Python Forum
why is user = form.getfirst("user", "").upper() safe?
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
why is user = form.getfirst("user", "").upper() safe?
#1
Hello,

https://docs.python.org/3.5/library/cgi....-interface

import cgi
form = cgi.FieldStorage()
user = form.getfirst("user", "").upper()    # This way it's safe.
...
Why does converting to the cgi form data to upper case make it "safe"?
Reply
#2
My best guess is that the default argument, the empty string, prevents None being returned, which would result in the upper call throwing a AttributeError. The upper call doesn't make it safe, it's what's being made safe.
Reply
#3
It's not converting to upper() that makes it safe but using getfirst() method instead of getvalue(). i.e. if user supply list, instead of single value.
Note that upper() is present also in the original example of code that would fail.
If you can't explain it to a six year old, you don't understand it yourself, Albert Einstein
How to Ask Questions The Smart Way: link and another link
Create MCV example
Debug small programs

Reply
#4
@buran: that makes more sense, but I don't see what use upper() serves in this example since
form.getfirst("user", "")
could only return a string.
Reply
#5
upper() is not meant to convert user input to str. It's meant to convert any str to uppercase string. That is why the initial example would fail if user supply list instead of str.

>>> 'Some StrinG'.upper()
'SOME STRING'
>>>
If you can't explain it to a six year old, you don't understand it yourself, Albert Einstein
How to Ask Questions The Smart Way: link and another link
Create MCV example
Debug small programs

Reply
#6
I understand the upper() method is used to trigger an AttributeError exception in case it is called on a list but that could not possibly happen in the example code-
user = form.getfirst("user", "").upper()    # This way it's safe.
so why call it?
Reply
#7
No, this is the solution, not the example code for error.
The example code for error is this one:
user = form.getvalue("user").upper()
now, if form.getvalue("user") returns list and you call upper() on it you will get an error.
as explained in the docs, you can test for what is returned. but there is alternative - if instead you use
user = form.getfirst("user", "").upper()
it will return just the first element (single string) or "" and upper() will not raise exception

you can also use form.getlist() in which case you will always get a list. In any case the code is more compact and clean compared to the one if you check what is returned.
If you can't explain it to a six year old, you don't understand it yourself, Albert Einstein
How to Ask Questions The Smart Way: link and another link
Create MCV example
Debug small programs

Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  run SQL without user intervention python dawid294 0 205 Jan-19-2024, 01:11 PM
Last Post: dawid294
  When is it safe to compare (==) two floats? Radical 4 651 Nov-12-2023, 11:53 AM
Last Post: PyDan
  WHILE LOOP NOT RETURNING USER INPUT AFTER ZerroDivisionError! HELP! ayodele_martins1 7 991 Oct-01-2023, 07:36 PM
Last Post: ayodele_martins1
  Help on the User Interface Afia 1 504 Jul-21-2023, 07:22 PM
Last Post: snippsat
  restrict user input to numerical values MCL169 2 870 Apr-08-2023, 05:40 PM
Last Post: MCL169
  Replace with upper(string) WJSwan 7 1,546 Feb-10-2023, 10:28 AM
Last Post: WJSwan
  user input values into list of lists tauros73 3 1,025 Dec-29-2022, 05:54 PM
Last Post: deanhystad
Information How to take url in telegram bot user input and put it as an argument in a function? askfriends 0 1,033 Dec-25-2022, 03:00 PM
Last Post: askfriends
Question Take user input and split files using 7z in python askfriends 2 1,033 Dec-11-2022, 07:39 PM
Last Post: snippsat
Sad how to validate user input from database johnconar 3 1,837 Sep-11-2022, 12:36 PM
Last Post: ndc85430

Forum Jump:

User Panel Messages

Announcements
Announcement #1 8/1/2020
Announcement #2 8/2/2020
Announcement #3 8/6/2020