Is It Ever Useful to Use Python's Input Over Raw_Input

Is it ever useful to use Python's input over raw_input?

Is it ever useful to use Python 2's input over raw_input?

No.

input() evaluates the code the user gives it. It puts the full power of Python in the hands of the user. With generator expressions/list comprehensions, __import__, and the if/else operators, literally anything Python can do can be achieved with a single expression. Malicious users can use input() to remove files (__import__('os').remove('precious_file')), monkeypatch the rest of the program (setattr(__import__('__main__'), 'function', lambda:42)), ... anything.

A normal user won't need to use all the advanced functionality. If you don't need expressions, use ast.literal_eval(raw_input()) – the literal_eval function is safe.

If you're writing for advanced users, give them a better way to input code. Plugins, user modules, etc. – something with the full Python syntax, not just the functionality.

If you're absolutely sure you know what you're doing, say eval(raw_input()). The eval screams "I'm dangerous!" to the trained eye. But, odds are you won't ever need this.

input() was one of the old design mistakes that Python 3 is solving.

What's the difference between `raw_input()` and `input()` in Python 3?

The difference is that raw_input() does not exist in Python 3.x, while input() does. Actually, the old raw_input() has been renamed to input(), and the old input() is gone, but can easily be simulated by using eval(input()). (Remember that eval() is evil. Try to use safer ways of parsing your input if possible.)

raw_input function in Python

It presents a prompt to the user (the optional arg of raw_input([arg])), gets input from the user and returns the data input by the user in a string. See the docs for raw_input().

Example:

name = raw_input("What is your name? ")
print "Hello, %s." % name

This differs from input() in that the latter tries to interpret the input given by the user; it is usually best to avoid input() and to stick with raw_input() and custom parsing/conversion code.

Note: This is for Python 2.x

How do I use raw_input in Python 3?

Starting with Python 3, raw_input() was renamed to input().

From What’s New In Python 3.0, Builtins section second item.

Differences between `input` and `raw_input`

In python 2.x, raw_input() returns a string and input() evaluates the input in the execution context in which it is called

>>> x = input()
"hello"
>>> y = input()
x + " world"
>>> y
'hello world'

In python 3.x, input has been scrapped and the function previously known as raw_input is now input. So you have to manually call compile and than eval if you want the old functionality.

python2.x                    python3.x

raw_input()   --------------> input()               
input()  -------------------> eval(input())

In 3.x, the above session goes like this

>>> x = eval(input())
'hello'
>>> y = eval(input())
x + ' world'
>>> y
'hello world'
>>>

So you were probably getting an error at the interpretor because you weren't putting quotes around your input. This is necessary because it's evaluated. Where you getting a name error?

Simple explanation of security issues related to input() vs raw_input()

The input() function in Python 2.x evaluates things before returning.

So as an example you can take a look at this -

>>> input("Enter Something : ")
Enter Something : exit()

This would cause the program to exit (as it would evaluate exit()).

Another example -

>>> input("Enter something else :")
Enter something else :__import__("os").listdir('.')
['.gtkrc-1.2-gnome2', ...]

This would list out the contents of current directory , you can also use functions such as os.chdir() , os.remove() , os.removedirs() , os.rmdir()

input vs. raw_input: Python Interactive Shell Application?

You're running it under Python 2.x, where input() actually evaluates what you type as a Python expression. Thus, it's looking for a variable named hello, and, since you haven't defined one, it throws the error. Either use Python 3.x, or use raw_input().

From the parentheses in your print I assume you intended to run it under Python 3.x.


Related Topics

What's the Fastest Way in Python to Calculate Cosine Similarity Given Sparse Matrix Data

How to Override the [] Operator in Python

Get Lat/Long Given Current Point, Distance and Bearing

Find First Element in a Sequence That Matches a Predicate

Python Nested Functions Variable Scoping

Pandas Groupby Month and Year

What Is the Point of Indexing in Pandas

How to Apply Piecewise Linear Fit in Python

Binary Representation of Float in Python (Bits Not Hex)

Recursive Pattern in Regex

Is the Server Bundled with Flask Safe to Use in Production

Underscore _ as Variable Name in Python

How to Add an Integer to Each Element in a List

Absolute VS. Explicit Relative Import of Python Module

Python Os.Path.Join on Windows

Python: Count Repeated Elements in the List

Redirecting Stdout and Stderr to a Pyqt4 Qtextedit from a Secondary Thread

Url Query Parameters to Dict Python


Leave a reply



Submit