

Don't be lazy. Don't use eval(). - azanar
http://blog.thetonk.com/archives/dont-be-lazy-dont-use-eval

======
michael_dorfman
The most noteworthy thing about this (misguided) post is that the blogger's
professor responded, thoroughly ([http://blog.thetonk.com/archives/dont-be-
lazy-dont-use-eval#...](http://blog.thetonk.com/archives/dont-be-lazy-dont-
use-eval#comment-168)) and the blogger gracefully backed down( _"I was proven
wrong. It happens."_ )

~~~
cmtonkinson
I have to point out that (IMHO) you've taken that quote a _bit_ out of
context. If you'll read the rest of my remarks, you'll see the qualification
text: I was wrong about eval() _in Python_ however my arguments remain
standing in languages which don't support sandboxing - and, as a few readers
pointed out, even Python's sandboxing isn't a sure bet. I used Python in my
examples because that's where the original disagreement arose.

------
yummyfajitas
I think better advice would be "Don't use eval on user-supplied strings".

It is quite safe to use eval on strings you generate yourself. It's like using
macros, but with added syntax errors.

~~~
jongraehl
That also works for marketing static typing - now with added syntax errors!

------
spectre
Reminds me of an Instructor I had who insisted against using printf calls with
the format string created outside the call.

~~~
there
because he was right?

<http://en.wikipedia.org/wiki/Format_string_bug>

