7 comments

[ 15.1 ms ] story [ 21.7 ms ] thread
I think better advice would be "Don't use eval on user-supplied strings".

It is quite safe to use eval on strings you generate yourself. It's like using macros, but with added syntax errors.

That also works for marketing static typing - now with added syntax errors!
Put in his place by his lecturer on his own blog, nice.
The most noteworthy thing about this (misguided) post is that the blogger's professor responded, thoroughly (http://blog.thetonk.com/archives/dont-be-lazy-dont-use-eval#...) and the blogger gracefully backed down("I was proven wrong. It happens.")
I have to point out that (IMHO) you've taken that quote a _bit_ out of context. If you'll read the rest of my remarks, you'll see the qualification text: I was wrong about eval() in Python however my arguments remain standing in languages which don't support sandboxing - and, as a few readers pointed out, even Python's sandboxing isn't a sure bet. I used Python in my examples because that's where the original disagreement arose.