(davepeck.org)

620 points tambourine_man | 4 comments | 21 Apr 25 04:31 UTC | HN request time: 0.42s | source

1. m2f2 ◴[21 Apr 25 08:03 UTC] No.43749416[source]▶

If this is just for sql queries ... it'd be overkill especially where you need to compare the usual PREPARE statements with the hassle of keeping everyone on 3.14 and above.

replies(3): >>43749704 #>>43751238 #>>43751693 #

2. bazoom42 ◴[21 Apr 25 08:52 UTC] No.43749704[source]▶

>>43749416 (TP) #

Could also be used to prevent html injection.

3. nhumrich ◴[21 Apr 25 12:32 UTC] No.43751238[source]▶

>>43749416 (TP) #

It's for SQL, HTML, and shell. But idk how solving injection, a top on the OWASP list forever is considered "overkill".

4. orthoxerox ◴[21 Apr 25 13:18 UTC] No.43751693[source]▶

>>43749416 (TP) #

It's also for logging:

    log.debug(f"The value of counter was {counter}, the nonce was {nonce}")

builds a new string every time the interpreter hits this line. Whereas

    log.debug(t"The value of counter was {counter}, the nonce was {nonce}")

passes a Template to the debug() function that bails out if debug mode is not on and doesn't build a string.

↑

Python’s new t-strings