Newbie Question

BranoZ zarnovican at gmail.com
Fri Aug 19 17:38:56 CEST 2005


Michael.Coll-Barth at VerizonWireless.com wrote:
> >>> x = '22,44,66,88,"asd,asd","23,43,55"'
> >>> y = eval(x)
> >>> y
> (22, 44, 66, 88, 'asd,asd', '23,43,55')
>
> And now, a question for the experts.

I'm no expert, just experienced.

> Does anyone have a pointer as to why my code might be
> dangerous?

Well, the smallest problem you have here is that you will
get an SyntaxError exception on badly formated input.

x = 'z,22,44,66,88,"asd,asd","23,43,55"'
eval(x)
NameError: name 'z' is not defined

In worse case, somebody will send you a carefuly formated
input that you will run blindy (just like in case of buffer
overflows).

CSV is easy with the module..

import csv

cr = csv.reader((x,))
print cr.next()
['z', '22', '44', '66', '88', 'asd,asd', '23,43,55']

Usually, you will use the csv module, like this:

import csv, sys

for line in csv.reader(sys.stdin):
  # print line[3]

BranoZ




More information about the Python-list mailing list