0

---reality---

a = "email@gmail.com"

b = raw_input()
> a            # enter

result : a

---desired answer---

a = "email@gmail.com"

b = raw_input()
> a            # enter

result : "email@gmail.com"

When I use it as input, it works normally, but when I use raw_input, why do I get such a result? And what's the solution?

Thank you.

deceze
  • 510,633
  • 85
  • 743
  • 889
김태웅
  • 15
  • 2
  • That's precisely what `raw_input` does *not* do. It explicitly simply gives you the *raw input*, without further interpretation. – deceze Apr 30 '22 at 13:51

3 Answers3

3

For a toy problem, just use input(). This is the equivalent of eval(raw_input()). Don't do this if there is even the possibility that you do not trust input. Whoever has control of the input can execute arbitrary code in your program. So it's a major security vulnerability.

For a more secure approach, put all the values you want to be accessible in a dictionary, and then key that dictionary by your input. The reason to do it this way is that user can only select from the predefined keys you have given them.

eg.

values = {'a': 1, 'b': 2}
key = raw_input()
result = values[key]
print(result)

A halfway house might be to use globals() or locals(). globals() returns your module's global dictionary and locals() collects all the local variables into a dictionary for you. This will allow the user to select any name from either of those sets of names. So they might be able to select values you want to keep secret.

eg.

password = 'foo'
a = 1
b = 2
key = raw_input() # password would be a valid input here
result = vars()[key]
print(result) # so here we would leak the value of password

As a side note, you are using Python 2. Python 2 is long past its end of life and no longer receives security updates. All new projects should ideally use one of the more recent versions of Python 3 (eg. 3.10). Python 3 only has input(), but its behaviour is that of raw_input() in Python 2.

Dunes
  • 37,291
  • 7
  • 81
  • 97
2

If you give input, it is considered as string.

You can use dictionary to save your e-mail and then use input string as key to get value (Python3 code):

your_dict = {'a': 'email@gmail.com'}
b = input()
print(your_dict[b])
#email@gmail.com
Fnd3r
  • 31
  • 3
  • 1
    Op is using python 2. This code is for python 3 and will do something different on python 2. Effectively, `input()` on python 2 calls `eval()` on the string before returning it. – Dunes Apr 30 '22 at 12:58
  • You are right. :) – Fnd3r Apr 30 '22 at 13:03
0

What you receive through the input() function will be a string.so you just asking to print that string. you can read more about globals() dynamically assign variables from here. How can you dynamically create variables?

you can use globals() function like this. (Using input() for Python 3.)

a = "email@gmail.com"

print(globals()[input()])

a

email@gmail.com

logi
  • 66
  • 1
  • 1
  • 6