On 20/07/12 17:25, Alan Gauld wrote:
On 20/07/12 02:01, Ross Wilson wrote:
More specifically, eval() is dangerous if you try to evaluate a string
supplied by someone else. You really can't predict what will happen.
It really doesn't matter who provides the string, Python and eval()
don't care. They will behave just as dangerously if you provide the
wrong string.
But what is the difference if I write incorrect code and *execute* it or
write an the same code in a string and *eval()* it. The result is the
same whether eval() is used or not. Same result, same risk.
Yes, beginners should be told that eval() is advanced, a little tricky
and is not usually required. But "dangerous"?
The risk of eval() (and exec()) is the disconnect when the string is
supplied by someone else or from another distant part of an application,
but it's no more 'dangerous' than if I had written the incorrect code
directly.
_______________________________________________
Tutor maillist - Tutor@python.org
To unsubscribe or change subscription options:
http://mail.python.org/mailman/listinfo/tutor
