On Sep 8, 2009, at 11:28 AM, Mikie wrote:
> Here is the function
> -------------------------------
> def BasicStats1a(exp1):
> v = exp1
> v1 = eval(v);Count_=len(v1)
> sort_v1=sorted(v1)
> M1 =stats.mode(v1); v3=eval(str(M1[0])); v4=eval(str(M1[1]))
> R1 = stats.mean(v1);R2 = stats.median(v1)
> R3 = stats.std(v1)
> var_=R3**2
> return R1,R2,R3,Count_,sort_v1,var_,v3,v4
> ------------------------------------------------------------
> You can see the eval's. Is there a security problem with sage_eval?
Yes.
> The string comes from a form.
You should look up string processing in Python, I think that would
help a lot in much of what you're trying to do here. For example,
sage: s = "1,2,3,4,100"
sage: [ZZ(x) for x in s.split(',')]
[1, 2, 3, 4, 100]
This is fast, safe, and more clear than the above.
- Robert
--~--~---------~--~----~------------~-------~--~----~
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/sage-support
URLs: http://www.sagemath.org
-~----------~----~----~----~------~----~------~--~---
