input() vs raw_input()

[Chris Liechti]

mlh at vier.idi.ntnu.no (Magnus Lie Hetland) wrote in 
news:slrnabobfb.8ho.mlh at vier.idi.ntnu.no:
> In article <slrnabm6im.a8q.ak at ak.silmarill.org>, Andrei Kulakov wrote:
>>input() must not be mentioned in any tutorials for new users. It belongs
>>somewhere in the depths of the thickest reference manual. Where do new
>>users *learn* about it? I don't remember seeing it in any tutorial and
>>yet it pops up all the time.
> 
> I use it in my tutorials. I don't see what the fuss is about. You have
> to explain how it works (at least in a limited way) but so what?

do an
>>> input()

and then enter: '__import__("os").system("dir")'
without quotes. or replace "dir" with "echo y|format c:" or "rm -r *" when 
you have a couple of hours to spend ;-)

"input" is as evil as "eval" and "exec". (i don't want them to go away, but 
they should only be used by those who know what they're doing. maybe the 
docs should make that clearer.)

chris

-- 
Chris <cliechti at gmx.net>