如何修改用户输入? [英] How to modify user input?
问题描述
我写了一个小演示代码,向你展示我的问题:
I wrote an little demo code, to show you my problem:
puts "Enter your feeling"
a = gets.chomp
@feel = "good"
puts a
所以当涉及到输入时,我输入:
SO when it comes to the input, i type in:
Actually i fell very #{@feel}
然后我希望得到这个输出:
Then i hope to get this output:
Actually i fell very good
但是我得到了这个输出:
But instead i get this output:
Actually i fell very #{@feel}
我做错了什么?
推荐答案
老实说,从用户处插入任意字符串并不太安全.基本上它与使用 Kernel#eval(这将适用于您的情况)......用户可以放置他们想要的任何东西,并且非常容易滥用和破坏您的系统.从技术上讲,您可以通过简单地过滤掉所键入内容中的引号来做一些事情,但老实说,这是一个糟糕的选择.
It honestly isn't too safe to interpolate arbitrary strings from the user. Basically it's the same as using Kernel#eval (which will work in your case) ... the user can put whatever they want and it is extremely easy to abuse and compromise your system. You could technically do a little by simply filtering out quotation marks in what they type, but honestly it's a bad choice.
你可以做的是用 @feel
替换 #{@feel}
的字符串,如果 @feel
是唯一的东西您将允许他们进行插值:
What you can do is do a string replace for #{@feel}
with @feel
, if @feel
is the only thing you are going to allow them to interpolate:
puts a.gsub('#{@feel}',@feel)
这篇关于如何修改用户输入?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!