Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #45710 > unrolled thread

Newbie question about evaluating raw_input() responses

Back to article view | Back to comp.lang.python

Contents

  Newbie question about evaluating raw_input() responses "C. N. Desrosiers" <cndesrosiers@gmail.com> - 2013-05-21 23:23 -0700
    Re: Newbie question about evaluating raw_input() responses Fábio Santos <fabiosantosart@gmail.com> - 2013-05-22 07:35 +0100
      Re: Newbie question about evaluating raw_input() responses "C. N. Desrosiers" <cndesrosiers@gmail.com> - 2013-05-21 23:52 -0700
    Re: Newbie question about evaluating raw_input() responses Kevin Xi <kevin.xgr@gmail.com> - 2013-05-21 23:52 -0700
      Re: Newbie question about evaluating raw_input() responses Chris Angelico <rosuav@gmail.com> - 2013-05-22 17:19 +1000
      Re: Newbie question about evaluating raw_input() responses Alister <alister.ware@ntlworld.com> - 2013-05-22 22:31 +0000
        RE: Newbie question about evaluating raw_input() responses Carlos Nepomuceno <carlosnepomuceno@outlook.com> - 2013-05-23 01:55 +0300
        Re: Newbie question about evaluating raw_input() responses Kevin Xi <kevin.xgr@gmail.com> - 2013-05-22 18:56 -0700
        Re: Newbie question about evaluating raw_input() responses Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-05-23 04:47 +0000
          Re: Newbie question about evaluating raw_input() responses Chris Angelico <rosuav@gmail.com> - 2013-05-23 16:04 +1000
          Re: Newbie question about evaluating raw_input() responses Terry Jan Reedy <tjreedy@udel.edu> - 2013-05-23 03:11 -0400
          Re: Newbie question about evaluating raw_input() responses Chris Angelico <rosuav@gmail.com> - 2013-05-23 17:20 +1000
            Re: Newbie question about evaluating raw_input() responses Nobody <nobody@nowhere.com> - 2013-05-25 19:27 +0100
              Re: Newbie question about evaluating raw_input() responses Chris Angelico <rosuav@gmail.com> - 2013-05-26 04:33 +1000
              Re: Newbie question about evaluating raw_input() responses Fábio Santos <fabiosantosart@gmail.com> - 2013-05-25 23:11 +0100
        Re: Newbie question about evaluating raw_input() responses Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2013-05-23 18:51 -0400

#45710 — Newbie question about evaluating raw_input() responses

Hi,

I'm just starting out with Python and to practice I am trying to write a script that can have a simple conversation with the user.

When I run the below code, it always ends up printing response to "if age > 18:" -- even if I enter a value below 18.

Can anyone point me to what I am doing wrong?  Many thanks in advance.

age=raw_input('Enter your age: ')
if age > 18:
    print ('Wow, %s. You can buy cigarettes.' % age)
else:
    print ('You are a young grasshopper.')

[toc] | [next] | [standalone]

#45711

[Multipart message — attachments visible in raw view] — view raw

You have to convert `age` to an integer. Use int() to do it. Then you can
compare it to other numbers and obtain the expected results.
On 22 May 2013 07:29, "C. N. Desrosiers" <cndesrosiers@gmail.com> wrote:

> Hi,
>
> I'm just starting out with Python and to practice I am trying to write a
> script that can have a simple conversation with the user.
>
> When I run the below code, it always ends up printing response to "if age
> > 18:" -- even if I enter a value below 18.
>
> Can anyone point me to what I am doing wrong?  Many thanks in advance.
>
> age=raw_input('Enter your age: ')
> if age > 18:
>     print ('Wow, %s. You can buy cigarettes.' % age)
> else:
>     print ('You are a young grasshopper.')
> --
> http://mail.python.org/mailman/listinfo/python-list
>

[toc] | [prev] | [next] | [standalone]

#45714

Muchas gracias!

