Python eval() vs. exec()

Python's eval() and exec() functions are powerful tools that allow dynamic execution of code within a program.

While they may seem similar at first, they have distinct differences in functionality and purpose.

In this article, we will explore these functions in detail with examples to illustrate their functionality and use cases.

The eval() function

Definition: The eval() function in Python evaluates a given expression and returns its result.

It takes a string as an argument and interprets it as a Python expression, executing it within the current scope.

Syntax of eval() function:


ParametersTypeDetails
expressionRequiredA string representing a valid Python expression to be evaluated.
globalsOptionalA dictionary containing global variables.
localsOptionalA dictionary containing local variables.

Here are a few examples to demonstrate how eval() works:

Example 1 - Evaluating an Arithmetic Expression

We can use the eval function to evaluate an arithmetic expression.

Output:

Result = 14

Explanation:

In this example, the expression "2 + 3 * 4" is evaluated by eval(). It performs the necessary calculations and returns the result, which is then printed.

Example 2 - Evaluating a Variable

We can use the eval function to evaluate an arithmetic expression that contains variables.

Output:

Result = 7

Explanation:

In this example, the expression "x + 2" contains a variable 'x' which is evaluated using the eval() function. Since x is defined and has a value of 5, the expression is successfully evaluated, and the result is 7.

Example 3 - Evaluating a Function Call

Output:

Result = 16

Explanation:

In this example, the expression "square(4)" is evaluated by the eval() function. It executes the square() function with argument = 4 and returns the result, which is then printed.

Example 4 - Evaluating a List Comprehension

Here is how we can use the eval function to execute a list comprehension expression.

Output:

Result = [1, 4, 9, 16, 25]

Explanation:

In this example, the expression "[x ** 2 for x in numbers]" is evaluated using the eval() function. It creates a new list by squaring each element of the numbers list and prints the resulting list.

Example 5 - Evaluating a Conditional Expression

The eval() function gives us the liberty to evaluate a conditional expression. Here is how we can do it.

Output:

Result = 10

Explanation:

In this example, the expression "x if x > y else y" is evaluated using the eval() function. It compares the values of x and y, and if x is greater, it returns x; otherwise, it returns y. In this case, the result is 10.

Note: The eval() function is particularly useful when we need to dynamically evaluate expressions or perform calculations based on the user's input.

When to Use eval()

When to use eval() depends on the specific requirements. These are some scenarios where we can use the eval() function.

  • When we need to evaluate mathematical expressions or dynamically execute user-provided expressions.
  • When we want to interpret and execute small code snippets that return a value.
  • When we need to perform calculations based on user input.

The exec() Function

Definition: Unlike eval(), the exec() function in Python is used to execute a block of code or a script.

It takes a string containing Python code as its argument and executes it within the current scope.

Syntax of exec() function:


ParametersTypeDetails
expressionRequiredA string representing a block of code or a script to be executed.
globalsOptionalA dictionary containing global variables.
localsOptionalA dictionary containing local variables.

Here are a few examples to illustrate how exec() works:

Example 1: Executing a Simple Block of Code

We can execute a piece of code using the exec() function.

Output:

Result = 8

Explanation:

In this example, the string 'source' contains a simple code block that assigns values to x = 5 and y = 3 variables and prints their sum. The exec() function executes this expression, resulting in output = 8.

Example 2: Executing a Function Definition

We can execute a piece of code containing the function definition and function call using the exec() function.

Output:

Result = 6

Explanation:

In this example, the source code defines a function multiply() and then calls it with the arguments 2 and 3. The exec() function executes this code and produces the output 6.

Example 3: Modifying Global Variables

We can execute the source code that modifies the global variable using the exec() function.

Output:

Original X = 10
Modified X = 11

Explanation:

In this example, the source code defines a function increment() that modifies the value of the global variable x by incrementing it by 1. The exec() function executes this code, resulting in the output 11 as the value of x is incremented by 1.

Example 4: Executing a Loop

We can execute a source code containing a loop using the exec() function.

Output:

i = 0
i = 1
i = 2
i = 3
i = 4

Explanation:

In this example, the source code contains a for-loop that prints the numbers from 0 to 4. The exec() function executes this code, resulting in the expected output.

Example 5: Dynamic Code Generation

We can execute the dynamically generated code using the exec() function.

Output:

variable_name = 42

Explanation:

In this example, the source code is dynamically generated using string formatting, including a variable name and its initial value. The exec() function executes this code, resulting in output = 42.

Note: Dynamically generated code refers to the process of creating executable code at runtime based on certain conditions or variables.

The exec() function is particularly useful when we need the following:

  • Execute dynamic or user-generated code,
  • Implement code generators,
  • Or dynamically modify the program's behaviour at runtime.

However, similar to eval(), exercising caution is crucial when using exec() to avoid security risks, as it can execute arbitrary code.

When to Use exec()

When to use exec() also depends on the specific requirements. These are some scenarios when we can use the exec() function:

  • When we need to execute a larger block of code or a script.
  • When we want to modify variables or define functions within the current scope.
  • When we need to generate code dynamically or implement code generators.

Key Differences Between eval() and exec():

Although eval() and exec() share some similarities, they differ in their primary purposes and the type of code they can handle.

Following are the key differences between these functions:

eval()exec()
Functionalityeval() evaluates expressions and returns the result.exec() executes code blocks or scripts.
Return Valueeval() returns the result of the evaluated expression.exec() does not return any value. It simply executes the code.
Input Typeeval() takes a string as an argument containing a single expression.exec() takes a string containing multiple lines of code or a script.
Variable Scopeseval() operates within the current scopeexec() can modify variables in the current scope using the global or nonlocal keyword.
Security ConcernBoth functions can execute arbitrary code, and it is important to sanitize the code to avoid any potential vulnerability.

CONCLUSION:

Both eval() and exec() functions are in-built in Python and are powerful tools for dynamic code execution. It is important to know how to use them when the time comes.

  • The eval() function is suitable when we want to evaluate mathematical expressions, dynamically execute user-provided expressions, or perform calculations based on user input.
  • On the other hand, the exec() function is suitable for executing larger blocks of code or scripts.
  • We need to be careful when executing code from some random source. Because if we take some random scripts and execute them using these functions. They can steal information from our computers can install the malware in the background. It can be a huge security risk for us and our organization.
  • Careful validation and sanitization of input (source code) can help prevent security vulnerabilities.
  • Key differences between eval() and exec() include the type of input they can handle, their return values, the variable scopes they operate within, and the security concerns associated with executing arbitrary code.

Understanding their differences and appropriate use cases can help us leverage them effectively while ensuring the security and reliability of our code.