Use of eval in Python?
You may want to use it to allow users to enter their own "scriptlets": small expressions (or even small functions), that can be used to customize the behavior of a complex system.
In that context, and if you do not have to care too much for the security implications (e.g. you have an educated userbase), then eval() may be a good choice.
The Wikipedia article on eval
is pretty informative, and details various uses.
Some of the uses it suggests are:
- Evaluating mathematical expressions
- Compiler bootstrapping
- Scripting (dynamic languages in general are very suitable to this)
- Language tutors
eval
and exec
are handy quick-and-dirty way to get some source code dynamically, maybe munge it a bit, and then execute it -- but they're hardly ever the best way, especially in production code as opposed to "quick-and-dirty" prototypes &c.
For example, if I had to deal with such dynamic Python sources, I'd reach for the ast module -- ast.literal_eval
is MUCH safer than eval
(you can call it directly on a string form of the expression, if it's a one-off and relies on simple constants only, or do node = ast.parse(source)
first, then keep the node
around, perhaps munge it with suitable visitors e.g. for variable lookup, then literal_eval
the node) -- or, once having put the node in proper shape and vetted it for security issues, I could compile
it (yielding a code object) and build a new function object out of that. Far less simple (except that ast.literal_eval
is just as simple as eval
for the simplest cases!) but safer and preferable in production-quality code.
For many tasks I've seen people (ab-)use exec
and eval
for, Python's powerful built-ins, such as getattr
and setattr
, indexing into globals()
, &c, provide preferable and in fact often simpler solutions. For specific uses such as parsing JSON, library modules such as json
are better (e.g. see SilentGhost's comment on tinnitus' answer to this very question). Etc, etc...