Newbie question about evaluating raw_input() responses

[C. N. Desrosiers]

Hi,

I'm just starting out with Python and to practice I am trying to write a script that can have a simple conversation with the user.

When I run the below code, it always ends up printing response to "if age > 18:" -- even if I enter a value below 18.

Can anyone point me to what I am doing wrong? Many thanks in advance.

age=raw_input('Enter your age: ')
if age > 18:
print ('Wow, %s. You can buy cigarettes.' % age)
else:
print ('You are a young grasshopper.')

 

[Kevin Xi]

Hi,
Hi,

I'm just starting out with Python and to practice I am trying to write a script that can have a simple conversation with the user.

So you may want to search the doc before you ask: http://docs.python.org

When I run the below code, it always ends up printing response to "if age > 18:" -- even if I enter a value below 18.



Can anyone point me to what I am doing wrong? Many thanks in advance.



age=raw_input('Enter your age: ')

if age > 18:

print ('Wow, %s. You can buy cigarettes.' % age)

else:

print ('You are a young grasshopper.')

You can either use `raw_input` to read data and convert it to right type, or use `input` to get an integer directly. Read this: http://docs.python.org/2/library/functions.html#raw_input
http://docs.python.org/2/library/functions.html#input

Kevin

 

[C. N. Desrosiers]

Muchas gracias!

 

[Chris Angelico]

You can either use `raw_input` to read data and convert it to right type, or use `input` to get an integer directly. Read this: http://docs.python.org/2/library/functions.html#raw_input
http://docs.python.org/2/library/functions.html#input

No! No, please do NOT use input()! It does not return an integer; it
*evaluates* (that is, executes) the input.
Enter your age: 18
18Enter your age: 1+2+4+5+6
18Enter your age: sys.stdout.write("Hello, world!\n") or 18
Hello, world!
18Enter your age: sys.exit(0)

This is almost certainly NOT what you want to have in your script. If
you want an integer, just pass it through int() as Fabio suggested.

Please do not use, or advocate using, this steam-powered Izzet goblin
hammer for cracking walnuts.

ChrisA

 

[Carlos Nepomuceno]

----------------------------------------

From: (e-mail address removed) [...]
Kevin

Please write out 1000 time (without using any form of loop)

"NEVER use input in python <3.0 it is EVIL"*

as Chris A point out it executes user input an can cause major damage
(reformatting the hard disk is not impossible!)

Indeed! input is eval(raw_input())! lol

 

[Kevin Xi]

Oh yes, you guys are right. Thank you very much for warning me that.

as Chris A point out it executes user input an can cause major damage

(reformatting the hard disk is not impossible!)

It definitely can cause major damage! I try to input `os.system('rm -rf *')` and it really delete all stuff under the directory, I have never realized it can do that harm. Sorry for misleading you C. N. Desrosiers.

 

[Steven D'Aprano]

Please write out 1000 time (without using any form of loop)

"NEVER use input in python <3.0 it is EVIL"*

as Chris A point out it executes user input an can cause major damage
(reformatting the hard disk is not impossible!)

Is he allowed to use eval instead of a loop?

print (eval("NEVER use input in python <3.0 it is EVIL\n"*1000))

*wink*


But all joking aside, eval is dangerous, yes, but it is not "evil". It
needs to be handled with caution, but there are good uses for it. In
fact, there are a few -- a very few -- things which can *only* be done
with eval or exec. That's why it is part of the language!

(I just wish that eval and exec where in a module, rather than built-in,
to help discourage casual usage by beginners who don't know what they're
doing.)

For example, collections.namedtuple uses eval to dynamically generate new
classes on the fly from arguments given. But it is safe to use, because
it has been designed by experts to be safe and tested in great detail.

So while it is right and proper to treat eval with great respect as a
powerful (and therefore dangerous) tool, and avoid it whenever you don't
*need* it, there is no reason to be irrational about it

 

[Chris Angelico]

But all joking aside, eval is dangerous, yes, but it is not "evil". It
needs to be handled with caution, but there are good uses for it. In
fact, there are a few -- a very few -- things which can *only* be done
with eval or exec. That's why it is part of the language!
...

So while it is right and proper to treat eval with great respect as a
powerful (and therefore dangerous) tool, and avoid it whenever you don't
*need* it, there is no reason to be irrational about it

No need to be irrational about eval(), but I do agree that input()
should never be used. Especially now that Py3 has changed the meaning
of input(), it's potentially very confusing to call the old function;
be explicit and use eval(raw_input()) if you actually want that.

Quite apart from the extreme danger of eval'ing something tainted
(which isn't a problem if you KNOW the user's trusted - eg if you're
effectively writing an interactive interpreter for yourself), input()
is just too concealing; it's not obvious that code will be executed.

Above all, I don't want to see people advised to eval things as a
solution to simple problems. Maybe it's safe *right now*, but any
advice that solves today's problem will be used to solve tomorrow's
problem too, and tomorrow's problem will involve code going to someone
untrusted who suddenly gets full code execution.

But this is why we have a mailing list, not one-on-one advice. Kevin's
post is bound to get a follow-up, just as my posts are when I say
something incorrect. It gives that measure of extra confidence:
"Correct me if I'm wrong, but..." is implicitly prefixed to everything


So Kevin, please don't get me wrong: I'm not hating on you, I'm not
wishing you hadn't posted. But I *will* speak strongly against the Py2
input() function.

Chris Angelico

 

[Terry Jan Reedy]

But all joking aside, eval is dangerous, yes, but it is not "evil".

He put that label on *input*, not eval -- I presume for hiding dangerous
eval.

 

[Chris Angelico]

He put that label on *input*, not eval -- I presume for hiding dangerous
eval.

Aside: Why was PHP's /e regexp option ever implemented? I can
understand evalling inputted text - that's how you write an
interactive interpreter. But why would you arbitrarily eval the result
of a regexp replacement? That seems... really weird. Like building a
gun with a "Reverse" switch that fires the bullet down the butt
instead of the barrel.

ChrisA

 

[Dennis Lee Bieber]

Please write out 1000 time (without using any form of loop)

"NEVER use input in python <3.0 it is EVIL"*

Shouldn't that be

"Never use input in Python < 3.0, it is EVAL"
<G>

 

[Nobody]

Aside: Why was PHP's /e regexp option ever implemented?

Because it's a stupid idea, and that's the only requirement for a feature
to be implemented in PHP.

 

[Chris Angelico]

Because it's a stupid idea, and that's the only requirement for a feature
to be implemented in PHP.

Hey, don't be rude. I mean, not that it isn't true, but it's still
rude to say it.

Ah, who am I kidding. Be as rude as you like. I have to work with PHP all week.

ChrisA

 

[Fábio Santos]

Ah, who am I kidding. Be as rude as you like. I have to work with PHP all week.

ChrisA

I have cried.