On Wednesday, May 22, 2013 2:35:18 AM UTC-4, Fábio Santos wrote:
> You have to convert `age` to an integer. Use int() to do it. Then you can compare it to other numbers and obtain the expected results.
> 
> On 22 May 2013 07:29, "C. N. Desrosiers" <cndesr...@gmail.com> wrote:
> 
> Hi,
> 
> 
> 
> I'm just starting out with Python and to practice I am trying to write a script that can have a simple conversation with the user.
> 
> 
> 
> When I run the below code, it always ends up printing response to "if age > 18:" -- even if I enter a value below 18.
> 
> 
> 
> Can anyone point me to what I am doing wrong?  Many thanks in advance.
> 
> 
> 
> age=raw_input('Enter your age: ')
> 
> if age > 18:
> 
>     print ('Wow, %s. You can buy cigarettes.' % age)
> 
> else:
> 
>     print ('You are a young grasshopper.')
> 
> --
> 
> http://mail.python.org/mailman/listinfo/python-list

[toc] | [prev] | [next] | [standalone]

#45713

On Wednesday, May 22, 2013 2:23:15 PM UTC+8, C. N. Desrosiers wrote:
> Hi,
> 
Hi,
> 
> I'm just starting out with Python and to practice I am trying to write a script that can have a simple conversation with the user.
> 
So you may want to search the doc before you ask: http://docs.python.org
> 
> When I run the below code, it always ends up printing response to "if age > 18:" -- even if I enter a value below 18.
> 
> 
> 
> Can anyone point me to what I am doing wrong?  Many thanks in advance.
> 
> 
> 
> age=raw_input('Enter your age: ')
> 
> if age > 18:
> 
>     print ('Wow, %s. You can buy cigarettes.' % age)
> 
> else:
> 
>     print ('You are a young grasshopper.')

You can either use `raw_input` to read data and convert it to right type, or use `input` to get an integer directly. Read this: http://docs.python.org/2/library/functions.html#raw_input
http://docs.python.org/2/library/functions.html#input

                                                                     Kevin

[toc] | [prev] | [next] | [standalone]

#45716

On Wed, May 22, 2013 at 4:52 PM, Kevin Xi <kevin.xgr@gmail.com> wrote:
> On Wednesday, May 22, 2013 2:23:15 PM UTC+8, C. N. Desrosiers wrote:
>> age=raw_input('Enter your age: ')
>> if age > 18:
>
> You can either use `raw_input` to read data and convert it to right type, or use `input` to get an integer directly. Read this: http://docs.python.org/2/library/functions.html#raw_input
> http://docs.python.org/2/library/functions.html#input

No! No, please do NOT use input()! It does not return an integer; it
*evaluates* (that is, executes) the input.

>>> input('Enter your age: ')
Enter your age: 18
18
>>> input('Enter your age: ')
Enter your age: 1+2+4+5+6
18
>>> input('Enter your age: ')
Enter your age: sys.stdout.write("Hello, world!\n") or 18
Hello, world!
18
>>> input('Enter your age: ')
Enter your age: sys.exit(0)

This is almost certainly NOT what you want to have in your script. If
you want an integer, just pass it through int() as Fabio suggested.

Please do not use, or advocate using, this steam-powered Izzet goblin
hammer for cracking walnuts.

ChrisA

[toc] | [prev] | [next] | [standalone]

#45753

On Tue, 21 May 2013 23:52:30 -0700, Kevin Xi wrote:

> On Wednesday, May 22, 2013 2:23:15 PM UTC+8, C. N. Desrosiers wrote:
>> Hi,
>> 
> Hi,
>> 
>> I'm just starting out with Python and to practice I am trying to write
>> a script that can have a simple conversation with the user.
>> 
> So you may want to search the doc before you ask: http://docs.python.org
>> 
>> When I run the below code, it always ends up printing response to "if
>> age > 18:" -- even if I enter a value below 18.
>> 
>> 
>> 
>> Can anyone point me to what I am doing wrong?  Many thanks in advance.
>> 
>> 
>> 
>> age=raw_input('Enter your age: ')
>> 
>> if age > 18:
>> 
>>     print ('Wow, %s. You can buy cigarettes.' % age)
>> 
>> else:
>> 
>>     print ('You are a young grasshopper.')
> 
> You can either use `raw_input` to read data and convert it to right
> type, or use `input` to get an integer directly. Read this:
> http://docs.python.org/2/library/functions.html#raw_input
> http://docs.python.org/2/library/functions.html#input
> 
>                                                                      
Kevin

Please write out 1000 time (without using any form of loop)

"NEVER use input in python <3.0 it is EVIL"*

as Chris A point out it executes user input an can cause major damage 
(reformatting the hard disk is not impossible!)


