Tom Churm wrote:
> i've found & adapted the following simple python script that copies one text
> file to another text file. the script works o.k., but only when i enter the
> name of the text file (both original, and the name of the new text file)
> surrounded by "double quotes".
>
> i don't understand why this is. and worse, i don't know how to change the
> script so that the filenames inserted by the user no longer require these
> double quotes.
> [...]
> a = input('Type name of file to copy surrounded by doublequotes')
> b = input('Type name of new file surrounded by doublequotes')
You shouldn't be using input() here -- it *sounds* like the obvious choice, but
what you really want is raw_input(). The input() function will evaluate
whatever is typed in as if it were Python source code, which is why you need the
quotes. This *also* means that if your user types in a 'filename' that looks
like this: "os.remove('c:\\windows\\win.exe')" then Python will execute that
function and Windows will be gone. (Or, for linux, they might type
"os.system('rm -s /')" ...) You might trust your users enough not to do that,
but there's still the potential for accidents.
The raw_input() function, on the other hand, does not evaluate what is typed in,
it just gives you an ordinary string. This will *not* require the user to type
quotes, it will not have the gaping security holes that input() has, and it's
just generally cleaner and nicer. :)
Jeff Shannon
Technician/Programmer
Credit International
_______________________________________________
ActivePython mailing list
[EMAIL PROTECTED]
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
