Matt McCredie wrote:
Rhodri James <rhodri <at> wildebst.demon.co.uk> writes:
On Fri, 23 Oct 2009 17:39:40 +0100, Matt McCredie <mccredie <at> gmail.com>
wrote:
joao abrantes <senhor.abrantes <at> gmail.com> writes:
Hey. I want to make a program like this:print "Complete the function
f(x)="then the user would enter x+2 or 1/x or any other function that
only uses
the variable x. Then my python program would calculate f(x) in some
points for
example in f(2),f(4).. etc . How can I do this?
check out 'eval' or 'exec'.
Then check out all the reasons you shouldn't use them in an
environment that you don't trust absolutely -- if someone wipes
your hard disc, you won't get any sympathy from here.
The safe answer is to write yourself a small parser. Given that
you've got a very limited symbol set, that shouldn't be too hard.
This should only be a concern if it is some sort of client/server app (like a
web-app). If this is something that is going to be run on a local machine then
the person running it could do just as much damage via the command line.
While I agree that there is a danger if the input might come from untrusted
users, and the original poster should be aware of that, writing your own parser
only makes sense in those instances. If this application is run locally then
users have access to the machine anyway.
I don't want to give a (potentially) new user to python the impression that they
need to be writing their own parser to solve this problem. It depends on where
the input is coming from.
Two things to note:
1. eval and exec are perfectly safe if the input is from a trusted source.
2. eval and exec are never safe if the input is not from a trusted source.
Matt McCredie
I'd like to add that there are several lisp apps out there that give you
a REPL (for example stumpwm). A REPL could be seen as a sophisticated
`eval' loop.
Case in point, it is common in the lisp world. You could, in theory,
hose your system from inside emacs (and you may not even know
it...hahaha).
-Jack
--
http://mail.python.org/mailman/listinfo/python-list
