Why should exec() and eval() be avoided?

后端 未结 11 1984
Happy的楠姐
Happy的楠姐 2020-11-22 00:16

I\'ve seen this multiple times in multiple places, but never have found a satisfying explanation as to why this should be the case.

So, hopefully, one will be prese

11条回答
  •  感情败类
    2020-11-22 00:57

    There are often clearer, more direct ways to get the same effect. If you build a complex string and pass it to exec, the code is difficult to follow, and difficult to test.

    Example: I wrote code that read in string keys and values and set corresponding fields in an object. It looked like this:

    for key, val in values:
        fieldName = valueToFieldName[key]
        fieldType = fieldNameToType[fieldName]
        if fieldType is int:
            s = 'object.%s = int(%s)' % (fieldName, fieldType) 
        #Many clauses like this...
    
    exec(s)
    

    That code isn't too terrible for simple cases, but as new types cropped up it got more and more complex. When there were bugs they always triggered on the call to exec, so stack traces didn't help me find them. Eventually I switched to a slightly longer, less clever version that set each field explicitly.

    The first rule of code clarity is that each line of your code should be easy to understand by looking only at the lines near it. This is why goto and global variables are discouraged. exec and eval make it easy to break this rule badly.

提交回复
热议问题