Yes and your example is the hero case because it isn't just sugar. A t-string im... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jimwhite 4 months ago \| parent \| context \| favorite \| on: Python’s new t-strings Yes and your example is the hero case because it isn't just sugar. A t-string implementation for SQL will of course escape the values which is a common security issue. https://xkcd.com/327/

hombre_fatal 4 months ago [–]

No, a t-string returns a Template which is basically { strings: str[], values: any[] }.

So you would write db.execute(template) to turn template t"... where id = {id}" into a parameterized structure like ("... where id = ?", id).

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact