[Tutor] role playing game - help needed

David Hutto smokefloat at gmail.com
Sun Dec 12 03:37:58 CET 2010

On Sat, Dec 11, 2010 at 11:54 AM, Lie Ryan <lie.1296 at gmail.com> wrote:
> On 12/07/10 23:37, Robert Sjöblom wrote:
>> I've been told to use input() if I know that I'll only get integers,
>> and raw_input() for "everything."
> That is a bad piece of advice. You should only use input() when you can
> fully trust whoever doing the input (i.e. you).

Who uses the crap we, as noobies produce? It's pie in the sky
mentality. We design it because WE want it and WE(individually) use

 input() can accept any
> python expressions, and this means the user can potentially execute
> malicious code as well.
>>>> import subprocess
>>>> input("input: ")
> input: subprocess.Popen(('ping', 'www.google.com'))
> <subprocess.Popen object at 0x7f8640325250>
>>>> PING www.l.google.com ( 56(84) bytes of data.
> 64 bytes from syd01s01-in-f104.1e100.net ( icmp_req=1
> ttl=57 time=18.5 ms
> _______________________________________________
> Tutor maillist  -  Tutor at python.org
> To unsubscribe or change subscription options:
> http://mail.python.org/mailman/listinfo/tutor

More information about the Tutor mailing list