python 2to3中的eval(input())
[英]eval(input()) in python 2to3
问题描述
From the Python 2to3 doc : 
从Python 2to3 doc中 :
input:input:Converts
input(prompt)toeval(input(prompt))input(prompt)转换为eval(input(prompt))
I am currently trying to learn Python 3 after a few years working with Python 2. Can anybody please explain why the tool inserts eval before the call to input , and whether I should do so in all my Python 3 code? 在使用Python 2几年后,我目前正在尝试学习Python3。有人可以解释为什么该工具在调用input之前插入eval ,以及是否应该在所有Python 3代码中都这样做吗?
1 个解决方案
解决方案1
7 已采纳 2012-08-29 00:46:40
python 2's old input behavior has been removed, python 3's current input was what was previously named raw_input. python 2的旧输入行为已被删除,python 3的当前输入是以前称为raw_input的输入。 raw_input and python 3 input always returns a string, unlike input which tries to evaluate the input as an expression. raw_input和python 3 input始终返回字符串,这与input尝试将输入作为表达式求值不同。
The 2to3 tool inserted an eval because it has no way to tell if you're relying on the old input automatically evaluating its inputs. 2to3工具插入了一个eval,因为它无法告诉您是否依靠旧输入自动评估其输入。 The old input behavior is deemed a mistake because you can evaluate pretty much any valid python expression, therefore any python program that uses input() has a glaring security hole. 旧的输入行为被认为是错误的,因为您几乎可以评估任何有效的python表达式,因此,任何使用input()的python程序都有明显的安全漏洞。 After conversion, you should evaluate each use of eval and determine whether that part of the code are going to be receiving any untrusted user input. 转换后,您应该评估对eval的每次使用,并确定该部分代码是否将要接收任何不受信任的用户输入。
You should never uses eval(input()), except perhaps in throwaway scripts. 除非在一次性脚本中使用,否则永远不要使用eval(input())。 There is no way to make eval secure. 没有办法使评估安全。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.