[Zope] python script, from string to dictionary.
sguglia at arrows.it
sguglia at arrows.it
Thu Feb 7 06:36:57 EST 2008
On Thursday 07 February 2008 11:25:07 Chris Withers wrote:
> Bill Campbell wrote:
> > On Thu, Feb 07, 2008, Stefano Guglia wrote:
> >> hello!
> >>
> >> I converted a dictionary in a string, and now I need to change back the
> >> same string as a dictionary in a zope python script.
> >
> > s = repr(d)
> > newdict = eval(s)
>
> NO!
>
> Never ever ever eval strings. At some point you will end up eval'ing an
> user-supplied string and hey presto - instant massive security
> vulnerability.
>
> The original post is a bit crap, since no mention was made as to how the
> dict was turned into a string. As to what he wants to do with this and
> why he's doing it, that's likely the source of the real problem!
>
> cheers,
>
> Chris
I 'serialized' mysql data in order to flat one-to-many related tables. the
resulting dictionaries (one per record) are i.e. as:
mydict [ brandcode ] =
{
'itemcode': 'some value',
'itemsizeavail':
[
('XL',),
('XXL',),
('S',)
],
'keythree': '',
'keyfour': [ ],
...
}
now then I can index the whole content in order to get it searchable from the
Plone quick search form.
mydict [ ] records are then saved as strings in a DB table records.
I need now to pass again from string to dict, to access key/values and print
detailed reports.
could you have much better ideas on how to, pls let us know. I handle python,
zope etc. at a very basic level now, so surely I've missed some features
I'm sorry if I wasn't clear, and thanks!
Stefano.
More information about the Zope
mailing list