Depending on how complicated your expressions are, ast.literal_eval may be a safer alternative.

Answer from Hugh Bothwell on Stack Overflow
🌐
Stack Overflow
stackoverflow.com › questions › 21661090 › python3-best-alternatives-to-eval-input-as-an-expression
python - Python3, best alternatives to eval()? (input as an expression) - Stack Overflow
Top answer
1 of 4
10

Depending on how complicated your expressions are, ast.literal_eval may be a safer alternative.

2 of 4
7

If you're the only person using that app and thus don't need to be worried about security issues, just keep using eval() or exec().

Otherwise, just use a safe library for the specific task you need. E.g. numexpr I guess for a calculator.

🌐
Reddit
reddit.com › r/python › alternatives to eval(), which is said to be "never safe"
r/Python on Reddit: Alternatives to eval(), which is said to be "never safe"
November 2, 2015 -

I have a usecase within a webapplication, where I want to let users input some text, which will be evaluated as a math expression.

The most straightforward method is to tell the users to use python syntax and then throw it into eval, and all is good.

The problem is that there are a bunch of crazy ways to exploit eval to attain "arbitrary code execution". Many discussions arond the web talk of ways to make eval safe(r), but all of them come with more exploits. Best attempt I've seen is Asteval, which lets me use python syntax for the math, however, the author cannot provide any evidence that it is safe to use.

Next possibility is to write a parser for the desired language constructs, which is certainly possible for simple arithmetic, but what if I wanted programming constructs like loops and lists an stuff? Then it gets a bit involved.

So, does anyone know of a safe way to execute untrusted Python code in a safe manner?

-- Edit: I've rephrased my post to be a bit more clear

Top answer
1 of 5
9
It's in stdlib https://docs.python.org/3/library/ast.html#ast.literal_eval
2 of 5
3
How about sympy?
Discussions
Alternative to 'eval'
I have students who are using Anvil for a class project. Their code requires eval() in order to evaluate mathematical expressions (ex. ‘2*4+(6/2)’), but eval apparently isn’t implemented. Is there an alternative that doesn’t require that they build a custom eval function that can handle ... More on anvil.works
🌐 anvil.works
0
0
October 15, 2020
library - Alternative math evaluators in Python - Software Recommendations Stack Exchange
do you know any well-maintained library which is alternative to python-expression-eval? More on softwarerecs.stackexchange.com
🌐 softwarerecs.stackexchange.com
June 14, 2018
Alternative to Python's eval in Lua
I want to solve an equation, the equation is given to me in a string. In Python, I could simply do: print(eval("12+23")) # prints 35 as intended In Lua, we have loadstring, but it does not work. print(loadstring("12+23")) -- nil [string "12+23"]:1: Expected identifier when parsing expression, ... More on devforum.roblox.com
🌐 devforum.roblox.com
1
0
July 24, 2023
Alternatives to using eval()
Hi, I’m new to python, so this might be a simple problem, but i couldn’t find answer by searching. I want a function to return keyboard input for any given key. I couldn’t add argument into code, so i added it to string. But because eval() is a potential security risk, i would prefer ... More on blenderartists.org
🌐 blenderartists.org
0
0
February 22, 2015
Videos
06:31
🌐 YouTube
Python’s eval Explained: Basics to Advanced - YouTube
January 22, 2025
06:44
🌐 YouTube
Exec() VS Eval() Explained In Python Tutorial 2023 - YouTube
May 22, 2023
14:02
🌐 YouTube
Python eval() - Evaluate Expressions Dynamically - YouTube
January 28, 2021
View all
View all
🌐
LM Fit
lmfit.github.io › asteval
ASTEVAL: Minimal Python AST Evaluator — ASTEVAL: Minimal Python AST evaluator
The asteval package evaluates Python expressions and statements, providing a safer alternative to Python’s builtin eval() and a richer, easier to use alternative to ast.literal_eval(). It does this by building an embedded interpreter for a subset of the Python language using Python’s ast module.
🌐
Anvil
anvil.works › anvil q&a
Alternative to 'eval' - Anvil Q&A - Anvil Community Forum
October 15, 2020 - I have students who are using Anvil for a class project. Their code requires eval() in order to evaluate mathematical expressions (ex. ‘2*4+(6/2)’), but eval apparently isn’t implemented. Is there an alternative that doesn’t require that they build a custom eval function that can handle ...
🌐
Wordpress
eulertech.wordpress.com › 2018 › 06 › 10 › the-pitfall-of-eval-function-and-its-safe-alternative-in-python
The pitfall of eval function and its safe alternative in Python – All about cool stuff.
June 11, 2018 - As some of you have used eval and exec in python as a handy quick-and-dirty way to get the dynamic source code, then munge it a little, then execute it. The functionality of ‘eval’ is i…
🌐
Quora
quora.com › How-do-I-avoid-using-exec-and-eval-in-Python
How to avoid using exec() and eval() in Python - Quora
Answer (1 of 3): what are you trying to do that you think needs them : * If you are accepting mathematical formula for calculations, you can relatively easily write your own parser, or use sympy to do the calculations for you. * If you trying to access variables/attributes by name, then you de...
🌐
Newville
newville.github.io › asteval
ASTEVAL: Minimal Python AST evaluator
August 18, 2017 - If you are not redirected automatically, please use https://lmfit.github.io/asteval
Find elsewhere
🌐
Stack Exchange
softwarerecs.stackexchange.com › questions › 50620 › alternative-math-evaluators-in-python
library - Alternative math evaluators in Python - Software Recommendations Stack Exchange
Top answer
1 of 1
3

