use strings to call functions

Steven D'Aprano steven at
Tue Feb 9 02:51:01 CET 2010

On Mon, 08 Feb 2010 14:43:46 -0800, Aahz wrote:

>>> WARNING: eval() is almost always the wrong answer to any question
>>warning : it works !
> Works for what?

Code injection security bugs, of course.

It is surprisingly difficult to sanitize strings in Python to make them 
safe to pass to eval. Unless you are prepared to trust the input data 
explicitly, it's best to just avoid eval.


More information about the Python-list mailing list