Re: Marshal Obj is String or Binary?
- From: Mike Meyer <mwm@xxxxxxxxx>
- Date: Sat, 14 Jan 2006 16:58:55 -0500
"Giovanni Bajo" <noway@xxxxxxxxx> writes:
> casevh@xxxxxxxxxxx wrote:
>> Try...
>>>>> for i in bytes: print ord(i)
>> or
>>>>> len(bytes)
>> What you see isn't always what you have. Your database is capable of
>> storing \ x 0 0 characters, but your string contains a single byte of
>> value zero. When Python displays the string representation to you, it
>> escapes the values so they can be displayed.
> He can still store the repr of the string into the database, and then
> reconstruct it with eval:
repr and eval are overkill for this, and as as result create a
security hole. Using encode('string-escape') and
decode('string-escape') will do the same job without the security
hole:
>>> bytes = '\x00\x01\x02'
>>> bytes
'\x00\x01\x02'
>>> ord(bytes[0])
0
>>> rb = bytes.encode('string-escape')
>>> rb
'\\x00\\x01\\x02'
>>> len(rb)
12
>>> rb[0]
'\\'
>>> bytes2 = rb.decode('string-escape')
>>> bytes == bytes2
True
>>>
<mike
--
Mike Meyer <mwm@xxxxxxxxx> http://www.mired.org/home/mwm/
Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information.
.
- Follow-Ups:
- Re: Marshal Obj is String or Binary?
- From: Jean-Paul Calderone
- Re: Marshal Obj is String or Binary?
- References:
- Marshal Obj is String or Binary?
- From: Mike
- Re: Marshal Obj is String or Binary?
- From: Marc 'BlackJack' Rintsch
- Re: Marshal Obj is String or Binary?
- From: Mike
- Re: Marshal Obj is String or Binary?
- From: casevh
- Re: Marshal Obj is String or Binary?
- From: Giovanni Bajo
- Marshal Obj is String or Binary?
- Prev by Date: Re: SQLObject connection pooling
- Next by Date: Re: SQLObject connection/transaction blowing up
- Previous by thread: Re: Marshal Obj is String or Binary?
- Next by thread: Re: Marshal Obj is String or Binary?
- Index(es):
Relevant Pages
|
