Python’s new t-strings

(davepeck.org)

620 points tambourine_man | 2 comments | 21 Apr 25 04:31 UTC | HN request time: 2.377s | source

Show context

serbuvlad ◴[21 Apr 25 09:51 UTC] No.43750075[source]▶

All things considered, this is pretty cool. Basically, this replaces

    db.execute("QUERY WHERE name = ?", (name,))

with

    db.execute(t"QUERY WHERE name = {name}")

Does the benefit from this syntactic sugar outweigh the added complexity of a new language feature? I think it does in this case for two reasons:

1. Allowing library developers to do whatever they want with {} expansions is a good thing, and will probably spawn some good uses.

2. Generalizing template syntax across a language, so that all libraries solve this problem in the same way, is probably a good thing.

replies(12): >>43750226 #>>43750250 #>>43750260 #>>43750279 #>>43750513 #>>43750750 #>>43752117 #>>43752173 #>>43752293 #>>43754738 #>>43756560 #>>43763190 #

pinoy420 ◴[21 Apr 25 10:17 UTC] No.43750226[source]▶

>>43750075 #

Now instead of being explicit all it takes is someone unfamiliar with t strings (which will be almost everyone - still few know about f strings and their formatting capabilities) to use an f instead and you are in for a bad time.

replies(5): >>43750270 #>>43750280 #>>43750323 #>>43751292 #>>43753934 #

1. falcor84 ◴[21 Apr 25 10:27 UTC] No.43750270[source]▶

>>43750226 #

That is an issue, but essentially it boils down to the existing risk of unknowledgeable people not escaping untrusted inputs. The solution should be more education and better tooling (linters, SAST), and t-strings are likely to help with both.

replies(1): >>43750308 #

2. masklinn ◴[21 Apr 25 10:34 UTC] No.43750308[source]▶

>>43750270 (TP) #

t-strings allow building APIs which don't accept strings at all (or require some sort of opt-in), and will always error on such. That's the boon.

Having to write

    cr.execute(t"...")

even when there's nothing to format in is not a big imposition.

↑