Is it ever useful to use Python’s input over raw_input?

by

Is it ever useful to use Python 2’s input over raw_input?

No.

input() evaluates the code the user gives it. It puts the full power of Python in the hands of the user. With generator expressions/list comprehensions, __import__, and the if/else operators, literally anything Python can do can be achieved with a single expression. Malicious users can use input() to remove files (__import__('os').remove('precious_file')), monkeypatch the rest of the program (setattr(__import__('__main__'), 'function', lambda:42)), … anything.

A normal user won’t need to use all the advanced functionality. If you don’t need expressions, use ast.literal_eval(raw_input()) – the literal_eval function is safe.

If you’re writing for advanced users, give them a better way to input code. Plugins, user modules, etc. – something with the full Python syntax, not just the functionality.

If you’re absolutely sure you know what you’re doing, say eval(raw_input()). The eval screams “I’m dangerous!” to the trained eye. But, odds are you won’t ever need this.

input() was one of the old design mistakes that Python 3 is solving.

More Related Contents:

  1. How does Python 2 compare string and int? Why do lists compare as greater than numbers, and tuples greater than lists?
  2. What is the best way to remove accents (normalize) in a Python unicode string?
  3. How to read multiple lines of raw input?
  4. Nested arguments not compiling
  5. Taking multiple integers on the same line as input from the user in python
  6. Match text between two strings with regular expression
  7. What exactly do “u” and “r” string prefixes do, and what are raw string literals?
  8. What is the difference between dict.items() and dict.iteritems() in Python2?
  9. Alternative to dict comprehension prior to Python 2.7
  10. Why is ” > 0 True in Python 2?
  11. How to use a multiprocessing.Manager()?
  12. Why can’t I use the method __cmp__ in Python 3 as for Python 2?
  13. Converting “yield from” statement to Python 2.7 code
  14. Using print() (the function version) in Python2.x
  15. What is the difference between encode/decode?
  16. Defining “boolness” of a class in python
  17. How can I get 2.x-like sorting behaviour in Python 3.x?
  18. How to print a percentage value in python?
  19. What does “ mean in Python?
  20. Safest way to convert float to integer in python?
  21. Python ascii utf unicode
  22. How to select a directory and store the location using tkinter in Python
  23. Handling \r\n vs \n newlines in python on Mac vs Windows
  24. Python Flask Render Text from Variable like render_template
  25. Determine if 2 lists have the same elements, regardless of order? [duplicate]
  26. How to read a CSV file from a URL with Python?
  27. Command-line input causes SyntaxError
  28. TypeError: super() takes at least 1 argument (0 given) error is specific to any python version?
  29. Fast string array – Cython
  30. Swapping uppercase and lowercase in a string [duplicate]

Leave a Comment