On Sat, Dec 11, 2010 at 11:54 AM, Lie Ryan <lie.1...@gmail.com> wrote:
> On 12/07/10 23:37, Robert Sjöblom wrote:
>> I've been told to use input() if I know that I'll only get integers,
>> and raw_input() for "everything."
>
> That is a bad piece of advice. You should only use input() when you can
> fully trust whoever doing the input (i.e. you).
Who uses the crap we, as noobies produce? It's pie in the sky
mentality. We design it because WE want it and WE(individually) use
it.
input() can accept any
> python expressions, and this means the user can potentially execute
> malicious code as well.
>
>>>> import subprocess
>>>> input("input: ")
> input: subprocess.Popen(('ping', 'www.google.com'))
> <subprocess.Popen object at 0x7f8640325250>
>>>> PING www.l.google.com (66.102.11.104) 56(84) bytes of data.
> 64 bytes from syd01s01-in-f104.1e100.net (66.102.11.104): icmp_req=1
> ttl=57 time=18.5 ms
>
> _______________________________________________
> Tutor maillist - tu...@python.org
> To unsubscribe or change subscription options:
> http://mail.python.org/mailman/listinfo/tutor
>
_______________________________________________
Tutor maillist - Tutor@python.org
To unsubscribe or change subscription options:
http://mail.python.org/mailman/listinfo/tutor
