Transforming a str to an operator

MRAB python at mrabarnett.plus.com
Sat Aug 29 19:39:11 CEST 2009


r wrote:
> On Aug 28, 8:43 pm, Anny Mous <b1540... at tyldd.com> wrote:
>> It isn't irrational to have a healthy caution towards eval.
> 
> Ignorance is never an excuse for stupidity. No caution is needed if
> you know how to properly use eval. You can't shoot yourself in the
> foot without first pulling the trigger.
> 
>> Apart from the security issues, running code in eval takes a massive
>> performance hit. Its about ten times slower to run eval("x+1") than to run
>> x+1 directly.
> 
> And the point is...?
> eval is only for corner cases. Nobody is suggesting he eval entire
> scripts. Performance is the last of my worries. Optimizations can come
> later. First understand the problem at hand, code up a working
> solution, then tweak and optimize the code to perfection.
> 
>> What makes you think that learning to program well in Python is a throw-away
>> exercise of no useful purpose? I'm sure the code itself will be thrown away
>> and forgotten, but it has a very important purpose: for the OP to learn
>> good programming skills. Looks like you want him to learn bad skills, then
>> spend the rest of his life trying to unlearn them.
> 
> No i want him to use eval properly .If you think eval is scary well
> thats just your opinion. I showed the OP how to successfully pass the
> arguments into eval the way he was unsuccesfully struggling to pass
> them.  Ben's approach is the professional/proper way to handle such
> input in the real world (there are other ways too), however the OP
> also must know that you don't *have* to go by the book all the time
> (python is not Java ya know?).
> 
>>> but serves the very
>>> useful purpose now of establishing an IO between the student and
>>> Python interpretor. I'll bet most your example (albeit a good example)
>>> flew miles above his head into la-la land.
>> How insulting. Is there anything that gave you the impression the OP was
>> stupid?
> 
> Please quote the line from my post were i called the OP stupid or used
> otherwise derogatory comments? And if you can i'll buy you a beer.
> Obviously anyone who shows example code as the OP did is a noob and
> needs proper training on how to use it and there is nothing wrong with
> that. We have all been there, remember?
> 
>>> The OP has plenty of time to learn about malicious input and
>>> protecting against it, right now the fundamentals are well...
>>> fundamental :)
>> When would you recommend he learns? When his web app is hijacked by
>> gangsters in Russia and the personal details and financial records of fifty
>> thousand people stolen? Protecting against malicious input *IS*
>> fundamental.
> 
> If the OP uses eval without inderstanding it and then shoots himself
> in the foot, well then i can't think of a better learning experience
> for him. I'll bet the next time he will read the docs first or ask on
> this list before he goes off on a turkey hunt ;).
> 
> Fear is a product of ignorance. Educate yourself and your irrational
> fears shall bother you no more.
> 
I think it's a good idea to warn the OP about the dangers of eval. If he
still wants to use it, then that's his choice (and his problem).



More information about the Python-list mailing list