Thank you. You guys are great.
I was trying to eval("import %s" % something).
exec("import %s" % something) works just fine and now I understand why.
But, why is this so extremely dangerous?
The danger is in exec'ing code whose source is not trusted.
Using exec to import a module or create a name in your own code is fine. Using exec to run code from a untrusted source such as user input is opening yourself to any kind of mischief. For example you wouldn't want to
exec("import os; os.system('del /f /q *')")
Kent
Marilyn
_______________________________________________ Tutor maillist - [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/tutor
_______________________________________________ Tutor maillist - [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/tutor
