OMG, please no! Please, for all that is decent, do not use an ORM in any code I will ever need to look at!

The SQL injection attack is just silly if you don't run arbitrary strings.  Don't ever do that.  But running a query that is hard coded as text, with just a few parameters filled in (the DB-API is handy) is good... yes, check those parameters for sanity and permission first.

On Fri, Feb 21, 2020 at 10:39 PM Bruce Leban <> wrote:

On Fri, Feb 21, 2020 at 5:53 AM <> wrote:
The idea is to add a new string prefix 's' for SQL string. This string doesn't do anything in Python, unlike b"" or f"" strings, but interactive Python shells like IPython or Jupyter can parse the following characters as SQL syntax instead of Python syntax and give SQL syntax highlighting and autocompletion, and if they are configured correctly, they can do column name autocompletion. Unfortunately when I try to type s"select * from table" it gave me syntax error instead, so I think this need to be implemented in Python language itself instead of module

First, as to SQL specifically, writing literal SQL in code is a bad idea. It's easy to have bugs, especially sql injection. You should use an ORM at the very least a SQL builder. Instead of:

    sf"select * from sometable where name = '{userName}'"

you would write something like:


And I believe the same thing applies to HTML and just about anything else that has a complicated enough syntax that this idea would be useful for.

Second, if I had a strong reason to do something like this, I'd want to use a function that enabled me to add run-time sanity checking (at least during development and testing phase):

    _html_(f"This is a <b><i>{adverb} bad</b></i> example.")

and in production that function would just return the value untouched.

--- Bruce
Python-ideas mailing list --
To unsubscribe send an email to
Message archived at
Code of Conduct:

Keeping medicines from the bloodstreams of the sick; food
from the bellies of the hungry; books from the hands of the
uneducated; technology from the underdeveloped; and putting
advocates of freedom in prisons.  Intellectual property is
to the 21st century what the slave trade was to the 16th.