On 12/07/10 23:37, Robert Sjöblom wrote:
> I've been told to use input() if I know that I'll only get integers,
> and raw_input() for "everything."
That is a bad piece of advice. You should only use input() when you can
fully trust whoever doing the input (i.e. you). input() can accept any
python expressions, and this means the user can potentially execute
malicious code as well.
>>> import subprocess
>>> input("input: ")
input: subprocess.Popen(('ping', 'www.google.com'))
<subprocess.Popen object at 0x7f8640325250>
>>> PING www.l.google.com (66.102.11.104) 56(84) bytes of data.
64 bytes from syd01s01-in-f104.1e100.net (66.102.11.104): icmp_req=1
ttl=57 time=18.5 ms
_______________________________________________
Tutor maillist - Tutor@python.org
To unsubscribe or change subscription options:
http://mail.python.org/mailman/listinfo/tutor
