Transforming a str to an operator

r rt8396 at gmail.com
Sat Aug 29 19:17:38 CEST 2009


On Aug 28, 8:43 pm, Anny Mous <b1540... at tyldd.com> wrote:
> It isn't irrational to have a healthy caution towards eval.

Ignorance is never an excuse for stupidity. No caution is needed if
you know how to properly use eval. You can't shoot yourself in the
foot without first pulling the trigger.

> Apart from the security issues, running code in eval takes a massive
> performance hit. Its about ten times slower to run eval("x+1") than to run
> x+1 directly.

And the point is...?
eval is only for corner cases. Nobody is suggesting he eval entire
scripts. Performance is the last of my worries. Optimizations can come
later. First understand the problem at hand, code up a working
solution, then tweak and optimize the code to perfection.

> What makes you think that learning to program well in Python is a throw-away
> exercise of no useful purpose? I'm sure the code itself will be thrown away
> and forgotten, but it has a very important purpose: for the OP to learn
> good programming skills. Looks like you want him to learn bad skills, then
> spend the rest of his life trying to unlearn them.

No i want him to use eval properly .If you think eval is scary well
thats just your opinion. I showed the OP how to successfully pass the
arguments into eval the way he was unsuccesfully struggling to pass
them.  Ben's approach is the professional/proper way to handle such
input in the real world (there are other ways too), however the OP
also must know that you don't *have* to go by the book all the time
(python is not Java ya know?).

> > but serves the very
> > useful purpose now of establishing an IO between the student and
> > Python interpretor. I'll bet most your example (albeit a good example)
> > flew miles above his head into la-la land.
>
> How insulting. Is there anything that gave you the impression the OP was
> stupid?

Please quote the line from my post were i called the OP stupid or used
otherwise derogatory comments? And if you can i'll buy you a beer.
Obviously anyone who shows example code as the OP did is a noob and
needs proper training on how to use it and there is nothing wrong with
that. We have all been there, remember?

> > The OP has plenty of time to learn about malicious input and
> > protecting against it, right now the fundamentals are well...
> > fundamental :)
>
> When would you recommend he learns? When his web app is hijacked by
> gangsters in Russia and the personal details and financial records of fifty
> thousand people stolen? Protecting against malicious input *IS*
> fundamental.

If the OP uses eval without inderstanding it and then shoots himself
in the foot, well then i can't think of a better learning experience
for him. I'll bet the next time he will read the docs first or ask on
this list before he goes off on a turkey hunt ;).

Fear is a product of ignorance. Educate yourself and your irrational
fears shall bother you no more.




More information about the Python-list mailing list