[Python-ideas] Re: f-string: empty expression should be allowed

2020-10-23 Thread Guido van Rossum 
On Thu, Oct 22, 2020 at 11:08 PM Random832  wrote:

> (with the PEG parser, incidentally, I wonder if it may be time to revisit
> certain limitations in f-string syntax, though that particular one
> technically presents a backward compatibility problem that the rest don't)
>

That's been worked on at the Core dev sprint that's currently winding down.
But the quoting won't change.

-- 
--Guido van Rossum (python.org/~guido)
*Pronouns: he/him **(why is my pronoun here?)*

___
Python-ideas mailing list -- python-ideas@python.org
To unsubscribe send an email to python-ideas-le...@python.org
https://mail.python.org/mailman3/lists/python-ideas.python.org/
Message archived at 
https://mail.python.org/archives/list/python-ideas@python.org/message/OCQMTN4TODMF2OWGMVZXIZ5FWLNQFEFH/
Code of Conduct: http://python.org/psf/codeofconduct/

[Python-ideas] Re: f-string: empty expression should be allowed

2020-10-23 Thread Marco Sulla 
On Fri, 23 Oct 2020 at 08:06, Random832  wrote:

> On Thu, Oct 22, 2020, at 21:00, Steven D'Aprano wrote:
> I suspect that calling this particular syntax ugly is picking at a bit of
> an open wound in the history f-string implementation... consider precisely
> why the escaping syntax is {{}} instead of \{\}, and all the implications
> of that.
>

It's the same syntax of format()
___
Python-ideas mailing list -- python-ideas@python.org
To unsubscribe send an email to python-ideas-le...@python.org
https://mail.python.org/mailman3/lists/python-ideas.python.org/
Message archived at 
https://mail.python.org/archives/list/python-ideas@python.org/message/RYFSESES4JQKGW4FQ6OAAPM5PAWX6WUX/
Code of Conduct: http://python.org/psf/codeofconduct/

[Python-ideas] Re: f-string: empty expression should be allowed

2020-10-23 Thread Random832 
On Thu, Oct 22, 2020, at 21:00, Steven D'Aprano wrote:
> "Who"? Syntax is a person now?
> 
> For what it's worth, I don't think escaping special symbols is ugly. 
> More like homely. It does the job, plainly and simply, but I don't think 
> it's especially good looking. Every other character stands for itself, 
> with this handful of exceptional cases.

I suspect that calling this particular syntax ugly is picking at a bit of an 
open wound in the history f-string implementation... consider precisely why the 
escaping syntax is {{}} instead of \{\}, and all the implications of that.

(with the PEG parser, incidentally, I wonder if it may be time to revisit 
certain limitations in f-string syntax, though that particular one technically 
presents a backward compatibility problem that the rest don't)
___
Python-ideas mailing list -- python-ideas@python.org
To unsubscribe send an email to python-ideas-le...@python.org
https://mail.python.org/mailman3/lists/python-ideas.python.org/
Message archived at 
https://mail.python.org/archives/list/python-ideas@python.org/message/OXIGDJWQNNONKKLJ47JLY3W57YEJZAQM/
Code of Conduct: http://python.org/psf/codeofconduct/

[Python-ideas] Re: f-string: empty expression should be allowed

2020-10-22 Thread Steven D'Aprano 
On Thu, Oct 22, 2020 at 09:09:07AM -0700, Guido van Rossum wrote:
> On Thu, Oct 22, 2020 at 3:37 AM Hans Ginzel  wrote:
> 
> > Thank you for (ugly) workaorund.
> >
> 
> Careful who you're calling ugly.

"Who"? Syntax is a person now?

For what it's worth, I don't think escaping special symbols is ugly. 
More like homely. It does the job, plainly and simply, but I don't think 
it's especially good looking. Every other character stands for itself, 
with this handful of exceptional cases.


-- 
Steve
___
Python-ideas mailing list -- python-ideas@python.org
To unsubscribe send an email to python-ideas-le...@python.org
https://mail.python.org/mailman3/lists/python-ideas.python.org/
Message archived at 
https://mail.python.org/archives/list/python-ideas@python.org/message/TVTSD6M3WOXQNP7I5AUTWWKC5XRGMXDN/
Code of Conduct: http://python.org/psf/codeofconduct/

[Python-ideas] Re: f-string: empty expression should be allowed

2020-10-22 Thread Steven D'Aprano 
On Thu, Oct 22, 2020 at 12:29:22PM +0200, Hans Ginzel wrote:

> >We could do that, but this is more likely to just hide bugs in the
> >f-string than be useful.
> 
> Thank you, that would be great and useful.

