Class

Jeff Shannon jeff at ccvcorp.com
Fri Nov 9 19:03:46 CET 2001


Robert Amesz wrote:

> I wrote:
> > [something]
>
> Ignore previous post: I read 'raw_input' where it actually said
> 'input'. My mistake.
>
> Robert Amesz

Though actually, the use of input() is generally not a very good
idea, and it would be safer to use raw_input() and then convert
from strings if needed.  In this case, it's not needed, and the
raw_input result would be better off being compared as a string.

(For those who don't know... since input() evaluates whatever's
typed as a valid Python expression, it is possible for
unpredictable (and even malicious) things to happen, depending on
just what is entered.  raw_input() evaluates nothing and simply
returns a string, which can then be manipulated in whatever way you
like, such as converting it to an int or float or whatever, as
needed, thus plugging a security hole and likely source of
unpredictable exceptions.  Thus, unless you really *need* the power
of input(), it's almost always preferable to use raw_input()
instead.)

Jeff Shannon
Technician/Programmer
Credit International





More information about the Python-list mailing list