undefined | Better HN

0 pointsnhumrich1y ago0 comments

f-strings immediately become a string, and are "invisible" to the runtime from a normal string. t-strings introduce an object so that libraries can do custom logic/formatting on the template strings, such as decided _how_ to format the string.

My main motivation as an author of 501 was to ensure user input is properly escaped when inserting into sql, which you cant enforce with f-strings.

0 comments

williamdclt1y ago

> ensure user input is properly escaped when inserting into sql

I used to wish for that and got it in JS with template strings and libs around it. For what it’s worth (you got a whole PEP done, you have more credibility than I do) I ended up changing my mind, I think it’s a mistake.

It’s _nice_ from a syntax perspective. But it obscures the reality of sql query/parameter segregation, it builds an abstraction on top of sql that’s leaky and doesn’t even look like an abstraction.

And more importantly, it looks _way too close_ to the wrong thing. If the difference between the safe way to do sql and the unsafe way is one character and a non-trivial understanding of string formatting in python… bad things will happen. In a one-person project it’s manageable, in a bigger one where people have different experiences and seniority it will go wrong.

It’s certainly cute. I don’t thing it’s a good thing for sql queries.

nine_k1y ago

I understand your concern, and I think the PEP addresses it. Quite bluntly, t"foo" is not a string, while f"foo" is. You'll get a typecheck error if you run a typechecker like any reasonable developer, and will get a runtime error if you ignore the type mismatch, because t"foo" even lacks a __str__() method.

One statement the PEP could put front and center in the abstract could be "t-strings are not strings".

guelo1y ago

> "t-strings are not strings"

t-string is an unfortunate name for something that is not a string.

nine_k1y ago

I wish it were called "string templates" instead, with t"whatever" form being called a "template literal".

DonHopkins1y ago

Simpson's Individual Stringettes!

https://www.youtube.com/watch?v=7qNj-QFZbew

sevensor1y ago

Away with floods! Away with workaday tidal waves!

jackpirate1y ago

That all make senses to me. But it definitely won't make sense to my intro to programming students. They already have enough weird syntax to juggle.

nhumrichOP1y ago

Then dont teach them t-strings

j / k navigate · click thread line to collapse

0 comments

williamdclt1y ago

> ensure user input is properly escaped when inserting into sql

It’s certainly cute. I don’t thing it’s a good thing for sql queries.

nine_k1y ago

One statement the PEP could put front and center in the abstract could be "t-strings are not strings".

guelo1y ago

> "t-strings are not strings"

t-string is an unfortunate name for something that is not a string.

nine_k1y ago

I wish it were called "string templates" instead, with t"whatever" form being called a "template literal".

DonHopkins1y ago

Simpson's Individual Stringettes!

https://www.youtube.com/watch?v=7qNj-QFZbew

sevensor1y ago

Away with floods! Away with workaday tidal waves!

jackpirate1y ago

That all make senses to me. But it definitely won't make sense to my intro to programming students. They already have enough weird syntax to juggle.

nhumrichOP1y ago

Then dont teach them t-strings

j / k navigate · click thread line to collapse