In Python 2.7, the input function is evaluated as a Python expression. But, If you simply want to read strings, then use raw_input function in Python 2.7, which will not evaluate the read strings.
If you are using Python 3.x, then raw_input will be renamed to input. Quoting the Python 3.0 release notes, raw_input() is renamed to input(). That is, the new input() function reads a line from sys.stdin and returns it with the trailing newline stripped. It raises EOFError if the input is terminated prematurely. To get the old behavior of input(), use eval(input())
In Python 2.7, there are two functions that can be used to accept user inputs. One is input and the other one is raw_input. You can think of the relation between them as follows
input = eval(raw_input)
Consider the following piece of code to understand this better
>>> dude = "thefourtheye"
>>> input_variable = input("Enter your name: ")
Enter your name: dude
>>> input_variable
'thefourtheye'
Here, input accepts a string from the user and evaluates the string in the current Python context. When I type dude as input, it finds that dude has bound to the value the fourth eye and so the result of evaluation becomes the fourth eye and that gets assigned to input_variable.
If you enter something else which is not there in the current python context, then it will fail will the NameError.
>>> input("Enter your name: ")
Enter your name: dummy
Traceback (most recent call last):
File "<input>", line 1, in <module>
File "<string>", line 1, in <module>
NameError: name 'dummy' is not defined
Security considerations with Python 2.7's input:
Since whatever user types are evaluated, it imposes security issues as well. For example, if you have already loaded os module in your program with import os, and then the user types in
os.remove("/etc/hosts")
this will be evaluated as a function call expression by python and it will be executed. In python 3.x, there is only one function to get user inputs and that is called input, which is equivalent to Python 2.7's raw_input.