Converting a hex string to a number
François Pinard
pinard at iro.umontreal.ca
Tue Jul 9 18:46:52 EDT 2002
[Simon Foster]
> >> eval!
> >Overkill. Unsafe. Ugly. Lame.
> What do you mean by unsafe?
I agree that `eval' is a bit less safe, in that it could be abused more
easily by people running your programs, if you do not fully trust these
.people, like it especially occurs for your Web scripts, say! :-) You ought
to take extra-precautions for having better control over `eval' arguments,
making sure that no part is never blindly derived from sources which are
external to your program, like files or environment variables.
`eval' is also tinily slower, and has other problems: for example, the
compiler will refuse that you nest scopes having free variables, whenever
you use `eval'. You see: even the compiler is a bit suspicious about it!
Best is to avoid `eval', `exec', `execfile' and `input' whenever you can.
In really many cases, you will discover that you can easily and elegantly
go without them, after only a few minutes of thinking. You can also
ask for help on this mailing list if you find more difficult cases.
Oh, undoubtedly and indeed, there are legitimate cases for using `eval'
and friends. Of course. But deep down, these cases are infrequent.
--
François Pinard http://www.iro.umontreal.ca/~pinard
More information about the Python-list
mailing list