use strings to call functions
paul.nospam at rudin.co.uk
Tue Feb 9 08:29:33 CET 2010
Steven D'Aprano <steven at REMOVE.THIS.cybersource.com.au> writes:
> On Mon, 08 Feb 2010 14:43:46 -0800, Aahz wrote:
>>>> WARNING: eval() is almost always the wrong answer to any question
>>>warning : it works !
>> Works for what?
> Code injection security bugs, of course.
> It is surprisingly difficult to sanitize strings in Python to make them
> safe to pass to eval. Unless you are prepared to trust the input data
> explicitly, it's best to just avoid eval.
Despite the fact that it's used in the standard library...
More information about the Python-list