On Mon, 18 Jul 2005, Nathan Pinno wrote:
> I find it easier to remember and faster to code than int(raw_input()). > The faster I can code a program, the better in my opinion. So what if it > has a few bugs, I fix them gradually. Hi Nathan You're right, just as long as we're writing programs that are only meant to be used by ourselves, and as long as we're sure that it's not talking to the outside world. The driving issue behind getting paranoid is this: it's getting much easier to write programs that we think might be just for ourselves, but which become useful for others. And as soon as we write programs that other people are going to use, we really do have to play by a different set of rules than just ease of programming. Some folks were casual about eval(), and look what happened to them: http://gulftech.org/?node=research&article_id=00088-07022005 They should have known better. This problem is not exclusive to programmers in PHP: programmers in Python make the same kind of mistakes. As a concrete example, take a look at the comments about the deprecated "SimpleCookie" and "SerialCookie" functions: http://www.python.org/doc/lib/module-Cookie.html Again, they should have known better. And we should know better. So we do have a responsibility to state up front that using 'eval' (or things that call 'eval' for us) is convenient, but it's not safe. That's why we bug about it every so often. Hope this helps! _______________________________________________ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor