"Frank Millman" <fr...@chagford.com> writes:
> I then receive my_string = 'calc_area(100, 200)'.
>>>> result = eval('my_inst.{0}'.format(my_string))
> This will only work if the string contains a valid method name with
> valid arguments.
>
> Can anyone see anything wrong with this?
Um, yes. What are valid arguments? Are you going to eval them?
If they can only be literals, maybe you could use something like
from ast import literal_eval
method_name = 'calc_area'
args = literal_eval('(100,200)')
result = getattr(my_inst, method_name)(*args)
but even that is risky in a hostile data environment.
--
http://mail.python.org/mailman/listinfo/python-list
