#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2004
    Posts
    88
    Rep Power
    10

    Evaluating a String Input


    Ok, I'm not sure if that was a good title for this at all, but here's my problem.
    Say I ask the user to input an expression so something like this:
    Code:
    w = raw_input("Please enter an expression: ")
    And then I put in a try/except in there to test its validity, how would i make so that the string inputted would be evaluated as if it went into the command line.
    (ie: I put 4+7 in the command line and it outputs 11, how would I do that the same way such as the user inputs '4+7' as a string, is there some function that can help me?)
    Thanks.
  2. #2
  3. Contributing User
    Devshed Intermediate (1500 - 1999 posts)

    Join Date
    Dec 2004
    Location
    Meriden, Connecticut
    Posts
    1,797
    Rep Power
    154
    Unless I undderstood you incorrectly, the int() function should work fine.
    Code:
    w = raw_input("Please enter an expression: ")
    try:
        print int(w)
    except Exception, inst:
        print inst
    If this doesn't work, you may need to use the eval() function, I can help you with that if that is the case. You could also do it the way you were originally thinking off. Replace raw_input with input. raw_input is for strings, input is integers only.
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2004
    Posts
    73
    Rep Power
    10
    if you tried int( "1+1" ) it will certainly give you an error

    anyway, say you stored the input string in a variable called strVar1 then you would do
    exec "Result =" + strVar1 # This will evaluate whatever in strVar1

    eval() will work also as stated by Yegg

    afterall this is not safe, you might want to construct your calculator with either regular expressions or char-by-char parsing

    tell me what you want to do exactly we might help a little
  6. #4
  7. Contributing User
    Devshed Intermediate (1500 - 1999 posts)

    Join Date
    Dec 2004
    Location
    Meriden, Connecticut
    Posts
    1,797
    Rep Power
    154
    Or replace raw_input with plain old input. input is for integers ONLY.
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2004
    Posts
    88
    Rep Power
    10
    Why would this not be safe?
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2005
    Posts
    78
    Rep Power
    10
    Originally Posted by pylon
    Why would this not be safe?
    try inputting __import__("os").listdir(".")... Note that this is why input() is also unsafe. Use raw_input()

    --OH.
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2004
    Posts
    73
    Rep Power
    10
    Originally Posted by pylon
    Why would this not be safe?
    as hydroxide mentioned with input, also same effect takes place with exec
    you can actually construct a whole program, read/change variables, import modules..........
  14. #8
  15. No Profile Picture
    Contributing User
    Devshed Intermediate (1500 - 1999 posts)

    Join Date
    Feb 2004
    Location
    London, England
    Posts
    1,585
    Rep Power
    1373
    you can make eval safer by disabling the builtin functions.

    Code:
    >>> namespace= { '__builtins__': None }
    >>> eval('1+2', namespace)
    3
    >>> eval('__import__("os").listdir(".")', namespace)
    Traceback (most recent call last):
      File "<interactive input>", line 1, in ?
      File "<string>", line 0, in ?
    NameError: name '__import__' is not defined
    By creating a namespace with '__builtins__' set to None, you prevent the user from accessing any of the standard functions or objects. You can selectively add objects to the namespace if they are needed.

    This is still not 100% safe. someone could use up all your memory by creating a very large array with an expression like '[1] * 100000000000L'.

    Dave - The Developers' Coach

    Comments on this post

    • hydroxide agrees
  16. #9
  17. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2004
    Posts
    73
    Rep Power
    10
    Originally Posted by DevCoach
    you can make eval safer by disabling the builtin functions.

    Code:
    >>> namespace= { '__builtins__': None }
    >>> eval('1+2', namespace)
    3
    >>> eval('__import__("os").listdir(".")', namespace)
    Traceback (most recent call last):
      File "<interactive input>", line 1, in ?
      File "<string>", line 0, in ?
    NameError: name '__import__' is not defined
    By creating a namespace with '__builtins__' set to None, you prevent the user from accessing any of the standard functions or objects. You can selectively add objects to the namespace if they are needed.

    This is still not 100% safe. someone could use up all your memory by creating a very large array with an expression like '[1] * 100000000000L'.

    Dave - The Developers' Coach
    I agree

IMN logo majestic logo threadwatch logo seochat tools logo