[Tutor] Invalid Token Problem
Ross Wilson
rzzzwilson at gmail.com
Fri Jul 20 12:31:39 CEST 2012
On 20/07/12 17:25, Alan Gauld wrote:
> On 20/07/12 02:01, Ross Wilson wrote:
>
>> More specifically, eval() is dangerous if you try to evaluate a string
>> supplied by someone else. You really can't predict what will happen.
>
> It really doesn't matter who provides the string, Python and eval()
> don't care. They will behave just as dangerously if you provide the
> wrong string.
But what is the difference if I write incorrect code and *execute* it or
write an the same code in a string and *eval()* it. The result is the
same whether eval() is used or not. Same result, same risk.
Yes, beginners should be told that eval() is advanced, a little tricky
and is not usually required. But "dangerous"?
The risk of eval() (and exec()) is the disconnect when the string is
supplied by someone else or from another distant part of an application,
but it's no more 'dangerous' than if I had written the incorrect code
directly.
More information about the Tutor
mailing list