如何修改用户输入? [英] How to modify user input?

问题描述

我写了一个小演示代码，向你展示我的问题:

I wrote an little demo code, to show you my problem:

puts "Enter your feeling"
a = gets.chomp
@feel = "good"
puts a

所以当涉及到输入时，我输入:

SO when it comes to the input, i type in:

Actually i fell very #{@feel}

然后我希望得到这个输出:

Then i hope to get this output:

 Actually i fell very good

但是我得到了这个输出:

But instead i get this output:

 Actually i fell very #{@feel}

我做错了什么?

推荐答案

老实说，从用户处插入任意字符串并不太安全.基本上它与使用 Kernel#eval(这将适用于您的情况)......用户可以放置他们想要的任何东西，并且非常容易滥用和破坏您的系统.从技术上讲，您可以通过简单地过滤掉所键入内容中的引号来做一些事情，但老实说，这是一个糟糕的选择.

It honestly isn't too safe to interpolate arbitrary strings from the user. Basically it's the same as using Kernel#eval (which will work in your case) ... the user can put whatever they want and it is extremely easy to abuse and compromise your system. You could technically do a little by simply filtering out quotation marks in what they type, but honestly it's a bad choice.

你可以做的是用 @feel 替换 #{@feel} 的字符串，如果 @feel 是唯一的东西您将允许他们进行插值:

What you can do is do a string replace for #{@feel} with @feel, if @feel is the only thing you are going to allow them to interpolate:

puts a.gsub('#{@feel}',@feel)

这篇关于如何修改用户输入?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！