-- 
Quality Control, n.:
	The process of testing one out of every 1,000 units coming off
	a production line to make sure that at least one out of 100 works.

[toc] | [prev] | [next] | [standalone]

#45755

----------------------------------------
> From: alister.ware@ntlworld.com
[...]
> Kevin
>
> Please write out 1000 time (without using any form of loop)
>
> "NEVER use input in python <3.0 it is EVIL"*
>
> as Chris A point out it executes user input an can cause major damage
> (reformatting the hard disk is not impossible!)
>

Indeed! input is eval(raw_input())! lol 		 	   		  

[toc] | [prev] | [next] | [standalone]

#45766

Oh yes, you guys are right. Thank you very much for warning me that.

On Thursday, May 23, 2013 6:31:04 AM UTC+8, Alister wrote:

> 
> as Chris A point out it executes user input an can cause major damage 
> 
> (reformatting the hard disk is not impossible!)
> 

It definitely can cause major damage! I try to input `os.system('rm -rf *')` and it really delete all stuff under the directory:(, I have never realized it can do that harm. Sorry for misleading you C. N. Desrosiers.

[toc] | [prev] | [next] | [standalone]

#45772

On Wed, 22 May 2013 22:31:04 +0000, Alister wrote:

> Please write out 1000 time (without using any form of loop)
> 
> "NEVER use input in python <3.0 it is EVIL"*
> 
> as Chris A point out it executes user input an can cause major damage
> (reformatting the hard disk is not impossible!)

Is he allowed to use eval instead of a loop?

print (eval("NEVER use input in python <3.0 it is EVIL\n"*1000))

*wink*


But all joking aside, eval is dangerous, yes, but it is not "evil". It 
needs to be handled with caution, but there are good uses for it. In 
fact, there are a few -- a very few -- things which can *only* be done 
with eval or exec. That's why it is part of the language! 

(I just wish that eval and exec where in a module, rather than built-in, 
to help discourage casual usage by beginners who don't know what they're 
doing.)

For example, collections.namedtuple uses eval to dynamically generate new 
classes on the fly from arguments given. But it is safe to use, because 
it has been designed by experts to be safe and tested in great detail.

So while it is right and proper to treat eval with great respect as a 
powerful (and therefore dangerous) tool, and avoid it whenever you don't 
*need* it, there is no reason to be irrational about it :-)



-- 
Steven

[toc] | [prev] | [next] | [standalone]

#45774

On Thu, May 23, 2013 at 2:47 PM, Steven D'Aprano
<steve+comp.lang.python@pearwood.info> wrote:
> But all joking aside, eval is dangerous, yes, but it is not "evil". It
> needs to be handled with caution, but there are good uses for it. In
> fact, there are a few -- a very few -- things which can *only* be done
> with eval or exec. That's why it is part of the language!
>...
>
> So while it is right and proper to treat eval with great respect as a
> powerful (and therefore dangerous) tool, and avoid it whenever you don't
> *need* it, there is no reason to be irrational about it :-)

No need to be irrational about eval(), but I do agree that input()
should never be used. Especially now that Py3 has changed the meaning
of input(), it's potentially very confusing to call the old function;
be explicit and use eval(raw_input()) if you actually want that.

Quite apart from the extreme danger of eval'ing something tainted
(which isn't a problem if you KNOW the user's trusted - eg if you're
effectively writing an interactive interpreter for yourself), input()
is just too concealing; it's not obvious that code will be executed.

