calculation parameters in format_map()

Question

I read a formatting message from database, and I want to fill message parameters from a dictionary.

The problem is where I got a mixed parameter that need calculation.

data = {"p1": 10, "p2": 8}
msg = "user point is {p1+p2}" # read from database
print(msg.format_map(data))

How can I handle this?

There are trivial solutions that involve `eval`. But this is very likely to be a no-starter when dealing with exogenous inputs such as those that a database may provide. — keepAlive, May 09 '22 at 20:36

score 1 · Answer 1 · answered May 09 '22 at 20:47

1

⚠️ Do not rely on the following if you do not know what 1) “dynamic evaluation” exactly means and 2) what are the exact security risks (e.g. *) you are taking by doing so. ⚠️

>>> eval(f'f"{msg}"', None, data)
'user point is 18'

answered May 09 '22 at 20:47

keepAlive

6,369
5
24
39

1

eval is not optimize. but there is not another answer! thanx :) – safineh Jul 16 '22 at 23:44

calculation parameters in format_map()

1 Answers1