oh god

"The difference between stupidity and genius is that genius has it's limits." -Albert Einstein

I honestly wasn't expecting anything. Python really amazes me!!

Yeah, bad advice at it's finest ❤️

what do you mean? I shouldn't use it?

Never, except for testing purposes

A similar function is found in other languages. But this has a security problem

True to his nickname

but why? it is working fine

Yeah, before exploding in your face.

Are you saying it's not correct?

can you please elaborate? or point me to a source please

Im saying you really ignorant sar.

there is one flaw you should be aware of. It executes any executable expression that was passed there. For example if you host the script at your PC, someone can input a code to format your C drive or sth like that. source google: python eval() docs

Eval is like a "try jumping" signal before a pit Sometimes the pit is small, but others there is no floor. And yes, it's a dark souls reference

It executes the inputs. So malicious code can be injected

I got it now. Thank you guys. So is there any alternative for this?

Literal_eval from ast built-in library Or handling the input() correctly with some casting and exception handling.

btw a = set(s := (input())) b = {"0","1,...,"9","+","-","*","/"} if len(a.difference(b)) == 0: eval(s) is this safe

https://stackoverflow.com/questions/15197673/using-pythons-eval-vs-ast-literal-eval

Eval is never safe and it should never be used in code that is not for testing

First, delete the allowed operations from the string. Then you just have to have a number. If it is a number, pass it to the function 2 + 2 Delete spaces and + 22 .isnumeric() ? Yes So Eval("2 + 2")

yes someone might still find a flaw that can be used as an exploit, just asking :)

again, try literal_eval

someone asked for the question, i couldn't tag their name

But why no one gave an answer before now? I was only trying to help. Smh you could have given your critism without having to type an Einstein's quote to insult me.

well, you shouldnt give bad advice

For example, eval for me it's incredibly dangerous to use, I hope it's not the same with global variables

don't

their values can be changed by anything, it really depends on the code after all.

!eval

Do not use eval. It's a security risk, just like exec. If applicable, consider safe alternatives such as class constructors like int(x) or float(x) in a try-except clause, or ast.literal_eval, which can evaluate Python literals: >>> ast.literal_eval( "[1, 2, 3]" ) [1, 2, 3]

https://t.me/Python/1262676