[Tutor] dealing with user input whose value I don't know
Alan Gauld
alan.gauld at btinternet.com
Fri Oct 3 10:23:14 CEST 2008
"David" <ldl08 at gmx.net> wrote
>> the string into substrings and then convert each substring to an
>> integer.
> This I have now done by using eval(). But now I wonder whether that
> is actually clever because it is supposed to be similarly
> problematic as the input() function in terms of security.
Absolutely. The more open and general you make your code
the more opportunity you provide for attacks. Converting to
int/float is much safer.
--
Alan Gauld
Author of the Learn to Program web site
http://www.freenetpages.co.uk/hp/alan.gauld
More information about the Tutor
mailing list