Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Python > Re: Question about ast.literal_eval

Thread Tools

Re: Question about ast.literal_eval

Frank Millman
Posts: n/a
On 20/05/2013 09:55, Chris Angelico wrote:
> On Mon, May 20, 2013 at 5:50 PM, Frank Millman <(E-Mail Removed)> wrote:
>> On 20/05/2013 09:34, Carlos Nepomuceno wrote:
>>> Why don't you use eval()?

>> Because users can create their own columns, with their own constraints.
>> Therefore the string is user-modifiable, so it cannot be trusted.

> Plenty of reason right there
> Is it a requirement that they be able to key in a constraint as a
> single string? We have a similar situation in one of the systems at
> work, so we divided the input into three(ish) parts: pick a field,
> pick an operator (legal operators vary according to field type -
> integers can't be compared against regular expressions, timestamps can
> use >= and < only), then enter the other operand. Sure, that cuts out
> a few possibilities, but you get 99.9%+ of all usage and it's easy to
> sanitize.
> ChrisA

It is not a requirement, no. I just thought it would be a convenient

I had in mind something similar to your scheme above, so I guess I will
have to bite the bullet and implement it.



Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
A question about float/clear fulio pen HTML 2 05-18-2013 01:37 AM
question about try/except blocks J Python 1 05-03-2013 03:02 AM
Re: question about try/except blocks Devin Jeanpierre Python 0 05-03-2013 02:23 AM
silly question about Running a script from the command line A.Rock Python 0 04-10-2013 11:21 AM
newbie question about confusing exception handling in urllib Python 6 04-09-2013 07:11 PM