Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If this is just for sql queries ... it'd be overkill especially where you need to compare the usual PREPARE statements with the hassle of keeping everyone on 3.14 and above.


It's also for logging:

    log.debug(f"The value of counter was {counter}, the nonce was {nonce}")
builds a new string every time the interpreter hits this line. Whereas

    log.debug(t"The value of counter was {counter}, the nonce was {nonce}")
passes a Template to the debug() function that bails out if debug mode is not on and doesn't build a string.


Could also be used to prevent html injection.


It's for SQL, HTML, and shell. But idk how solving injection, a top on the OWASP list forever is considered "overkill".




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: