On Thu, 22 Oct 2020 at 11:39, Hans Ginzel <h...@matfyz.cz> wrote:
>
> On Thu, Oct 22, 2020 at 08:31:34PM +1100, Steven D'Aprano wrote:
> >> cursor.execute(f"INSERT INTO {table} VALUES (1, '{}');")
> >> SyntaxError: f-string: empty expression not allowed
> >
> >Escape the braces by doubling them:
> > f"INSERT INTO {table} VALUES (1, '{{}}');"
>
> Thank you for (ugly) workaorund.
Given that using an f-string is not advised in this context (it's a
vector for SQL injection attacks) I don't see this as a compelling
example, and I think the workaround is perfectly fine - ugliness (if
you choose to think of it as ugly) is arguably a benefit, because it
forces you to think about whether you want to do this.
> >The problem here is with the f-string, not the call to cursor.execute.
> >We can simplify the example to this:
> > f'{}'
> >and avoid the distraction of JSON, SQL, databases, etc.
>
> Technically we can, but the context give us a useful example.
> Strings like f"Use braces ({}) for {something}."
> are also a useful example.
It does, and as I say above, it shows that having to double the
brackets is fine (in my view).
> >> Empty expression in f-string should
> >> * (silently) expand as '{}' (opening and closing braces),
> >> * generate a (compile time) warning if requested, e.g. with -W.
> >
> >We could do that, but this is more likely to just hide bugs in the
> >f-string than be useful.
>
> Thank you, that would be great and useful.
> Users will be warned before potentially bug two times:
> 1) They will see the {} in output (which should be tested).
> 2) By the compiler when they ask for (-W), which is a better behaviour than
> forced carefulness.
"We could do that" doesn't mean we will. And I'm definitely -1 on it,
for the reason Steven stated (it is more likely to hide bugs than to
be useful). It's also an odd special case that users will have to
understand ("to get a literal { or } character, double it, unless you
want using precisely {}, when you don't have to double the characters
but you can use {}. You can't use {{} or {}} though, these are right
out")
So no, I don't think this is a good idea, sorry.
>From the Zen, "Special cases aren't special enough to break the rules"
is probably relevant here, and I don't think you have demonstrated
that "Practicality beats purity" applies.
Paul
_______________________________________________
Python-ideas mailing list -- python-ideas@python.org
To unsubscribe send an email to python-ideas-le...@python.org
https://mail.python.org/mailman3/lists/python-ideas.python.org/
Message archived at
https://mail.python.org/archives/list/python-ideas@python.org/message/VSEWMNEJFSW4I4PFSTRN7FYXONBLJZIH/
Code of Conduct: http://python.org/psf/codeofconduct/
