Python’s eval()
allows you to evaluate arbitrary Python expressions from a string-based or compiled-code-based input. This function can be handy when you’re trying to dynamically evaluate Python expressions from any input that comes as a string or a compiled code object.
Although Python’s eval()
is an incredibly useful tool, the function has some important security implications that you should consider before using it. In this tutorial, you’ll learn how eval()
works and how to use it safely and effectively in your Python programs.
In this tutorial, you’ll learn:
- How Python’s
eval()
works - How to use
eval()
to dynamically evaluate arbitrary string-based or compiled-code-based input - How
eval()
can make your code insecure and how to minimize the associated security risks
Additionally, you’ll learn how to use Python’s eval()
to code an application that interactively evaluates math expressions. With this example, you’ll apply everything you’ve learned about eval()
to a real-world problem. If you want to get the code for this application, then you can click on the box below:
Download the sample code: Click here to get the code you'll use to learn about Python's eval() in this tutorial.
Understanding Python’s eval()
You can use the built-in Python eval()
to dynamically evaluate expressions from a string-based or compiled-code-based input. If you pass in a string to eval()
, then the function parses it, compiles it to bytecode, and evaluates it as a Python expression. But if you call eval()
with a compiled code object, then the function performs just the evaluation step, which is quite convenient if you call eval()
several times with the same input.
The signature of Python’s eval()
is defined as follows:
eval(expression[, globals[, locals]])
The function takes a first argument, called expression
, which holds the expression that you need to evaluate. eval()
also takes two optional arguments:
globals
locals
In the next three sections, you’ll learn what these arguments are and how eval()
uses them to evaluate Python expressions on the fly.
Note: You can also use exec()
to dynamically execute Python code. The main difference between eval()
and exec()
is that eval()
can only execute or evaluate expressions, whereas exec()
can execute any piece of Python code.
The First Argument: expression
The first argument to eval()
is called expression
. It’s a required argument that holds the string-based or compiled-code-based input to the function. When you call eval()
, the content of expression
is evaluated as a Python expression. Check out the following examples that use string-based input:
>>> eval("2 ** 8")
256
>>> eval("1024 + 1024")
2048
>>> eval("sum([8, 16, 32])")
56
>>> x = 100
>>> eval("x * 2")
200
When you call eval()
with a string as an argument, the function returns the value that results from evaluating the input string. By default, eval()
has access to global names like x
in the above example.
To evaluate a string-based expression
, Python’s eval()
runs the following steps:
- Parse
expression
- Compile it to bytecode
- Evaluate it as a Python expression
- Return the result of the evaluation
The name expression
for the first argument to eval()
highlights that the function works only with expressions and not with compound statements. The Python documentation defines expression as follows:
expression
A piece of syntax which can be evaluated to some value. In other words, an expression is an accumulation of expression elements like literals, names, attribute access, operators or function calls which all return a value. In contrast to many other languages, not all language constructs are expressions. There are also statements which cannot be used as expressions, such as
while
. Assignments are also statements, not expressions. (Source)
On the other hand, a Python statement has the following definition:
statement
A statement is part of a suite (a “block” of code). A statement is either an expression or one of several constructs with a keyword, such as
if
,while
orfor
. (Source)
If you try to pass a compound statement to eval()
, then you’ll get a SyntaxError
. Take a look at the following example in which you try to execute an if
statement using eval()
:
Read the full article at https://realpython.com/python-eval-function/ »
[ Improve Your Python With 🐍 Python Tricks 💌 – Get a short & sweet Python Trick delivered to your inbox every couple of days. >> Click here to learn more and see examples ]
from Real Python
read more
No comments:
Post a Comment