On Fri, Feb 18, 2005 at 03:48:57AM +0100, Andrea Arcangeli wrote:
On Thu, Feb 17, 2005 at 01:27:30PM -0600, J Turner wrote:
It's not trival to determine whether or not something gets resolved. If it's a keyword argument situation, then I need to search the format string for some variation of %(keyword)s. If it's just tuple-style, then I need to count the number of %s/d/whatevers and determine whether or not it's beyond the limit.
This seems ugly, and needlessly expensive for a corner case; I think the right answer is, only pass things to format() that are intended to be formatted and made safe for insertion into SQL.
So my suggestion is not to give it up, but to try to convert to string, and format it like string if __str__ did its job.
This makes sense. I was hesitant to "just str()" it because the whole point of format() (or, at least, the biggest point) is that it makes things safely escaped for insertion into a SQL statement--no malicious injection. If I did it the way you suggest, however, and do something like STRING(str(unknown_thing)) so that it was sure to be escaped properly, that seems like it would be a useful thing. - Jamie