Oh, sorry Hans, I think that you may have misunderstood me.

In English, "We could do that, but..." usually means we won't do it 
because of the given reason. In this case, that is what I meant. We 
could do it, but we shouldn't.



-- 
Steve
___
Python-ideas mailing list -- python-ideas@python.org
To unsubscribe send an email to python-ideas-le...@python.org
https://mail.python.org/mailman3/lists/python-ideas.python.org/
Message archived at 
https://mail.python.org/archives/list/python-ideas@python.org/message/BUZ4TSSLYXA5YGOE2N5SPYRZ2WOYCONO/
Code of Conduct: http://python.org/psf/codeofconduct/

[Python-ideas] Re: f-string: empty expression should be allowed

2020-10-22 Thread Guido van Rossum 
On Thu, Oct 22, 2020 at 3:37 AM Hans Ginzel  wrote:

> Thank you for (ugly) workaorund.
>

Careful who you're calling ugly.

-- 
--Guido van Rossum (python.org/~guido)
*Pronouns: he/him **(why is my pronoun here?)*

___
Python-ideas mailing list -- python-ideas@python.org
To unsubscribe send an email to python-ideas-le...@python.org
https://mail.python.org/mailman3/lists/python-ideas.python.org/
Message archived at 
https://mail.python.org/archives/list/python-ideas@python.org/message/HUSESOIYLIAQIT7TGJY4L47RRP5IHZ3T/
Code of Conduct: http://python.org/psf/codeofconduct/

[Python-ideas] Re: f-string: empty expression should be allowed

2020-10-22 Thread Hans Ginzel 

On Thu, Oct 22, 2020 at 11:32:36PM +1100, Chris Angelico wrote:

My recommendation here would be to separate the part where you insert
a table name from the rest of the statement:
cursor.execute(f"INSERT INTO {table} "
   "VALUES (1, '{}')")
That way, you aren't at risk of SQL injection in the rest of the
statement, and you have a very clear separation saying "hey this bit
is doing something really unusual and using interpolation in SQL".


Thank you, that is the best suggestion.

--
H.
___
Python-ideas mailing list -- python-ideas@python.org
To unsubscribe send an email to python-ideas-le...@python.org
https://mail.python.org/mailman3/lists/python-ideas.python.org/
Message archived at 
https://mail.python.org/archives/list/python-ideas@python.org/message/RGX7KRJUUJ6O73H25FMBWEQWEKCX2QCV/
Code of Conduct: http://python.org/psf/codeofconduct/

[Python-ideas] Re: f-string: empty expression should be allowed

2020-10-22 Thread Chris Angelico 
On Thu, Oct 22, 2020 at 8:12 PM Hans Ginzel  wrote:
>
> Hello,
>
> consider this snippet please
>
> cursor.execute(f"INSERT INTO {table} VALUES (1, '{}');")
> SyntaxError: f-string: empty expression not allowed
>
> It is (absolutely) correct to insert empty json into database table field.
> Empty expression in f-string should
> * (silently) expand as '{}' (opening and closing braces),
> * generate a (compile time) warning if requested, e.g. with -W.

My recommendation here would be to separate the part where you insert
a table name from the rest of the statement:

cursor.execute(f"INSERT INTO {table} "
"VALUES (1, '{}')")

That way, you aren't at risk of SQL injection in the rest of the
statement, and you have a very clear separation saying "hey this bit
is doing something really unusual and using interpolation in SQL".

ChrisA
___
Python-ideas mailing list -- python-ideas@python.org
To unsubscribe send an email to python-ideas-le...@python.org
https://mail.python.org/mailman3/lists/python-ideas.python.org/
Message archived at 
https://mail.python.org/archives/list/python-ideas@python.org/message/DS3RXBCWFP2UEQTM2CAM4ZBLNBAECZWJ/
Code of Conduct: http://python.org/psf/codeofconduct/

[Python-ideas] Re: f-string: empty expression should be allowed

2020-10-22 Thread Marco Sulla 
On Thu, 22 Oct 2020 at 12:36, Hans Ginzel  wrote:

> On Thu, Oct 22, 2020 at 08:31:34PM +1100, Steven D'Aprano wrote:
> >> cursor.execute(f"INSERT INTO {table} VALUES (1, '{}');")
> >> SyntaxError: f-string: empty expression not allowed
> >
> >Escape the braces by doubling them:
> >f"INSERT INTO {table} VALUES (1, '{{}}');"
>
> Thank you for (ugly) workaorund.
>

