How do I execute a string containing Python code in Python?

后端 未结 14 2404
一向
一向 2020-11-22 02:42

How do I execute a string containing Python code in Python?

相关标签:
14条回答
  • 2020-11-22 02:47

    As the others mentioned, it's "exec" ..

    but, in case your code contains variables, you can use "global" to access it, also to prevent the compiler to raise the following error:

    NameError: name 'p_variable' is not defined

    exec('p_variable = [1,2,3,4]')
    global p_variable
    print(p_variable)
    
    0 讨论(0)
  • 2020-11-22 02:48

    It's worth mentioning, that' exec's brother exist as well called execfile if you want to call a python file. That is sometimes good if you are working in a third party package which have terrible IDE's included and you want to code outside of their package.

    Example:

    execfile('/path/to/source.py)'

    or:

    exec(open("/path/to/source.py").read())

    0 讨论(0)
  • 2020-11-22 02:49

    You accomplish executing code using exec, as with the following IDLE session:

    >>> kw = {}
    >>> exec( "ret = 4" ) in kw
    >>> kw['ret']
    
    4
    
    0 讨论(0)
  • 2020-11-22 02:51

    For statements, use exec(string) (Python 2/3) or exec string (Python 2):

    >>> mycode = 'print "hello world"'
    >>> exec(mycode)
    Hello world
    

    When you need the value of an expression, use eval(string):

    >>> x = eval("2+2")
    >>> x
    4
    

    However, the first step should be to ask yourself if you really need to. Executing code should generally be the position of last resort: It's slow, ugly and dangerous if it can contain user-entered code. You should always look at alternatives first, such as higher order functions, to see if these can better meet your needs.

    0 讨论(0)
  • 2020-11-22 02:54

    Remember that from version 3 exec is a function!
    so always use exec(mystring) instead of exec mystring.

    0 讨论(0)
  • 2020-11-22 02:55

    Avoid exec and eval

    Using exec and eval in Python is highly frowned upon.

    There are better alternatives

    From the top answer (emphasis mine):

    For statements, use exec.

    When you need the value of an expression, use eval.

    However, the first step should be to ask yourself if you really need to. Executing code should generally be the position of last resort: It's slow, ugly and dangerous if it can contain user-entered code. You should always look at alternatives first, such as higher order functions, to see if these can better meet your needs.

    From Alternatives to exec/eval?

    set and get values of variables with the names in strings

    [while eval] would work, it is generally not advised to use variable names bearing a meaning to the program itself.

    Instead, better use a dict.

    It is not idiomatic

    From http://lucumr.pocoo.org/2011/2/1/exec-in-python/ (emphasis mine)

    Python is not PHP

    Don't try to circumvent Python idioms because some other language does it differently. Namespaces are in Python for a reason and just because it gives you the tool exec it does not mean you should use that tool.

    It is dangerous

    From http://nedbatchelder.com/blog/201206/eval_really_is_dangerous.html (emphasis mine)

    So eval is not safe, even if you remove all the globals and the builtins!

    The problem with all of these attempts to protect eval() is that they are blacklists. They explicitly remove things that could be dangerous. That is a losing battle because if there's just one item left off the list, you can attack the system.

    So, can eval be made safe? Hard to say. At this point, my best guess is that you can't do any harm if you can't use any double underscores, so maybe if you exclude any string with double underscores you are safe. Maybe...

    It is hard to read and understand

    From http://stupidpythonideas.blogspot.it/2013/05/why-evalexec-is-bad.html (emphasis mine):

    First, exec makes it harder to human beings to read your code. In order to figure out what's happening, I don't just have to read your code, I have to read your code, figure out what string it's going to generate, then read that virtual code. So, if you're working on a team, or publishing open source software, or asking for help somewhere like StackOverflow, you're making it harder for other people to help you. And if there's any chance that you're going to be debugging or expanding on this code 6 months from now, you're making it harder for yourself directly.

    0 讨论(0)
提交回复
热议问题