undefined | Better HN

0 pointspaulddraper11mo ago0 comments

No, the format function doesn't "arbitrarily execute code."

An f/t string is syntax not runtime.

Instead of

    "Hello " + subject + "!"

you write

    f"Hello {subject}!"

That subject is simple an normal code expression, but one that occurs after the opening quote of the literal and before the ending quote of the literal.

And instead of

    query(["SELECT * FROM account WHERE id = ", " AND active"], [id])

you write

    query(t"SELECT * FROM account WHERE id = {id} AND active")

It's a way of writing string literals that if anything makes injection less likely.

0 comments

mjevans11mo ago

Please read the context of my reply again.

The Rejected Golang proposal cited by the post I'm replying to. NOT Python's present PEP or any other string that might resolve magic variables (just not literally eval / exec functions!).

zahlman11mo ago

As far as I can tell from the linked proposal, it wouldn't have involved such evaluation either. It seems like it was intended to work fundamentally the same way as it currently does in Python: by analyzing the string literal ahead of time and translating into equivalent explicit formatting code, as syntactic sugar. There seem to have been many misunderstandings in the GitHub discussion.

mjevans11mo ago

In that case, I might have misunderstood the intent of those examples.

However the difficulty of understanding also illustrates the increased maintenance burden and language complexity.

1 more reply

paulddraperOP11mo ago

The proposal cited Swift, Kotlin, and C# which have similar syntax sugar.

The proposal was for the same.

chrome11111mo ago

Thanks for this example - it makes it clear it can be a mechanism for something like sqlc/typed sql (my go-to with python too, don't like orms) without a transpilation step or arguably awkward language API wrappers to the SQL. We'll need linters to prevent accidentally using `f` instead of `t` but I guess we needed that already anyways. Great to be able to see the actual cost in the DB without having to actually find the query for something like `typeddb.SelectActiveAccount(I'd)`. Good stuff.

WorldMaker11mo ago

The PEP says these return a new type `Template`, so you should be able to both type and/or duck type for these specifically and reject non-Template inputs.

paulddraperOP11mo ago

It is a different type.

You can verify that either via static typechecking, or at runtime.

j / k navigate · click thread line to collapse

0 pointspaulddraper11mo ago0 comments

No, the format function doesn't "arbitrarily execute code."

An f/t string is syntax not runtime.

Instead of

    "Hello " + subject + "!"

you write

    f"Hello {subject}!"

That subject is simple an normal code expression, but one that occurs after the opening quote of the literal and before the ending quote of the literal.

And instead of

    query(["SELECT * FROM account WHERE id = ", " AND active"], [id])

you write

    query(t"SELECT * FROM account WHERE id = {id} AND active")

It's a way of writing string literals that if anything makes injection less likely.

0 comments

mjevans11mo ago

Please read the context of my reply again.

The Rejected Golang proposal cited by the post I'm replying to. NOT Python's present PEP or any other string that might resolve magic variables (just not literally eval / exec functions!).

zahlman11mo ago

mjevans11mo ago

In that case, I might have misunderstood the intent of those examples.

However the difficulty of understanding also illustrates the increased maintenance burden and language complexity.

1 more reply

paulddraperOP11mo ago

The proposal cited Swift, Kotlin, and C# which have similar syntax sugar.

The proposal was for the same.

chrome11111mo ago

WorldMaker11mo ago

The PEP says these return a new type `Template`, so you should be able to both type and/or duck type for these specifically and reject non-Template inputs.

paulddraperOP11mo ago

It is a different type.

You can verify that either via static typechecking, or at runtime.

j / k navigate · click thread line to collapse