My understanding is that for a sql prefix the most valuable part is to be able to know that it was created from a literal. No other magic, definitely not auto-executing. Then it would be legal to write
result = conn.execute(sql"SELECT * FROM people WHERE id=?", user_id) but not result = conn.execute(f"SELECT * FROM people WHERE id={user_id}") In order to achieve this, the `execute()` method only has to look at the type of its argument, and throw an error if it's a plain string. Perhaps with some more imagination we can make result = conn.execute(sql"SELECT * FROM people WHERE id={user_id}") work too, but in this case the `sql"..."` token would only create an `UnpreparedStatement` object, which expects a variable named "user_id", and then the `conn.execute()` method would pass locals()/globals() into the `.prepare()` method of that statement, binding those values to the placeholders. Crucially, the `.prepare()` method shouldn't modify the object, but return a new PreparedStatement, which then gets executed by the `conn.execute()`. _______________________________________________ Python-ideas mailing list -- python-ideas@python.org To unsubscribe send an email to python-ideas-le...@python.org https://mail.python.org/mailman3/lists/python-ideas.python.org/ Message archived at https://mail.python.org/archives/list/python-ideas@python.org/message/Y4ISQCWYFNC5DNGUQYRXY5IZMOYUAYVP/ Code of Conduct: http://python.org/psf/codeofconduct/