<small><small><i>
All the IPython Notebooks in this lecture series by Dr. Milan Parmar are available @ **[GitHub](https://github.com/milaan9/04_Python_Functions/tree/main/002_Python_Functions_Built_in)**
</i></small></small>

# Python `eval()`

The **`eval()`** method parses the expression passed to this method and runs python expression (code) within the program.

In simple terms, the **`eval()`** function runs the python code (which is passed as an argument) within the program.

**Syntax**:

```python
eval(expression, globals=None, locals=None)
```

## `eval()` Parameters

The **`filter()`** function takes three parameters:

* **expression** - the string parsed and evaluated as a Python expression
* **globals** (optional) - a dictionary
* **locals** (optional)- a mapping object. Dictionary is the standard and commonly used mapping type in Python.

The use of **`globals`** and **`locals`** will be discussed later in this article.

## Return Value from `eval()`

The **`eval()`** method returns the result evaluated from the **`expression`**.

In [1]:
# Example 1: How eval() works in Python

x = 1
print(eval('x + 1'))

2


**Explanation**:

Here, the **`eval()`** function evaluates the expression **`x + 1`** and **`print`** is used to display this value.

In [2]:
# Example 2: Practical Example to Demonstrate Use of eval()

# Perimeter of Square
def calculatePerimeter(l):
    return 4*l

# Area of Square
def calculateArea(l):
    return l*l


expression = input("Type a function: ")

for l in range(1, 5):
    if (expression == 'calculatePerimeter(l)'):
        print("If length is ", l, ", Perimeter = ", eval(expression))
    elif (expression == 'calculateArea(l)'):
        print("If length is ", l, ", Area = ", eval(expression))
    else:
        print('Wrong Function')
        break
        
'''
Output:
Type a function: calculateArea(l)
If length is  1 , Area =  1
If length is  2 , Area =  4
If length is  3 , Area =  9
If length is  4 , Area =  16
'''

Type a function: calculateArea(l)
If length is  1 , Area =  1
If length is  2 , Area =  4
If length is  3 , Area =  9
If length is  4 , Area =  16


'\nOutput:\nType a function: calculateArea(l)\nIf length is  1 , Area =  1\nIf length is  2 , Area =  4\nIf length is  3 , Area =  9\nIf length is  4 , Area =  16\n'

## Warnings when using `eval()`

Consider a situation where you are using a Unix system (macOS, Linux etc) and you have imported the os module. The **`os`** module provides a portable way to use operating system functionalities like reading or writing to a file.

If you allow users to input a value using **`eval(input())`**, the user may issue commands to change file or even delete all the files using the command: **`os.system('rm -rf *')`**.

If you are using **`eval(input())`** in your code, it is a good idea to check which variables and methods the user can use. You can see which variables and methods are available using **[dir() method](https://github.com/milaan9/04_Python_Functions/blob/main/002_Python_Functions_Built_in/016_Python_dir%28%29.ipynb)**.

In [3]:
from math import *
print(eval('dir()'))

['In', 'NamespaceMagics', 'Out', '_', '_2', '_Jupyter', '__', '___', '__builtin__', '__builtins__', '__doc__', '__loader__', '__name__', '__package__', '__spec__', '_dh', '_getshapeof', '_getsizeof', '_i', '_i1', '_i2', '_i3', '_ih', '_ii', '_iii', '_nms', '_oh', 'acos', 'acosh', 'asin', 'asinh', 'atan', 'atan2', 'atanh', 'calculateArea', 'calculatePerimeter', 'ceil', 'comb', 'copysign', 'cos', 'cosh', 'degrees', 'dist', 'e', 'erf', 'erfc', 'exit', 'exp', 'expm1', 'expression', 'fabs', 'factorial', 'floor', 'fmod', 'frexp', 'fsum', 'gamma', 'gcd', 'get_ipython', 'getsizeof', 'hypot', 'inf', 'isclose', 'isfinite', 'isinf', 'isnan', 'isqrt', 'json', 'l', 'ldexp', 'lgamma', 'log', 'log10', 'log1p', 'log2', 'modf', 'nan', 'np', 'perm', 'pi', 'pow', 'prod', 'quit', 'radians', 'remainder', 'sin', 'sinh', 'sqrt', 'tan', 'tanh', 'tau', 'trunc', 'var_dic_list', 'x']


## Restricting the Use of Available Methods and Variables in `eval()`

More often than not, all the available methods and variables used in the **`expression`** (first parameter to **`eval()`**) may not be needed, or even may have a security hole. You may need to restrict the use of these methods and variables for **`eval()`**. You can do so by passing optional **`globals`** and **`locals`** parameters (dictionaries) to the **`eval()`** function.

