use strings to call functions

Paul Rudin paul.nospam at
Tue Feb 9 08:29:33 CET 2010

Steven D'Aprano <steven at> writes:

> On Mon, 08 Feb 2010 14:43:46 -0800, Aahz wrote:
>>>> WARNING: eval() is almost always the wrong answer to any question
>>>warning : it works !
>> Works for what?
> Code injection security bugs, of course.
> It is surprisingly difficult to sanitize strings in Python to make them 
> safe to pass to eval. Unless you are prepared to trust the input data 
> explicitly, it's best to just avoid eval.

Despite the fact that it's used in the standard library...

More information about the Python-list mailing list