| HN Mirror

Y	Hacker News new \| ask \| show \| jobs

by theamk 144 days ago

A lot of time I want to check for valid identifier:

    if not re.match('^[a-z0-9_]+$', user):
        raise SomeException("invalid username")

as written, the code above is incorrect - it will happily accept "john\n", which can cause all sort of havoc down the line

1 comments

extraduder_ire 144 days ago

Shouldn't you use the match returned from the string? Or use .fullmatch() (added 3.4) to match the whole string.

link

theamk 144 days ago

In general no, you should not use match from the string. If you are getting input from user, you want a more complex processing (like stripping all whitespace), and if you are getting input from API calls, you want to either use specified name as-is, or fail.

Yes, fullmatch() will help, and so will \Z. It's just that it is so easy to forget...

link