It's not ugly for me too, but if you want another workaround:

d = {}
f"INSERT INTO {table} VALUES (1, '{d}');"
___
Python-ideas mailing list -- python-ideas@python.org
To unsubscribe send an email to python-ideas-le...@python.org
https://mail.python.org/mailman3/lists/python-ideas.python.org/
Message archived at 
https://mail.python.org/archives/list/python-ideas@python.org/message/F63STJCC3MFLMYSS7KTKSRO3VGZOP27V/
Code of Conduct: http://python.org/psf/codeofconduct/

[Python-ideas] Re: f-string: empty expression should be allowed

2020-10-22 Thread Eric V. Smith 

On 10/22/2020 4:58 AM, Hans Ginzel wrote:

Hello,

consider this snippet please

cursor.execute(f"INSERT INTO {table} VALUES (1, '{}');")
SyntaxError: f-string: empty expression not allowed

It is (absolutely) correct to insert empty json into database table 
field.

Empty expression in f-string should
* (silently) expand as '{}' (opening and closing braces),
* generate a (compile time) warning if requested, e.g. with -W.


You can use f"INSERT INTO {table} VALUES (1, '{{}}');".

The doubled braces become single braces inside an f-string.

Eric
___
Python-ideas mailing list -- python-ideas@python.org
To unsubscribe send an email to python-ideas-le...@python.org
https://mail.python.org/mailman3/lists/python-ideas.python.org/
Message archived at 
https://mail.python.org/archives/list/python-ideas@python.org/message/MGUBJY53OZR5G22WT6OPBGCPQ2GB54ZO/
Code of Conduct: http://python.org/psf/codeofconduct/

[Python-ideas] Re: f-string: empty expression should be allowed

2020-10-22 Thread André Roberge 
On Thu, Oct 22, 2020 at 7:39 AM Hans Ginzel  wrote:

> On Thu, Oct 22, 2020 at 08:31:34PM +1100, Steven D'Aprano wrote:
> >> cursor.execute(f"INSERT INTO {table} VALUES (1, '{}');")
> >> SyntaxError: f-string: empty expression not allowed
> >
> >Escape the braces by doubling them:
> >f"INSERT INTO {table} VALUES (1, '{{}}');"
>
> Thank you for (ugly) workaorund.
>
It is no different than having to write \\ in a string to get a single
backslash : it is part of the syntax of f-strings, and not a "workaround".

André Roberge

>
>
>
>
> --
> BR, H.
> ___
> Python-ideas mailing list -- python-ideas@python.org
> To unsubscribe send an email to python-ideas-le...@python.org
> https://mail.python.org/mailman3/lists/python-ideas.python.org/
> Message archived at
> https://mail.python.org/archives/list/python-ideas@python.org/message/2B5KEM34SUO3TXDMMZE6A332L3SKVLEF/
> Code of Conduct: http://python.org/psf/codeofconduct/
>
___
Python-ideas mailing list -- python-ideas@python.org
To unsubscribe send an email to python-ideas-le...@python.org
https://mail.python.org/mailman3/lists/python-ideas.python.org/
Message archived at 
https://mail.python.org/archives/list/python-ideas@python.org/message/67JTOL2MGRQB2CAAFG4HJXV7XDJXNT4Y/
Code of Conduct: http://python.org/psf/codeofconduct/

[Python-ideas] Re: f-string: empty expression should be allowed

2020-10-22 Thread Paul Moore 
On Thu, 22 Oct 2020 at 11:39, Hans Ginzel  wrote:
>
> On Thu, Oct 22, 2020 at 08:31:34PM +1100, Steven D'Aprano wrote:
> >> cursor.execute(f"INSERT INTO {table} VALUES (1, '{}');")
> >> SyntaxError: f-string: empty expression not allowed
> >
> >Escape the braces by doubling them:
> >f"INSERT INTO {table} VALUES (1, '{{}}');"
>
> Thank you for (ugly) workaorund.

Given that using an f-string is not advised in this context (it's a
vector for SQL injection attacks) I don't see this as a compelling
example, and I think the workaround is perfectly fine - ugliness (if
you choose to think of it as ugly) is arguably a benefit, because it
forces you to think about whether you want to do this.

> >The problem here is with the f-string, not the call to cursor.execute.
> >We can simplify the example to this:
> >f'{}'
> >and avoid the distraction of JSON, SQL, databases, etc.
>
> Technically we can, but the context give us a useful example.
> Strings like f"Use braces ({}) for {something}."
> are also a useful example.

It does, and as I say above, it shows that having to double the
brackets is fine (in my view).

