[Tutor] role playing game - help needed

Lie Ryan lie.1296 at gmail.com
Sat Dec 11 17:54:18 CET 2010

On 12/07/10 23:37, Robert Sjöblom wrote:
> I've been told to use input() if I know that I'll only get integers,
> and raw_input() for "everything."

That is a bad piece of advice. You should only use input() when you can
fully trust whoever doing the input (i.e. you). input() can accept any
python expressions, and this means the user can potentially execute
malicious code as well.

>>> import subprocess
>>> input("input: ")
input: subprocess.Popen(('ping', 'www.google.com'))
<subprocess.Popen object at 0x7f8640325250>
>>> PING www.l.google.com ( 56(84) bytes of data.
64 bytes from syd01s01-in-f104.1e100.net ( icmp_req=1
ttl=57 time=18.5 ms

More information about the Tutor mailing list