Converting hex string to an integer

Michael Hudson mwh at
Fri Aug 27 14:20:03 CEST 2004

Peter Hansen <peter at> writes:

> Rick Holbert wrote:
> > Derek Fountain wrote:
> >>Given the character string "0x00A1B2C3" arriving at sys.argv[1] how do I
> >>convert that to an integer which I can do some math on?
> > i = eval(sys.argv[1])
> That's dangerous advice to a newbie if not qualified carefully.
> Derek, "eval" could be the source of serious security problems
> if you don't understand its power.  Specifically it should
> almost never be used for input that comes from a user or
> via the command line.  There is pretty much always another
> and much better way to do the simple stuff like conversions
> than to use eval.
> For example, imagine if a malicious could feed your program this:
> (on the Linux command line)
>    $ myscript "__import_('os').system('rm -rf /')"

Well, in this situation, he could just type

$ rm -rf /

But, yes.


  I'm not particularly fond of singing GSTQ because she stands for
  some things I don't, but it's not really worth letting politics
  getting in the way of a good bawling.     -- Dan Sheppard,

More information about the Python-list mailing list