←back to thread

Python’s new t-strings

(davepeck.org)
620 points tambourine_man | 1 comments | 21 Apr 25 04:31 UTC | HN request time: 0.216s | source
Show context
serbuvlad ◴[21 Apr 25 09:51 UTC] No.43750075[source]
All things considered, this is pretty cool. Basically, this replaces

    db.execute("QUERY WHERE name = ?", (name,))
with

    db.execute(t"QUERY WHERE name = {name}")
Does the benefit from this syntactic sugar outweigh the added complexity of a new language feature? I think it does in this case for two reasons:

1. Allowing library developers to do whatever they want with {} expansions is a good thing, and will probably spawn some good uses.

2. Generalizing template syntax across a language, so that all libraries solve this problem in the same way, is probably a good thing.

replies(12): >>43750226 #>>43750250 #>>43750260 #>>43750279 #>>43750513 #>>43750750 #>>43752117 #>>43752173 #>>43752293 #>>43754738 #>>43756560 #>>43763190 #
Tenoke ◴[21 Apr 25 10:23 UTC] No.43750250[source]
I don't see what it adds over f-string in that example?
replies(6): >>43750258 #>>43750261 #>>43750262 #>>43750265 #>>43750295 #>>43750581 #
burky ◴[21 Apr 25 10:26 UTC] No.43750262[source]
f-strings won’t sanitize the value, so it’s not safe. The article talks about this.
replies(1): >>43750427 #
Tenoke ◴[21 Apr 25 10:52 UTC] No.43750427[source]
The article talked about it but the example here just assumes they'll be there.
replies(2): >>43751261 #>>43751285 #
sanderjd ◴[21 Apr 25 12:35 UTC] No.43751261[source]
What do you mean by "they"? You mean the template interpolation functions?

Yes, the idea is that by having this in the language, library authors will write these implementations for use cases where they are appropriate.

replies(1): >>43751976 #
Tenoke ◴[21 Apr 25 13:47 UTC] No.43751976[source]
The sanitization. Just using a t-string in your old db.execute doesn't imply anything safer is going on than before.
replies(2): >>43752377 #>>43752677 #
1. nemetroid ◴[21 Apr 25 14:54 UTC] No.43752677[source]
Your "old" db.execute (which presumably accepts a regular old string) would not accept a t-string, because it's not a string. In the original example, it's a new db.execute.