←back to thread

Python’s new t-strings

(davepeck.org)

620 points tambourine_man | 1 comments | 21 Apr 25 04:31 UTC | HN request time: 0.21s | source

Show context

serbuvlad ◴[21 Apr 25 09:51 UTC] No.43750075[source]▶

>>43748512 (OP) #

All things considered, this is pretty cool. Basically, this replaces

    db.execute("QUERY WHERE name = ?", (name,))

with

    db.execute(t"QUERY WHERE name = {name}")

Does the benefit from this syntactic sugar outweigh the added complexity of a new language feature? I think it does in this case for two reasons:

1. Allowing library developers to do whatever they want with {} expansions is a good thing, and will probably spawn some good uses.

2. Generalizing template syntax across a language, so that all libraries solve this problem in the same way, is probably a good thing.

replies(12): >>43750226 #>>43750250 #>>43750260 #>>43750279 #>>43750513 #>>43750750 #>>43752117 #>>43752173 #>>43752293 #>>43754738 #>>43756560 #>>43763190 #

Tenoke ◴[21 Apr 25 10:23 UTC] No.43750250[source]▶

I don't see what it adds over f-string in that example?

replies(6): >>43750258 #>>43750261 #>>43750262 #>>43750265 #>>43750295 #>>43750581 #

1. sureglymop ◴[21 Apr 25 10:31 UTC] No.43750295[source]▶

Wouldn't this precisely lead to sql injection vulnerabilities with f-strings here?