In Python, eval() is a function that can evaluate a string as a Python expression, and is commonly used for fast calculations, dynamic input handling, or running code stored as text. It is a useful tool for dynamically evaluating expressions, but it must be used carefully due to security risks. However, it has to be used carefully as it can also lead to harmful effects. Now, let’s see how the Python eval() function works and how we can use it effectively and safely to get the best results.
Table of Contents:
What is eval() in Python?
The Python eval function is a built-in utility that takes a string of Python code as input and executes it as real Python code. It is used to evaluate mathematical expressions that are written as strings and helps you to work with variables, also. For example,
result = eval("2 + 3 * 5")
print(result)
In the above Python code, the eval(“2 + 3 * 5”) will work the same as 2 + 3 * 5.
Master Python Programming
Learn the World's Most Versatile Language – From Basics to Advanced Applications!
Syntax of the Python eval function
The Python eval function has 3 parameters given as below. The expression parameter is required, whereas globals and locals are optional parameters.
eval(expression, globals, locals)
Now, let us examine each parameter in detail.
1. expression
Expression is a string that the eval() function will execute, and it contains a valid Python expression. Unlike statements, which perform actions but don’t return values, an expression must produce a value.
For example,
"2 + 3 * 5"
is a valid expression, whereas
"for i in range(5): print(i)"
is not a valid expression.
2. globals
The globals parameter is an optional dictionary that represents the global variables and functions, and it only gets executed when the eval runs. The eval function in Python searches the globals to find variables and functions, i.e., it controls what the expression can access from the global scope.
For example,
Output:
Explanation: In the above example, the expression “x+y” works because the dictionary env tells the eval() function that the value of x is 10 and y is 20. Without the dictionary, the eval() function will try to find the x and y values in the global scope of the program.
3. locals
The locals parameter is another optional dictionary, similar to the globals, and represents the local variables that the expression can access while being evaluated. If you do not give locals in the eval() function, Python by default will use the same dictionary as globals.
For example,
Output:
Explanation: In the above example, we have two dictionaries named g and l. The expression eval(“a+b”,g,l) evaluates the expression “a+b”. At first, Python will look for ‘a’ in the global dictionary and ‘b’ in the local dictionary, then it adds them together and returns the result as 12.
Python eval function Working
The Python eval() function works by taking the argument as a string and executing it as a Python expression. When you pass a string to an eval() function, it checks if the expression is valid or not. If the expression is valid, it parses the code that can be interpreted, and then looks for the available scope to find any variables or functions that are used inside the expression, and after resolving them, it evaluates the expression just like normal Python code.
For example,
Output:
Explanation: When the expression is passed in the eval() function first, Python checks if it is a valid expression or not, and then looks into the current scope of the variables and finds the value of x as 10 and y as 5. Then, as per the operator precedence, it calculates and simplifies the expression and returns the result as 20.
The input() function in Python is used to take the input as a string from the user. Since the Python eval() function also takes Python expressions in the form of a string as an argument, we can directly pass the input to eval() and let Python calculate the result.
For example,
Output:
Explanation: In the above example, the input() function is used to take the input from the user, and after that, the eval() function evaluates that expression and returns the result as the output.
Evaluating Expressions With Python eval() function
The eval() function in Python can evaluate any valid expression that is in the form of a string and can evaluate the following types of expressions.
1. Boolean Expressions
Boolean expressions are used to check the relationship between values and use operators like ==, !=, <, >, <=, >=, and, or, and not. When you evaluate them with the eval() function, the result will be in the form of True or False.
For example,
Output:
Explanation: In the above example, we are evaluating a Boolean expression in Python.
2. Mathematical Expressions
Mathematical expressions involve numerical operations like addition, subtraction, division, and many more, which the eval() function interprets the string as actual arithmetic and gives the computed result. This makes eval() very useful for making calculators, evaluating formulas, or parsing user-entered mathematical expressions.
For example,
Output:
Explanation: In the above example, we are evaluating the mathematical expression using the different arithmetic operations.
3. General-Purpose Expressions
Apart from maths and boolean expressions, Python also supports general-purpose expressions that return the result of every data type, like strings, lists, function results, or object attributes. Since the eval() function can evaluate any expression, it can also execute any valid expression, even the built-in function calls, which makes it flexible to use.
For example,
Output:
Explanation: In the above example, we are evaluating the expressions that take the functions as their arguments, like len(), max(), and so on.
Minimizing the Issues of Python eval() Function
The eval() function in Python is powerful, but it should be used carefully, as attackers could inject harmful code that can delete the files of your system or steal your data. To reduce these risks, Python gives us ways to control the environment and inputs as follows.
1. Restricting globals and locals
By default, the eval() function has access to all the global and local variables of the program, which can be risky. Hence, to make the code safe, you can pass the variables in your own dictionaries for global and locals, which act like controlled environments that limit what the expression can access.
Output:
Get 100% Hike!
Master Most in Demand Skills Now!
2. Restricting the Use of Built-In Names
If you run the eval() function with the normal global scope, the code inside the expression could call the dangerous functions, like importing modules or running shell commands. To reduce the risk, you can remove or replace the built-ins available to the eval() by setting the __builtins__ key in the globals dictionary.
Output:
You can pre-check the user’s expression to ensure it contains only safe variable names. This is useful if you allow some variables but want to block dangerous ones.
Output:
If you don’t need full expressions and only want to evaluate literals (like numbers, strings, lists, tuples, and dicts), you should use ast.literal_eval(). Unlike eval(), it won’t execute functions or code; it only parses safe data types.
Output:
Pros of Python eval Function
Some of the advantages of the eval function in Python are as follows:
- It quickly evaluates the mathematical expressions stored as strings.
- It can handle complex expressions using existing variables and functions.
- It gives flexibility when you need to parse and compute user inputs.
- It is easy to use with a single line of code without extra libraries.
Cons of Python eval Function
Some of the disadvantages of the eval function in Python are as follows:
- It is very risky if it is used with untrusted input, which can execute harmful code.
- It is slower compared to safer alternatives like ast.literal_eval().
- It is harder to debug as it runs dynamically generated code.
- It makes the code less readable and harder for others to understand.
Transition your career—start a free course today.
Become a Python Pro Today—No Fee Required
Conclusion
From the above article, we learned that the Python eval() function takes a string expression and evaluates it as real Python code. It is a powerful tool, but it is risky if not used carefully, as by default it can access all variables and built-in functions, which attackers might misuse. To make it safer, you can restrict access using globals and locals, remove built-ins, or whitelist only safe functions and variables.
Useful Resources:
Python eval() function – FAQs
Q1. What is the eval() function in Python?
The eval() function in Python takes a string containing an expression and evaluates it as Python code.
Q2. What is the use of the eval function?
It is used to quickly evaluate expressions stored in strings, such as mathematical formulas or dynamic variable calculations.
Q3. What does the eval() function return?
eval() always returns the result of the evaluated expression, which can be a number, string, list, or any other valid Python object.
Q4. How does eval handle errors?
If the expression has invalid syntax or uses undefined variables, eval() raises an error just like normal Python code would.
Q5. Can eval() execute any Python code?
No, eval() can only run expressions that produce a value, not statements like loops or function definitions.
Q6. Why use eval in Python?
It can be useful for dynamic evaluations, but since it can be dangerous, it should only be used with proper safety checks or in trusted environments.