Above all, I don't want to see people advised to eval things as a
solution to simple problems. Maybe it's safe *right now*, but any
advice that solves today's problem will be used to solve tomorrow's
problem too, and tomorrow's problem will involve code going to someone
untrusted who suddenly gets full code execution.

But this is why we have a mailing list, not one-on-one advice. Kevin's
post is bound to get a follow-up, just as my posts are when I say
something incorrect. It gives that measure of extra confidence:
"Correct me if I'm wrong, but..." is implicitly prefixed to everything
:)

So Kevin, please don't get me wrong: I'm not hating on you, I'm not
wishing you hadn't posted. But I *will* speak strongly against the Py2
input() function. :)

Chris Angelico

[toc] | [prev] | [next] | [standalone]

#45779

On 5/23/2013 12:47 AM, Steven D'Aprano wrote:
> On Wed, 22 May 2013 22:31:04 +0000, Alister wrote:
>
>> Please write out 1000 time (without using any form of loop)
>>
>> "NEVER use input in python <3.0 it is EVIL"*

> But all joking aside, eval is dangerous, yes, but it is not "evil".

He put that label on *input*, not eval -- I presume for hiding dangerous 
eval.

[toc] | [prev] | [next] | [standalone]

#45782

On Thu, May 23, 2013 at 5:11 PM, Terry Jan Reedy <tjreedy@udel.edu> wrote:
> On 5/23/2013 12:47 AM, Steven D'Aprano wrote:
>>
>> On Wed, 22 May 2013 22:31:04 +0000, Alister wrote:
>>
>>> Please write out 1000 time (without using any form of loop)
>>>
>>> "NEVER use input in python <3.0 it is EVIL"*
>
>
>> But all joking aside, eval is dangerous, yes, but it is not "evil".
>
>
> He put that label on *input*, not eval -- I presume for hiding dangerous
> eval.

Aside: Why was PHP's /e regexp option ever implemented? I can
understand evalling inputted text - that's how you write an
interactive interpreter. But why would you arbitrarily eval the result
of a regexp replacement? That seems... really weird. Like building a
gun with a "Reverse" switch that fires the bullet down the butt
instead of the barrel.

ChrisA

[toc] | [prev] | [next] | [standalone]

#46019

On Thu, 23 May 2013 17:20:19 +1000, Chris Angelico wrote:

> Aside: Why was PHP's /e regexp option ever implemented?

Because it's a stupid idea, and that's the only requirement for a feature
to be implemented in PHP.

[toc] | [prev] | [next] | [standalone]

#46020

On Sun, May 26, 2013 at 4:27 AM, Nobody <nobody@nowhere.com> wrote:
> On Thu, 23 May 2013 17:20:19 +1000, Chris Angelico wrote:
>
>> Aside: Why was PHP's /e regexp option ever implemented?
>
> Because it's a stupid idea, and that's the only requirement for a feature
> to be implemented in PHP.

Hey, don't be rude. I mean, not that it isn't true, but it's still
rude to say it.

Ah, who am I kidding. Be as rude as you like. I have to work with PHP all week.

ChrisA

[toc] | [prev] | [next] | [standalone]

#46021

[Multipart message — attachments visible in raw view] — view raw

On 25 May 2013 19:37, "Chris Angelico" <rosuav@gmail.com> wrote:
> Ah, who am I kidding. Be as rude as you like. I have to work with PHP all
week.
>
> ChrisA
> --
> http://mail.python.org/mailman/listinfo/python-list

I have cried.

[toc] | [prev] | [next] | [standalone]

#45851

On Wed, 22 May 2013 22:31:04 GMT, Alister <alister.ware@ntlworld.com>
declaimed the following in gmane.comp.python.general:


> 
> Please write out 1000 time (without using any form of loop)
> 
> "NEVER use input in python <3.0 it is EVIL"*
> 

	Shouldn't that be

"Never use input in Python < 3.0, it is EVAL"
<G>
-- 
	Wulfraed                 Dennis Lee Bieber         AF6VN
        wlfraed@ix.netcom.com    HTTP://wlfraed.home.netcom.com/

[toc] | [prev] | [standalone]

Back to top | Article view | comp.lang.python

csiph-web