[Numpy-discussion] How to use user input as equation directly

Benjamin Root ben.v.root at gmail.com
Thu Oct 27 17:35:53 EDT 2016 

Perhaps the numexpr package might be safer? Not exactly meant for this
situation (meant for optimizations), but the evaluator is pretty darn safe.

Ben Root

On Thu, Oct 27, 2016 at 5:33 PM, John Ladasky <jladasky at itu.edu> wrote:

> This isn't just a Numpy issue.  You are interested in Python's eval().
>
> Keep in mind that any programming language that blurs the line between
> code and data (many do not) has a potential security vulnerability.  What
> if your user doesn't type
>
> "x = 2*np.sin(2*np.pi*44100*t+np.pi/2)"
>
> but instead types this:
>
> "import os ; os.remove('/home')"
>
> I do NOT recommend that you eval() the second statement.
>
> You can try to write code which traps unwanted input before you eval()
> it.  It's apparently quite hard to stop everything bad from getting through.
>
>
> On Thu, Oct 27, 2016 at 12:58 PM, djxvillain <djxvillain at gmail.com> wrote:
>
>> Hello all,
>>
>> I am an electrical engineer and new to numpy.  I need the ability to take
>> in
>> user input, and use that input as a variable.  For example:
>>
>> t = input('enter t: ')
>> x = input('enter x: ')
>>
>> I need the user to be able to enter something like x =
>> 2*np.sin(2*np.pi*44100*t+np.pi/2) and it be the same as if they just
>> typed
>> it in the .py file.  There's no clean way to cast or evaluate it that I've
>> found.
>>
>> I could make a function to parse this string character by character, but I
>> figured this is probably a common problem and someone else has probably
>> figured it out and created an object for it.  I can't find a library that
>> does it though.
>>
>> If I can provide any more information please let me know.  Thank you in
>> advance for your help.
>>
>>
>>
>> --
>> View this message in context: http://numpy-discussion.10968.
>> n7.nabble.com/How-to-use-user-input-as-equation-directly-tp43665.html
>> Sent from the Numpy-discussion mailing list archive at Nabble.com.
>> _______________________________________________
>> NumPy-Discussion mailing list
>> NumPy-Discussion at scipy.org
>> https://mail.scipy.org/mailman/listinfo/numpy-discussion
>>
>
>
>
> --
> *John J. Ladasky Jr., Ph.D.*
> *Research Scientist*
> *International Technological University*
> *2711 N. First St, San Jose, CA 95134 USA*
>
> _______________________________________________
> NumPy-Discussion mailing list
> NumPy-Discussion at scipy.org
> https://mail.scipy.org/mailman/listinfo/numpy-discussion
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/numpy-discussion/attachments/20161027/39be1331/attachment.html>

More information about the NumPy-Discussion mailing list