On Wed, Apr 24, 2013 at 10:11 PM, boB Stepp <[email protected]> wrote:
> In my on again, off again studies of Python I am stumped on something
> that ought to be trivial, but I am not seeing it. When I run this
> program (only the part up to where the error occurs is shown):
>
> import random
>
> numberToGuess = random.randint(1, 20)
> numberOfGuesses = 0
>
> print("Hello! What is your name?")
> playerName = input()
Hi Bob,
[The following note is Python 2.0 specific. In Python 3, input() is
semantically different, and safe.]
If you are using Python 2.0, don't use the input() function here to
read strings. It is not safe: backing it is an implicit eval(), and
eval() is dangerous, especially for beginners who won't have the
background to understand the security implications.
Example: if you enter in the following strange-looking input:
(lambda x: x(x))(lambda x:x(x))
then this will crash your program due to a stack overflow. And this
is relatively safe compared to the other craziness you can enter into
input(). This is exactly why tutorials (and most Python programs in
general) should _not_ use input(): it's dangerous in the wrong hands.
Rather, use raw_input() instead.
In Python 3.0, unfortunately, there's going to be a lot of confusion
because input() in Python 3.0 has the behavior of Python 2.0's
raw_input().
_______________________________________________
Tutor maillist - [email protected]
To unsubscribe or change subscription options:
http://mail.python.org/mailman/listinfo/tutor