### 1. When both globals and locals parameters omitted

If both parameters are omitted (as in our earlier examples), the **`expression`** is executed in the current scope. You can check the available variables and methods using following code:

In [4]:
print(eval('dir()'))

['In', 'NamespaceMagics', 'Out', '_', '_2', '_Jupyter', '__', '___', '__builtin__', '__builtins__', '__doc__', '__loader__', '__name__', '__package__', '__spec__', '_dh', '_getshapeof', '_getsizeof', '_i', '_i1', '_i2', '_i3', '_i4', '_ih', '_ii', '_iii', '_nms', '_oh', 'acos', 'acosh', 'asin', 'asinh', 'atan', 'atan2', 'atanh', 'calculateArea', 'calculatePerimeter', 'ceil', 'comb', 'copysign', 'cos', 'cosh', 'degrees', 'dist', 'e', 'erf', 'erfc', 'exit', 'exp', 'expm1', 'expression', 'fabs', 'factorial', 'floor', 'fmod', 'frexp', 'fsum', 'gamma', 'gcd', 'get_ipython', 'getsizeof', 'hypot', 'inf', 'isclose', 'isfinite', 'isinf', 'isnan', 'isqrt', 'json', 'l', 'ldexp', 'lgamma', 'log', 'log10', 'log1p', 'log2', 'modf', 'nan', 'np', 'perm', 'pi', 'pow', 'prod', 'quit', 'radians', 'remainder', 'sin', 'sinh', 'sqrt', 'tan', 'tanh', 'tau', 'trunc', 'var_dic_list', 'x']


### 2. Passing globals parameter; locals parameter is omitted

The **`globals`** and **`locals`** parameters (dictionaries) are used for global and local variables respectively. If the **`locals`** dictionary is omitted, it defaults to **`globals`** dictionary. Meaning, **`globals`** will be used for both global and local variables.

> **Note**: You can check the current global and local dictionary in Python using **[globals()](https://github.com/milaan9/04_Python_Functions/blob/main/002_Python_Functions_Built_in/026_Python_globals%28%29.ipynb)** and **[locals()](https://github.com/milaan9/04_Python_Functions/blob/main/002_Python_Functions_Built_in/039_Python_locals%28%29.ipynb)** built-in methods respectively.

In [5]:
# Example 3: Passing empty dictionary as globals parameter
    
from math import *
print(eval('dir()', {}))

# The code will raise an exception
print(eval('sqrt(25)', {}))

['__builtins__']


NameError: name 'sqrt' is not defined

**Explanation**:

If you pass an empty dictionary as **`globals`**, only the **`__builtins__`** are available to **`expression`** (first parameter to the **`eval()`**).

Even though we have imported the **`math`** module in the above program, **`expression`** can't access any functions provided by the **[math module](https://github.com/milaan9/04_Python_Functions/blob/main/009_Python_Function_math_Module.ipynb.ipynb)**.

In [6]:
# Example 4: Making Certain Methods available

from math import *
print(eval('dir()', {'sqrt': sqrt, 'pow': pow}))

['__builtins__', 'pow', 'sqrt']


**Explanation**:

Here, the expression can only use the **`sqrt()`** and the **`pow()`** methods along with **`__builtins__`**.

It is also possible to change the name of the method available for the **`expression`** as to your wish:

In [7]:
from math import *
names = {'square_root': sqrt, 'power': pow}
print(eval('dir()', names))

# Using square_root in Expression
print(eval('square_root(9)', names))

['__builtins__', 'power', 'square_root']
3.0


**Explanation**:

In the above program, **`square_root()`** calculates the square root using **`sqrt()`**. However, trying to use **`sqrt()`** directly will raise an error.

In [8]:
# Example 5: Restricting the Use of built-ins
# You can restrict the use of __builtins__ in the expression as follows:

eval(expression, {'__builtins__': None})

TypeError: 'NoneType' object is not subscriptable

### 3. Passing both globals and locals dictionary

You can make needed functions and variables available for use by passing the **`locals`** dictionary. For example:

In [9]:
from math import *

a = 169
print(eval('sqrt(a)', {'__builtins__': None}, {'a': a, 'sqrt': sqrt}))

13.0


**Explanation**:

In this program, **`expression`** can have **`sqrt()`** method and variable **`a`** only. All other methods and variables are unavailable.

Restricting the use of **`eval()`** by passing **`globals`** and **`locals`** dictionaries will make your code secure particularly when you are using input provided by the user to the **`eval()`** method.

> **Note**: Sometimes, **`eval()`** is not secure even with limited names. When an object and its methods are made accessible, almost anything can be done. The only secure way is by validating the user input.