0

I've got a simple batch script:

@echo off
set cash=500
:a
set name=
set /p input=Enter your name:
echo %name%
goto :a

I know batch input is prone to exploitation,and I've read a lot of articles on that. I can stop the user from just typing input&&set cash=100000 but how do i stop the batch file from closing if the user enters the | character?

2
  • I've added a lot of validation code, (even stopping the user from typing "set variable=" among other things. But it's that darn "|" that's the problem. Commented Aug 15, 2015 at 19:48
  • Use delayed expansion. Commented Aug 16, 2015 at 1:57

1 Answer 1

2

The problem is the echo command, not the input routine.
Double quotes fixes that - there are other ways.

@echo off
set cash=500
:a
set name=
set /p name=Enter your name:
echo "%name%"
goto :a
Sign up to request clarification or add additional context in comments.

2 Comments

nice. but that does not stop the "|" problem now does it? Maybe i should pipe a c++ exe that does what i want.
Yes, it stops the problem that you asked about. Being unaware about echoing poison characters is where you were tripped up.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.