0

I have a config.txt file with the following:

VAR=('a' 'b' 'c')
database='mydb'

and I want to use the VAR variable in the script (myscript.sh) to check if any of the data in it exists in a search that will be made on the database.

The search I am doing is like this:

output=$(mysql $database -u $user -p$pass -se "select name from my_table where word = '$VAR'")
Inian
  • 80,270
  • 14
  • 142
  • 161
Mike
  • 1
  • 1
  • You define `VAR` as an array but use it as a "scalar". What actual value are you wanting to use in that select statement? Do you want to iterate over the array? – glenn jackman Jul 20 '17 at 12:47
  • I want to search the database for each one of the data stored in the variable VAR. One of them should return a result. – Mike Jul 20 '17 at 13:25

2 Answers2

1

You can read files into your script with the source command (aliased simply as .) like so:

. config.txt
# or
source config.txt

To get a comma separated string, check for example here

Olli K
  • 1,720
  • 1
  • 16
  • 17
  • That won't quite work; it doesn't appear from its use that `VAR` is supposed to be a shell array. – chepner Jul 20 '17 at 11:59
  • VAR is supposed to have more than one data, therefore an array, and i want to use it to search the database for each one of them. How can i do that? – Mike Jul 20 '17 at 13:24
0

To expand on @Olli's answer:

source config.txt

# SQL injection
# values=$(printf "'%s'\n" "${VAR[@]}" | paste -sd,)
values=$(printf "'%s'\n" "${VAR[@]//\'/\'\'}" | paste -sd,)

select="select name from my_table where word in ($values)"
output=$(mysql "$database" -u "$user" -p"$pass" -se "$select")
glenn jackman
  • 238,783
  • 38
  • 220
  • 352