> >> Empty expression in f-string should
> >> * (silently) expand as '{}' (opening and closing braces),
> >> * generate a (compile time) warning if requested, e.g. with -W.
> >
> >We could do that, but this is more likely to just hide bugs in the
> >f-string than be useful.
>
> Thank you, that would be great and useful.
> Users will be warned before potentially bug two times:
> 1) They will see the {} in output (which should be tested).
> 2) By the compiler when they ask for (-W), which is a better behaviour than 
> forced carefulness.

"We could do that" doesn't mean we will. And I'm definitely -1 on it,
for the reason Steven stated (it is more likely to hide bugs than to
be useful). It's also an odd special case that users will have to
understand ("to get a literal { or } character, double it, unless you
want using precisely {}, when you don't have to double the characters
but you can use {}. You can't use {{} or {}} though, these are right
out")

So no, I don't think this is a good idea, sorry.

>From the Zen, "Special cases aren't special enough to break the rules"
is probably relevant here, and I don't think you have demonstrated
that "Practicality beats purity" applies.

Paul
___
Python-ideas mailing list -- python-ideas@python.org
To unsubscribe send an email to python-ideas-le...@python.org
https://mail.python.org/mailman3/lists/python-ideas.python.org/
Message archived at 
https://mail.python.org/archives/list/python-ideas@python.org/message/VSEWMNEJFSW4I4PFSTRN7FYXONBLJZIH/
Code of Conduct: http://python.org/psf/codeofconduct/

[Python-ideas] Re: f-string: empty expression should be allowed

2020-10-22 Thread Hans Ginzel 

On Thu, Oct 22, 2020 at 08:31:34PM +1100, Steven D'Aprano wrote:

cursor.execute(f"INSERT INTO {table} VALUES (1, '{}');")
SyntaxError: f-string: empty expression not allowed


Escape the braces by doubling them:
   f"INSERT INTO {table} VALUES (1, '{{}}');"


Thank you for (ugly) workaorund.


The problem here is with the f-string, not the call to cursor.execute.
We can simplify the example to this:
   f'{}'
and avoid the distraction of JSON, SQL, databases, etc.


Technically we can, but the context give us a useful example.
Strings like f"Use braces ({}) for {something}."
are also a useful example.


Empty expression in f-string should
* (silently) expand as '{}' (opening and closing braces),
* generate a (compile time) warning if requested, e.g. with -W.


We could do that, but this is more likely to just hide bugs in the
f-string than be useful.


Thank you, that would be great and useful.
Users will be warned before potentially bug two times:
1) They will see the {} in output (which should be tested).
2) By the compiler when they ask for (-W), which is a better behaviour than 
forced carefulness.

--
BR, H.
___
Python-ideas mailing list -- python-ideas@python.org
To unsubscribe send an email to python-ideas-le...@python.org
https://mail.python.org/mailman3/lists/python-ideas.python.org/
Message archived at 
https://mail.python.org/archives/list/python-ideas@python.org/message/2B5KEM34SUO3TXDMMZE6A332L3SKVLEF/
Code of Conduct: http://python.org/psf/codeofconduct/

[Python-ideas] Re: f-string: empty expression should be allowed

2020-10-22 Thread Steven D'Aprano 
On Thu, Oct 22, 2020 at 10:58:00AM +0200, Hans Ginzel wrote:
> Hello,
> 
> consider this snippet please
> 
> cursor.execute(f"INSERT INTO {table} VALUES (1, '{}');")
> SyntaxError: f-string: empty expression not allowed


Escape the braces by doubling them:

f"INSERT INTO {table} VALUES (1, '{{}}');"


> It is (absolutely) correct to insert empty json into database table field.

Sure, but the syntax error has nothing to do with the database. The 
syntax error occurs long before the SQL gets executed. The problem here 
is with the f-string, not the call to cursor.execute.

We can simplify the example to this:

f'{}'

and avoid the distraction of JSON, SQL, databases, etc.


> Empty expression in f-string should
> * (silently) expand as '{}' (opening and closing braces),
> * generate a (compile time) warning if requested, e.g. with -W.

We could do that, but this is more likely to just hide bugs in the 
f-string than be useful.


-- 
Steve
___
Python-ideas mailing list -- python-ideas@python.org
To unsubscribe send an email to python-ideas-le...@python.org
https://mail.python.org/mailman3/lists/python-ideas.python.org/
Message archived at 
https://mail.python.org/archives/list/python-ideas@python.org/message/WAJL4ZSEGASNLHV3L63VSDZH23IV5CKL/
Code of Conduct: http://python.org/psf/codeofconduct/