Skip to content
CodeMDD.io | Coding Tutorials

Using eval() Function in Python

[

Python eval(): Evaluate Expressions Dynamically

Understanding Python’s eval()

Python’s eval() function allows you to evaluate arbitrary Python expressions from a string-based or compiled-code-based input. It can be useful when you need to dynamically evaluate Python expressions from any input that comes as a string or a compiled code object.

In this tutorial, you’ll learn:

  • How Python’s eval() works
  • How to use eval() to dynamically evaluate arbitrary string-based or compiled-code-based input
  • How to minimize the security risks associated with eval()

Additionally, you’ll learn how to use eval() to code an application that interactively evaluates math expressions.

Evaluating Expressions With Python’s eval()

Python’s eval() function can be used to evaluate various types of expressions, including boolean expressions, math expressions, and general-purpose expressions.

Boolean Expressions

You can use eval() to evaluate boolean expressions. Here’s an example:

expression = "2 + 2 == 4"
result = eval(expression)
print(result)  # Output: True

Math Expressions

You can also use eval() to evaluate math expressions. For example:

expression = "4 * 5 + 2"
result = eval(expression)
print(result)  # Output: 22

General-Purpose Expressions

eval() can also evaluate general-purpose expressions. Here’s an example:

expression = "x + y"
globals_dict = {"x": 10, "y": 5}
result = eval(expression, globals_dict)
print(result)  # Output: 15

Minimizing the Security Issues of eval()

Using eval() can introduce security risks to your code. To minimize these risks, you can follow some best practices:

Restricting globals and locals

When using eval(), it’s important to restrict the values in the globals and locals dictionaries to prevent unwanted code execution. By providing restricted dictionaries, you can control the scope of variables available during evaluation.

Restricting the Use of Built-In Names

To prevent unintended consequences, you can restrict the use of built-in names in the expression being evaluated by passing a restricted globals dictionary.

Restricting Names in the Input

Another way to enhance security is by validating the names used in the input expression. You can restrict the allowed names by checking them against a pre-defined whitelist.

Restricting the Input to Only Literals

By sanitizing the input and only allowing literals, you can further minimize the security risks associated with eval().

Using Python’s eval() With input()

You can use eval() together with the input() function to create interactive programs that evaluate user-defined expressions. Here’s an example:

expression = input("Enter a Python expression: ")
result = eval(expression)
print("Result:", result)

Building a Math Expressions Evaluator

You can build a math expressions evaluator using eval(). Here’s an example:

def evaluate_expression(expression):
    allowed_chars = "0123456789+-*/() "
    expression = "".join(c for c in expression if c in allowed_chars)
    try:
        result = eval(expression)
        return result
    except Exception as e:
        print("Invalid expression:", str(e))


expression = input("Enter a math expression: ")
result = evaluate_expression(expression)
if result is not None:
    print("Result:", result)

Conclusion

Python’s eval() function can be a powerful tool for evaluating expressions dynamically. However, it’s important to consider the security implications before using it. By following best practices and taking precautions, you can use eval() safely and effectively in your Python programs.