python eval function

Mohsen Pahlevanzadeh mohsen at pahlevanzadeh.org
Mon Aug 26 11:13:53 EDT 2013


On Mon, 2013-08-26 at 00:55 +0000, Steven D'Aprano wrote:
> On Sun, 25 Aug 2013 23:48:34 +0430, Mohsen Pahlevanzadeh wrote:
> 
> > Dear all,
> > 
> > eval doesn't run my code at the following link:
> > http://stackoverflow.com/questions/18432198/eval-function-doesnt-work-
> in-python
> 
> 
> Are you asking a question or just sharing a useful link?
> 
> 
> 
> > Thank you before your answer...
> 
> What question do you want us to answer? The question on Stackoverflow has 
> already been answered correctly: there is no need to use eval (or exec) 
> for this basic task. 
> 
> Also, you're not writing C code. Get rid of the semi-colons, they are 
> just a waste of time, and make you look like an incompetent programmer.
> 
> Using exec is not the right solution. That is unsafe, if the field name 
> and content come from a database or external input, your code now has a 
> *serious* Code Injection vulnerability. AND it is slow. So you have 
> written slow, unsafe code. Get rid of it, and use setattr like you have 
> already been told:
> 
> setattr(self, fieldName, fieldValue)
> 
> 
> 
> -- 
> Steven
I didn't post a useful link,i questioned my problem.Of course, At first
i put it @stackoverflow then post its link for the following idea:
1. collecting votes for me and someone answered.
2. If anyone have my question in future, can use it.
Thank you for answer.

--mohsen




More information about the Python-list mailing list