1

I am trying to use a variable within sed but cant work it out. I have tried 

read -p " enter your name" name
sed -i 's/myname/$name/g' file

But unfortunately it just replaces myname with "$name". Is there an alternative way?

rog
  • 35
  • 6

1 Answers1

-1

The problem is that the bash shell does not do variable expansion within single quotes. For example:

pax> name=paxdiablo
pax> echo 'Hello, $name, how are you?'
Hello, $name, how are you?

For simple cases like this, you can just use double quotes:

pax> echo "Hello, $name, how are you?"
Hello, paxdiablo, how are you?

Having said that, there are some serious concerns with just using arbitrary data expanded like this. A clever attacker could give a name containing characters that would cause your sed to do things you may not want (via an injection attack):

pax@paxbox$ name='/; e printenv; echo '
pax@paxbox$ echo 'Hello, myname' | sed "s/myname/$name/"
LESSOPEN=| /usr/bin/lesspipe %s
USER=pax
: (lots of other stuff about my environment I don't want people to see)
HOSTTYPE=x86_64
/
Hello,

And it doesn't even have to be clever - anyone entering a name containing / will almost certainly cause your sed to fail.

You should either sanitise your input data or use tools where the scope for attack is greatly reduced.

paxdiablo
  • 772,407
  • 210
  • 1,477
  • 1,841
  • 1
    What would be the benefit of doing so? Except of giving the user the chance to inject shell commands when typing his name? – hek2mgl Apr 27 '15 at 13:32
  • 1
    thanks for quick response paxdiablo, worked perfectly – rog Apr 27 '15 at 13:37
  • Exec=pantheon-terminal -e "bash /home/myname/folder/script.sh" this is part of a desktop launcher, if somebody else was to run my script on their pc, i needed a line of code in my script to change "myname" to the users name. – rog Apr 27 '15 at 13:44
  • 1
    it is a bash script, and the double quotes worked great, thanks – rog Apr 27 '15 at 13:49
  • i tried but unfortunately havent got a high enough reputation to vote up, sorry about that – rog Apr 27 '15 at 13:53
  • @rog *Fortunately* you don't have enough reputation! In your question you *used* double quotes but told it is *not* working. Now you tell *it is working*. Are you sure you know what you are doing? (I'm sure you do not) – hek2mgl Apr 27 '15 at 13:57
  • @paxdiablo You, as a 300k + user should be able to see the problem with the question *and* with your answer - and are still encouraging the OP to upvote and accept your answer??? You are actually misusing the site to gain some rep points for you. Flagged this post – hek2mgl Apr 27 '15 at 13:59
  • You still don't see that everything you suggested simple **doesn't work** - except of the first example that uses double quotes (which is the same as the solution that the OP claimed not working - you should see it is a non-problem and a candidate for a close vote!).. Please enter your first and last name separated by a space to see! Shell scripting lesson 1 : "Unless you *want* that an interpolated variable will be handled by [*word splitting*](https://www.gnu.org/software/bash/manual/html_node/Word-Splitting.html) - you need to enclose it in double quotes" – hek2mgl Apr 27 '15 at 20:44
  • What you suggested is one of the most seen errors in shell scripts: wrong quoting. It is basically no problem that you don't know that, but hey, after my first comment you should at least have had a closer look - but instead you told just [this](http://stackoverflow.com/questions/29897187/using-variables-within-sed/29897227#comment47917350_29897227) and [this](http://stackoverflow.com/questions/29897187/using-variables-within-sed/29897227#comment47917350_29897227). Please be objective and tell me who is right and who is wrong in *this* case? – hek2mgl Apr 27 '15 at 20:48
  • Btw, the rude comment from the OP (which was deleted by a moderator) perfectly completed the situation. – hek2mgl Apr 27 '15 at 20:51
  • @paxdiablo Check this, if you want to escape metacharacters reliably with `sed`: http://stackoverflow.com/questions/29613304/is-it-possible-to-escape-regex-metacharacters-reliably-with-sed . It is really possible to write that command in a bullet proof way. I don't want to be pedantic, but the answer is still not correct or at least misleading. – hek2mgl Apr 27 '15 at 23:13