What's the difference between $* and $@ ?

Henryyy · April 17, 2012, 10:02am

What's the difference between $* and $@?
And I read that the $* has security problems, why?

Skrynesaver · April 17, 2012, 10:44am

When I call this file

#!/bin/bash

echo -e "With \$* I have to chose all or nothing"
echo "ALL"
for i in "$*" ; do
    echo -e "\t$i"
done
echo  "NOTHING"
for i in $* ; do
    echo -e "\t$i"
done
echo -e "Whereas with \$@ I get my parameters as the user intended (or at any rate as they sent them to me ;) )"
for i in "$@" ; do
    echo -e "\t$i"
done

as follows

~/tmp/tmp.sh "It is vital this remains intact" but that these are separate parameters

I get the following

With $* I have to chose all or nothing
ALL
  It is vital this remains intact but that these are separate parameters
NOTHING
  It
  is
  vital
  this
  remains
  intact
  but
  that
  these
  are
  separate
  parameters
Whereas with $@ I get my parameters as the user intended (or at any rate as they sent them to me ;) )
  It is vital this remains intact
  but
  that
  these
  are
  separate
  parameters

Does that make things clearer?

Scrutinizer · April 17, 2012, 10:46am

Regarding the security aspect, what is probably meant by this is that $@ can be expanded into separate fields each within double quotes, thus protecting the fields from unwanted interpretation by the shell. With $* this is only possible without double quotes and so there is no protection.

Skrynesaver · April 17, 2012, 11:06am

And fields which contain $IFS are split when exposed without double quotes.

Corona688 · April 17, 2012, 12:16pm

Of course, it's only a security problem when the splitting is unintentional. It has its uses when splitting intentionally, especially since you can control what it splits on with IFS...

Clovis_Sangrail · April 17, 2012, 12:24pm

That's a GREAT example!

Henryyy · April 18, 2012, 4:26pm

Very clear, thank you very much!