On 20/05/2013 09:55, Chris Angelico wrote:
On Mon, May 20, 2013 at 5:50 PM, Frank Millman <fr...@chagford.com> wrote:
On 20/05/2013 09:34, Carlos Nepomuceno wrote:
Why don't you use eval()?
Because users can create their own columns, with their own constraints.
Therefore the string is user-modifiable, so it cannot be trusted.
Plenty of reason right there :)
Is it a requirement that they be able to key in a constraint as a
single string? We have a similar situation in one of the systems at
work, so we divided the input into three(ish) parts: pick a field,
pick an operator (legal operators vary according to field type -
integers can't be compared against regular expressions, timestamps can
use >= and < only), then enter the other operand. Sure, that cuts out
a few possibilities, but you get 99.9%+ of all usage and it's easy to
sanitize.
ChrisA
It is not a requirement, no. I just thought it would be a convenient
short-cut.
I had in mind something similar to your scheme above, so I guess I will
have to bite the bullet and implement it.
Thanks
Frank
--
http://mail.python.org/mailman/listinfo/python-list