Re: Question about ast.literal_eval

Discussion in 'Python' started by Chris Angelico, May 20, 2013.

  1. On Mon, May 20, 2013 at 5:50 PM, Frank Millman <> wrote:
    > On 20/05/2013 09:34, Carlos Nepomuceno wrote:
    >> Why don't you use eval()?
    >>

    >
    > Because users can create their own columns, with their own constraints.
    > Therefore the string is user-modifiable, so it cannot be trusted.


    Plenty of reason right there :)

    Is it a requirement that they be able to key in a constraint as a
    single string? We have a similar situation in one of the systems at
    work, so we divided the input into three(ish) parts: pick a field,
    pick an operator (legal operators vary according to field type -
    integers can't be compared against regular expressions, timestamps can
    use >= and < only), then enter the other operand. Sure, that cuts out
    a few possibilities, but you get 99.9%+ of all usage and it's easy to
    sanitize.

    ChrisA
     
    Chris Angelico, May 20, 2013
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Frank Millman

    Question about ast.literal_eval

    Frank Millman, May 20, 2013, in forum: Python
    Replies:
    2
    Views:
    136
    Frank Millman
    May 21, 2013
  2. Carlos Nepomuceno

    RE: Question about ast.literal_eval

    Carlos Nepomuceno, May 20, 2013, in forum: Python
    Replies:
    0
    Views:
    82
    Carlos Nepomuceno
    May 20, 2013
  3. Chris Angelico

    Re: Question about ast.literal_eval

    Chris Angelico, May 20, 2013, in forum: Python
    Replies:
    0
    Views:
    97
    Chris Angelico
    May 20, 2013
  4. Frank Millman

    Re: Question about ast.literal_eval

    Frank Millman, May 20, 2013, in forum: Python
    Replies:
    0
    Views:
    92
    Frank Millman
    May 20, 2013
  5. Carlos Nepomuceno

    RE: Question about ast.literal_eval

    Carlos Nepomuceno, May 20, 2013, in forum: Python
    Replies:
    1
    Views:
    110
    Steven D'Aprano
    May 20, 2013
Loading...

Share This Page