Python’s new t-strings

(davepeck.org)

620 points tambourine_man | 1 comments | 21 Apr 25 04:31 UTC | HN request time: 0.205s | source

Show context

serbuvlad ◴[21 Apr 25 09:51 UTC] No.43750075[source]▶

All things considered, this is pretty cool. Basically, this replaces

    db.execute("QUERY WHERE name = ?", (name,))

with

    db.execute(t"QUERY WHERE name = {name}")

Does the benefit from this syntactic sugar outweigh the added complexity of a new language feature? I think it does in this case for two reasons:

1. Allowing library developers to do whatever they want with {} expansions is a good thing, and will probably spawn some good uses.

2. Generalizing template syntax across a language, so that all libraries solve this problem in the same way, is probably a good thing.

replies(12): >>43750226 #>>43750250 #>>43750260 #>>43750279 #>>43750513 #>>43750750 #>>43752117 #>>43752173 #>>43752293 #>>43754738 #>>43756560 #>>43763190 #

jimwhite ◴[22 Apr 25 15:14 UTC] No.43763190[source]▶

>>43750075 #

Yes and your example is the hero case because it isn't just sugar. A t-string implementation for SQL will of course escape the values which is a common security issue.

https://xkcd.com/327/

replies(1): >>43763414 #

1. hombre_fatal ◴[22 Apr 25 15:35 UTC] No.43763414[source]▶

>>43763190 #

No, a t-string returns a Template which is basically { strings: str[], values: any[] }.

So you would write db.execute(template) to turn template t"... where id = {id}" into a parameterized structure like ("... where id = ?", id).

↑