why is user = form.getfirst("user", "").upper() safe? - Printable Version +- Python Forum (https://python-forum.io) +-- Forum: Python Coding (https://python-forum.io/forum-7.html) +--- Forum: General Coding Help (https://python-forum.io/forum-8.html) +--- Thread: why is user = form.getfirst("user", "").upper() safe? (/thread-14288.html) |
why is user = form.getfirst("user", "").upper() safe? - shanepy - Nov-22-2018 Hello, https://docs.python.org/3.5/library/cgi.html#higher-level-interface import cgi form = cgi.FieldStorage() user = form.getfirst("user", "").upper() # This way it's safe. ...Why does converting to the cgi form data to upper case make it "safe"? RE: why is user = form.getfirst("user", "").upper() safe? - micseydel - Nov-24-2018 My best guess is that the default argument, the empty string, prevents None being returned, which would result in the upper call throwing a AttributeError. The upper call doesn't make it safe, it's what's being made safe. RE: why is user = form.getfirst("user", "").upper() safe? - buran - Nov-26-2018 It's not converting to upper() that makes it safe but using getfirst() method instead of getvalue() . i.e. if user supply list, instead of single value.Note that upper() is present also in the original example of code that would fail.
RE: why is user = form.getfirst("user", "").upper() safe? - shanepy - Nov-27-2018 @buran: that makes more sense, but I don't see what use upper() serves in this example since form.getfirst("user", "")could only return a string. RE: why is user = form.getfirst("user", "").upper() safe? - buran - Nov-27-2018 upper() is not meant to convert user input to str . It's meant to convert any str to uppercase string. That is why the initial example would fail if user supply list instead of str .>>> 'Some StrinG'.upper() 'SOME STRING' >>> RE: why is user = form.getfirst("user", "").upper() safe? - shanepy - Nov-27-2018 I understand the upper() method is used to trigger an AttributeError exception in case it is called on a list but that could not possibly happen in the example code- user = form.getfirst("user", "").upper() # This way it's safe.so why call it? RE: why is user = form.getfirst("user", "").upper() safe? - buran - Nov-27-2018 No, this is the solution, not the example code for error. The example code for error is this one: user = form.getvalue("user").upper()now, if form.getvalue("user") returns list and you call upper() on it you will get an error.as explained in the docs, you can test for what is returned. but there is alternative - if instead you use user = form.getfirst("user", "").upper()it will return just the first element (single string) or "" and upper() will not raise exception you can also use form.getlist() in which case you will always get a list. In any case the code is more compact and clean compared to the one if you check what is returned.
|