Marshal Obj is String or Binary?
Mike Meyer
mwm at mired.org
Sat Jan 14 16:58:55 EST 2006
"Giovanni Bajo" <noway at sorry.com> writes:
> casevh at comcast.net wrote:
>> Try...
>>>>> for i in bytes: print ord(i)
>> or
>>>>> len(bytes)
>> What you see isn't always what you have. Your database is capable of
>> storing \ x 0 0 characters, but your string contains a single byte of
>> value zero. When Python displays the string representation to you, it
>> escapes the values so they can be displayed.
> He can still store the repr of the string into the database, and then
> reconstruct it with eval:
repr and eval are overkill for this, and as as result create a
security hole. Using encode('string-escape') and
decode('string-escape') will do the same job without the security
hole:
>>> bytes = '\x00\x01\x02'
>>> bytes
'\x00\x01\x02'
>>> ord(bytes[0])
0
>>> rb = bytes.encode('string-escape')
>>> rb
'\\x00\\x01\\x02'
>>> len(rb)
12
>>> rb[0]
'\\'
>>> bytes2 = rb.decode('string-escape')
>>> bytes == bytes2
True
>>>
<mike
--
Mike Meyer <mwm at mired.org> http://www.mired.org/home/mwm/
Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information.
More information about the Python-list
mailing list