=%%I"
if not defined MyVar set "MyVar=0"
if %MyVar% GTR %MaxValue% goto PromptUser
rem if %MyVar% LSS %MinValue% goto PromptUser
rem Output value of environment variable MyVar for visual verification.
set MyVar
pause
此解决方案使批处理文件编写器还可以输出一条错误消息,通知用户为什么批处理文件不接受输入的字符串.
This solution gives the batch file writer also the possibility to output an error message informing the user why the input string was not accepted by the batch file.
如果MinValue的值为0,则不需要使用运算符LSS的最后一个 IF 条件,这就是使用命令 REM 注释掉它的原因此用例.
The last IF condition with operator LSS is not needed if MinValue has value 0 which is the reason why it is commented out with command REM for this use case.
这是一种更安全的解决方案,其缺点是用户不能输入一个十进制数字,而一个或多个前导0仍然是用户通常期望的十进制解释.
Here is one more safe solution which has the disadvantage that the user cannot enter a decimal number with one or more leading 0 being nevertheless interpreted decimal as expected usually by users.
@echo off
set "MinValue=0"
set "MaxValue=20000"
:PromptUser
rem Undefine environment variable MyVar in case of being already defined by chance.
set "MyVar="
rem Prompt user for a positive number in range %MinValue% to %MaxValue%.
set /P "MyVar=Enter number [%MinValue%,%MaxValue%]: "
if not defined MyVar goto PromptUser
setlocal EnableDelayedExpansion
set /A "Number=MyVar" 2>nul
if not "!Number!" == "!MyVar!" endlocal & goto PromptUser
endlocal
if %MyVar% GTR %MaxValue% goto PromptUser
if %MyVar% LSS %MinValue% goto PromptUser
rem Output value of environment variable MyVar for visual verification.
set MyVar
pause
此解决方案使用延迟的环境变量扩展,如上面第2点的第一个选项所述.
This solution uses delayed environment variable expansion as written as first option on point 2 above.
使用算术表达式将用户输入的字符串转换为带符号的32位整数,将该字符串解释为十进制,八进制或十六进制数字,然后返回分配给环境变量Number的字符串,在该环境变量中使用十进制数字系统Windows命令处理器.由于无效的用户字符串而导致对算术表达式求值时出现的错误输出被重定向到设备 NUL 以对其进行抑制.
An arithmetic expression is used to convert the user input string to a signed 32 bit integer interpreting the string as decimal, octal or hexadecimal number and back to a string assigned to environment variable Number on which decimal numeral system is used by Windows command processor. An error output on evaluation of the arithmetic expression because of an invalid user string is redirected to device NUL to suppress it.
如果算术表达式创建的数字字符串与用户输入的字符串不同,则使用延迟扩展来验证下一步. IF 条件适用于无效的用户输入,包括具有以cmd.exe解释为八进制的前导零的数字或以十六进制形式输入的数字,例如0x14或0xe3.
Next is verified with using delayed expansion if the number string created by the arithmetic expression is not identical to the string entered by the user. This IF condition is true on invalid user input including number having leading zeros interpreted octal by cmd.exe or a number entered hexadecimal like 0x14 or 0xe3.
在传递字符串比较时,使用运算符GTR和LSS比较MyVar与20000和0的值是安全的.
On passing the string comparison it is safe to compare value of MyVar with 20000 and 0 using the operators GTR and LSS.
请阅读此答案,以获取有关命令 SETLOCAL 和 ENDLOCAL ,因为在运行setlocal EnableDelayedExpansion和endlocal上要做的事情不止是启用和禁用延迟的环境变量扩展.
Please read this answer for details about the commands SETLOCAL and ENDLOCAL because there is much more done on running setlocal EnableDelayedExpansion and endlocal than just enabling and disabling delayed environment variable expansion.
如果值0超出有效范围,即用户输入的数字必须大于0.
There is one more solution using less command lines if the value 0 is out of valid range, i.e. the number to enter by the user must be greater 0.
@echo off
set "MinValue=1"
set "MaxValue=20000"
:PromptUser
rem Undefine environment variable MyVar in case of being already defined by chance.
set "MyVar="
rem Prompt user for a positive number in range %MinValue% to %MaxValue%.
set /P "MyVar=Enter number [%MinValue%,%MaxValue%]: "
set /A MyVar+=0
if %MyVar% GTR %MaxValue% goto PromptUser
if %MyVar% LSS %MinValue% goto PromptUser
rem Output value of environment variable MyVar for visual verification.
set MyVar
pause
此代码使用set /A MyVar+=0将用户输入的字符串转换为32位带符号整数值,并按照他的评论中> aschipfl
This code uses set /A MyVar+=0 to convert the user entered string to a 32-bit signed integer value and back to a string as suggested by aschipfl in his comment above.
如果用户根本没有输入任何字符串,则在带有算术表达式的命令行后,MyVar的值为0.如果用户输入的字符串的第一个字符不是这些字符-+0123456789之一,例如"或/或(,则也是0.
The value of MyVar is 0 after command line with the arithmetic expression if the user did not input any string at all. It is also 0 if the user input string has as first character not one of these characters -+0123456789 like " or / or (.
用户输入的字符串以数字-或+开头的,下一个字符是数字,将转换为整数值并返回为字符串值.输入的字符串可以是十进制数,八进制数或十六进制数.请在与Windows批处理文件中的NEQ,LSS,GTR等等效的符号中查看我的答案,详细说明Windows命令处理器如何将字符串转换为整数值.
A user input string starting with a digit, or - or + and next character is a digit, is converted to an integer value and back to a string value. The entered string can be a decimal number or an octal number or a hexadecimal number. Please take a look on my answer on Symbol equivalent to NEQ, LSS, GTR, etc. in Windows batch files which explains in detail how Windows command processor converts a string to an integer value.
此代码的缺点是错误地输入了字符串7"(而不是728,原因是按下 2 和MyVar值为7错误地输入了7"(.Windows命令处理器仅将最多至第一个无效字符的字符解释为十进制,十六进制或八进制数作为整数值,并忽略字符串的其余部分.
The disadvantage of this code is that a by mistake input string like 7"( instead of 728 caused by holding Shift on pressing the keys 2 and ( on a German keyboard is not detected by this code. MyVar has value 7 on user enters by mistake 7"(. Windows command processor interprets just the characters up to first not valid character for a decimal, hexadecimal or octal number as integer value and ignores the rest of the string.
使用此代码的批处理文件可以安全地防止意外退出批处理文件,因为从不依赖于用户的输入而不会发生语法错误.但是错误地输入了一个错误的数字,在某些情况下,代码没有检测到它,导致使用用户不想使用的数字进一步处理批处理文件.
The batch file using this code is safe against an unwanted exit of batch file processing because of a syntax error never occurs independent on what the user inputs. But a by mistake wrong input number is in some cases not detected by the code resulting in processing the batch file further with a number which the user did not want to use.
这篇关于Windows批处理文件中的安全数字比较的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