SymPy is able to do what you are asking for (and much more):

from sympy import sympify
from sympy.abc import x,y

expr = sympify('x * x + 2*y + 5')
expr.subs({ x:3, y:4 })

Note that this is only one of several ways to do what you ask for in SymPy.

It is not only under active development but the backbone of other Python modules. Hence there is a great interest in keeping it maintained, backwards-compatible, and robust.

🌐
Shiksha
shiksha.com › home › it & software › it & software articles › programming articles › python eval: exploring the pros, cons, and best practices for safe and secure usage
Python Eval: Exploring the Pros, Cons, and Best Practices for Safe and Secure Usage - Shiksha Online
May 14, 2024 - If you need to use eval with untrusted input, consider using a sandboxed environment like the RestrictedPython module, which provides a restricted execution environment that limits the capabilities of the evaluated code. Use alternative methods where possible.
🌐
iO Flood
ioflood.com › blog › python-eval
Python Eval Function: Complete Guide
February 6, 2024 - The exec function is another built-in function that can execute Python code dynamically. Unlike eval, exec can execute statements as well as expressions, but it doesn’t return a value. expression = 'x = 2' exec(expression) print(x) # Output: ...
🌐
EyeHunts
tutorial.eyehunts.com › home › python eval alternative
Python eval alternative - Tutorial - By EyeHunts
July 12, 2023 - Here are a couple of alternatives: ast.literal_eval(): This function from the ast module can safely evaluate a subset of Python expressions consisting of literals such as strings, numbers, tuples, lists, dictionaries, booleans, and None.
🌐
Codiga
codiga.io › blog › python-eval
Safe and Secure Python Code: don’t use eval()
October 15, 2022 - See this blog post for a deeper understanding. Even the official Python documentation has notes about security issues with eval(). The safe and secure alternative is to use literal_eval() from the ast package.
🌐
Medium
medium.com › @brusooo27 › python-exec-vs-eval-ea949931ee8f
Python exec vs eval | Medium
July 26, 2023 - When using eval or exec with user input, always validate and sanitize the input to prevent code injection attacks. Consider using alternative approaches, such as built-in Python functions or libraries, when there are safer and more straightforward ...
🌐
PyPI
pypi.org › project › evalidate
evalidate · PyPI
Also, if you want to export your functions to eval, you should do this manually. You can use custom mapping classes instead of dict. As with native python eval, custom mapping class may be used only as locals context.
      » pip install evalidate
Published   Mar 02, 2026
Version   2.1.4
Homepage   https://github.com/yaroslaff/evalidate
🌐
Roblox Developer Forum
devforum.roblox.com › help and feedback › scripting support
Alternative to Python's eval in Lua - Scripting Support - Developer Forum | Roblox
Top answer
1 of 1
1
[image] AlternativeOrNot: print(loadstring("12+23")) Make sure you return the result: local result = loadstring("return 12+23")() print(result) [image] AlternativeOrNot: It returns function: It returns a function, just call it like above ^
🌐
Blender Artists
blenderartists.org › coding › python support
Alternatives to using eval() - Python Support - Blender Artists Community
February 22, 2015 - Hi, I’m new to python, so this might be a simple problem, but i couldn’t find answer by searching. I want a function to return keyboard input for any given key. I couldn’t add argument into code, so i added it to string. But because eval() is a potential security risk, i would prefer ...
🌐
YouTube
youtube.com › watch
Alternative to eval in Python - YouTube
01:45
Become part of the top 3% of the developers by applying to Toptal https://topt.al/25cXVn--Music by Eric Matyashttps://www.soundimage.orgTrack title: Sunrise ...
Published   December 31, 2022
🌐
Stack Overflow
stackoverflow.com › questions › 7882987 › alternative-to-eval-in-python
Alternative to eval in Python - Stack Overflow
Top answer
1 of 2
14
import operator
ops = { 'or': operator.or_, 'and': operator.and_ }
print opsop
2 of 2
1

