input exploit, was: Why should input(prompt="hello:") fail?

Mel Wilson mwilson at the-wire.com
Mon Nov 24 19:41:26 CET 2003


In article <3FC23B46.8E2BF00B at engcorp.com>,
Peter Hansen <peter at engcorp.com> wrote:
>Note however that input() is a poor choice for serious work: you
>should quickly get past the point of wanting to use it and learn
>why raw_input() is a better choice.

   Not a propos of the O.P.'s point, but `input` is bad,
bad, bad:

Python 2.3 (#46, Jul 29 2003, 18:54:32) [MSC v.1200 32 bit (Intel)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> import sys
>>> d=input("Number, please ")
Number, please sys.setrecursionlimit(1)
>>> d
>>> d
>>> d
>>>


   I agree with everything the 2.3 Library Reference says
about input, except "not safe from user errors!" seems
understated.

   input can be a handy tool for showing your friends
how viruses work.

        Regards.        Mel.




More information about the Python-list mailing list