On Sep 8, 2009, at 11:28 AM, Mikie wrote: > Here is the function > ------------------------------- > def BasicStats1a(exp1): > v = exp1 > v1 = eval(v);Count_=len(v1) > sort_v1=sorted(v1) > M1 =stats.mode(v1); v3=eval(str(M1[0])); v4=eval(str(M1[1])) > R1 = stats.mean(v1);R2 = stats.median(v1) > R3 = stats.std(v1) > var_=R3**2 > return R1,R2,R3,Count_,sort_v1,var_,v3,v4 > ------------------------------------------------------------ > You can see the eval's. Is there a security problem with sage_eval?
Yes. > The string comes from a form. You should look up string processing in Python, I think that would help a lot in much of what you're trying to do here. For example, sage: s = "1,2,3,4,100" sage: [ZZ(x) for x in s.split(',')] [1, 2, 3, 4, 100] This is fast, safe, and more clear than the above. - Robert --~--~---------~--~----~------------~-------~--~----~ To post to this group, send email to sage-support@googlegroups.com To unsubscribe from this group, send email to sage-support-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/sage-support URLs: http://www.sagemath.org -~----------~----~----~----~------~----~------~--~---