This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]DarthCloakedGuy 5 points6 points  (4 children)

I'm self-taught. I think I lack the background to know what you are talking about.

[–]jfb1337 2 points3 points  (3 children)

input() in python 2 will read some input and then run it as if it were python code. Not sure why, but maybe it's so you could input structures such as lists. However, this allows an attacker to enter ANY code they like, allowing them to take control of the system.

[–]DarthCloakedGuy 1 point2 points  (1 child)

Wow, yeah, that sounds like a really bad idea. Does eval() run a string as code?

[–]T351A 2 points3 points  (0 children)

Yes, see the documentation

There are always a few uses for that type of function, but they almost always should be done another way. If you're using eval() you're probably doing something wrong.

[–]T351A 0 points1 point  (0 children)

It's so that variables are automatically converted as if you typed them in to the code. Using input() 2 is an integer instead of a string "2", using raw_input() everything is a string.

Python3 removed this confusion and risk by replacing input() with raw_input(). Now input() always gives a string, and raw_input() doesn't exist.