函式定義:
eval(expression, globals=None, locals=None)
將字串str當成有效的表示式來求值並返回計算結果。globals和locals引數是可選的,如果提供了globals引數,那麼它必須是dictionary型別;如果提供了locals引數,那麼它可以是任意的map物件。
python的全域性名字空間儲存在一個叫globals()的dict物件中;區域性名字空間儲存在一個叫locals()的dict物件中。我們可以用print (locals())來檢視該函式體內的所有變數名和變數值。
Python版本相容:
Python2.7
Python3.x
eval()主要作用:
1)在編譯語言裡要動態地產生程式碼,基本上是不可能的,但動態語言是可以,意味著軟體已經部署到伺服器上了,但只要作很少的更改,只好直接修改這部分的程式碼,就可立即實現變化,不用整個軟體重新載入。
2)在machin learning里根據使用者使用這個軟體頻率,以及方式,可動態地修改程式碼,適應使用者的變化。
英文解釋:
The arguments are a string and optional globals and locals. If provided, globals must be a dictionary. If provided, locals can be any mapping object.
The expression argument is parsed and evaluated as a Python expression (technically speaking, a condition list) using the globals and locals dictionaries as global and local namespace. If the globals dictionary is present and lacks ‘__builtins__’, the current globals are copied into globals before expression is parsed. This means that expression normally has full access to the standard builtins module and restricted environments are propagated. If the locals dictionary is omitted it defaults to the globals dictionary. If both dictionaries are omitted, the expression is executed in the environment where eval() is called. The return value is the result of the evaluated expression. Syntax errors are reported as exceptions. Example:
例子:
a=1
g={'a':20}
eval("a+1",g)結果:
21
例子2, 測試globals, locals
x = 1
y = 1
num1 = eval("x+y")
print (num1)
def g():
x = 2
y = 2
num3 = eval("x+y")
print (num3)
num2 = eval("x+y",globals())
#num2 = eval("x+y",globals(),locals())
print (num2)
g()num1的值是2;num3的值也很好理解,是4;num2的值呢?由於提供了globals()引數,那麼首先應當找全域性的x和y值,也就是都為1,那麼顯而易見,num2的值也是2。如果註釋掉該句,執行下面一句呢?根據第3)點可知,結果為4
安全問題:
因為eval的特型, 很可能被駭客利用,造成安全問題。
怎麼避免安全問題?
1、自行寫檢查函式;
2、使用ast.literal_eval代替