Python’s new t-strings

(davepeck.org)

620 points tambourine_man | 1 comments | 21 Apr 25 04:31 UTC | HN request time: 0s | source

Show context

serbuvlad ◴[21 Apr 25 09:51 UTC] No.43750075[source]▶

All things considered, this is pretty cool. Basically, this replaces

    db.execute("QUERY WHERE name = ?", (name,))

with

    db.execute(t"QUERY WHERE name = {name}")

Does the benefit from this syntactic sugar outweigh the added complexity of a new language feature? I think it does in this case for two reasons:

1. Allowing library developers to do whatever they want with {} expansions is a good thing, and will probably spawn some good uses.

2. Generalizing template syntax across a language, so that all libraries solve this problem in the same way, is probably a good thing.

replies(12): >>43750226 #>>43750250 #>>43750260 #>>43750279 #>>43750513 #>>43750750 #>>43752117 #>>43752173 #>>43752293 #>>43754738 #>>43756560 #>>43763190 #

tetha ◴[21 Apr 25 11:36 UTC] No.43750750[source]▶

>>43750075 #

Or you could use this in a library like sh with

    sh(t"stat {some_file}")

With t-strings you could run proper escaping over the contents of `some_file` before passing it to a shell.

I'd have to take a look at the order things happen in shell, but you might even be able to increase security/foot-gun-potential a little bit here by turning this into something like `stat "$( base64 -d [base64 encoded content of some_file] )"`.

replies(2): >>43751303 #>>43756169 #

nhumrich ◴[21 Apr 25 12:38 UTC] No.43751303[source]▶

>>43750750 #

You should check out PEP 787

replies(4): >>43754650 #>>43755129 #>>43756826 #>>43761190 #

1. pauleveritt ◴[21 Apr 25 18:46 UTC] No.43755129[source]▶

>>43751303 #

We really should just point most of these comments at that PEP. Thanks for getting it out so fast.

↑