re: Here's Why You Should Quote Your Variables in Bash VIEW POST


You may already know this - I quote this here since I don't see any reference to Bash' set builtin options in your article. From the Bash manual:


Treat unset variables and parameters other than the special parameters "@" and "*" as an error when performing parameter expansion. If expansion is attempted on an unset variable or parameter, the shell prints an error message, and, if not interactive, exits with a non-zero status. 

In other words, you can use set -u to treat unset variables as an error and set -x to bail out of the script if any command returns a non-zero exit status. Here's the link to bash man page.

Thanks and have fun!

EDIT: Oh, since you were talking about shell expansion via globs, you may also want to know about disabling shell/path expansion in bash scripts. There's set -f or set -o noglob for that. This is all just to avoid problems with shell globbing, you may as well quote your variables, just as you should eat your vegetables for nutrition. :D


This reminds me of a post about malicious code execution via wild cards. I particularly like the tar example.


Cool thanks. I actually didn't know about -u.

What I typically do is use the shellcheck tool to lint my scripts, and it'll warn you that all hell may break loose if you forget your quotes.

There is also a VSCode extension for it at: github.com/timonwong/vscode-shellc...

code of conduct - report abuse