问题
From the Python 2to3 doc:
input:Converts
input(prompt)toeval(input(prompt))
I am currently trying to learn Python 3 after a few years working with Python 2. Can anybody please explain why the tool inserts eval before the call to input, and whether I should do so in all my Python 3 code?
回答1:
python 2's old input behavior has been removed, python 3's current input was what was previously named raw_input. raw_input and python 3 input always returns a string, unlike input which tries to evaluate the input as an expression.
The 2to3 tool inserted an eval because it has no way to tell if you're relying on the old input automatically evaluating its inputs. The old input behavior is deemed a mistake because you can evaluate pretty much any valid python expression, therefore any python program that uses input() has a glaring security hole. After conversion, you should evaluate each use of eval and determine whether that part of the code are going to be receiving any untrusted user input.
You should never uses eval(input()), except perhaps in throwaway scripts. There is no way to make eval secure.
来源:https://stackoverflow.com/questions/12168978/evalinput-in-python-2to3