[PYTHON DB-SIG] Converting strings to numbers
Jim Fulton
jim.fulton@digicool.com
Wed, 23 Oct 1996 09:55:03 -0400
Hal J Schechner wrote:
>
> On Wed, 23 Oct 1996, Fredrik Lundh wrote:
>
> >
> > > This can not only be done from string reps of a number to a numeric
> > > type, but also from string reps of anything (lists, tuples, dicts
> > > etc..) to thier actual type. ( nice for reading plaintext datafiles
> > > ).
> >
> > Note that eval is compact but dangerous; consider the following (on a
> > Unix box):
> >
> > eval('os.remove("rm -rf ~/*")')
> >
> > Use string.atoi() and string.atof() when you need to be on the safe
> > side.
> >
>
> This is fine when working with floats or integers, but like I stated, there
> are times (like when trying to restore tuples, lists etc..) when you cant
> use one of the lib functions. Of course, you would want to make sure you
> are safe when you do it, and making a wrapper would be the 'right' way of
> doing it. I was only pointing out that it *is* possible to do it ;)
It is worth noting that a safe way to use eval, if you know you don't
need
to execute any functions is:
eval(s, {'__builtins__': {}})
This is a "restricted execution" form of eval.
Jim
--
Jim Fulton Digital Creations
jim@digicool.com 540.371.6909
## Python is my favorite language ##
## http://www.python.org/ ##
=================
DB-SIG - SIG on Tabular Databases in Python
send messages to: db-sig@python.org
administrivia to: db-sig-request@python.org
=================