It's not clear to me how @CatPlusPlus's solution will evaluate any boolean expression. Here is an example from the pyparsing wiki examples page of a Boolean expression parser/evaluator. Here are the test cases for this script:

p = True
q = False
r = True
test = ["p and not q",
        "not not p",
        "not(p and q)",
        "q or not p and r",
        "q or not (p and r)",
        "p or q or r",
        "p or q or r and False",
        ]

for t in test:
    res = boolExpr.parseString(t)[0]
    print t,'\n', res, '=', bool(res),'\n'
🌐
Stack Overflow
stackoverflow.com › questions › 15197673 › using-pythons-eval-vs-ast-literal-eval
Using python's eval() vs. ast.literal_eval() - Stack Overflow
Top answer
1 of 6
344

datamap = eval(input('Provide some data here: ')) means that you actually evaluate the code before you deem it to be unsafe or not. It evaluates the code as soon as the function is called. See also the dangers of eval.

ast.literal_eval raises an exception if the input isn't a valid Python datatype, so the code won't be executed if it's not.

Use ast.literal_eval whenever you need eval. You shouldn't usually evaluate literal Python statements.

2 of 6
174

ast.literal_eval() only considers a small subset of Python's syntax to be valid:

The string or node provided may only consist of the following Python literal structures: strings, bytes, numbers, tuples, lists, dicts, sets, booleans, and None.

Passing __import__('os').system('rm -rf /a-path-you-really-care-about') into ast.literal_eval() will raise an error, but eval() will happily delete your files.

Since it looks like you're only letting the user input a plain dictionary, use ast.literal_eval(). It safely does what you want and nothing more.

🌐
GeeksforGeeks
geeksforgeeks.org › python › difference-between-eval-and-ast-literal-eval-in-python
Difference Between eval() and ast.literal_eval() in Python - GeeksforGeeks
July 23, 2025 - Python provides multiple ways to evaluate expressions and convert data from one format to another. Two commonly used methods are eval() and ast.literal_eval(). While they might appear similar, they serve very different purposes and have significant security implications.
Related queries
python exec
python safe eval
python ast
python binop
python eval vs exec
python eval string
why is eval dangerous python
python exec alternative