[PyGreSQL] Patch to add read support for integer arrays
Christopher Sean Hilton
chris at vindaloo.com
Fri Mar 21 21:39:50 EDT 2008
On Mar 21, 2008, at 5:11 PM, Christoph Zwerschke wrote:
> Generally, I like the idea of converting arrays to Python lists. I
> think
> Psycopg2 does it already. However, if we do it, then it should not
> only
> work for integers, but for all data types. Also, I would not recommend
> using eval() because it could open a possibility for some evil kind of
> SQL hacking. We should use some recursive evaluation function instead.
>
On first seeing the eval() idea my first thought was this++:
http://xkcd.com/327
So I started reading the code behind the proposed call to eval()
trying to chase the chain of custody for the typ variable which is
going to trigger the call to eval() on the string. Eval()'s alluring
because if The C function hands you a string like:
"{ { 1, 0, 0 },
{ 0, 1, 0 },
{ 0, 0, 1 } }"
then you are a string replace away from:
"[ [ 1, 0, 0 ],
[ 0, 1, 0 ],
[ 0, 0, 1 ] ]"
which is really handy. On the whole I'm not sure if that's the correct
approach. Still though, eval()'s a dangerous function that I go out of
my way to avoid in regular practice. I know I can only hope that the
libraries and modules that I use have the same respect for it.
-- Chris
More information about the PyGreSQL
mailing list