2025-05-16 08:48:00
github.com
SQL-tString allows for t-string based construction of sql queries
without allowing for SQL injection. The basic usage is as follows,
from sql_tstring import sql
a = 1
query, values = sql(
t"""SELECT a, b, c
FROM tbl
WHERE a = {a}""",
)
The query
is a str
and values
a list[Any]
, both are
then typically passed to a DB connection. Note the parameters can only
be identifiers that identify variables (in the above example in the
locals()) e.g. {a - 1}
is not valid.
SQL-tString will convert parameters to SQL placeholders where
appropriate. In other locations SQL-tString will allow pre defined
column or table names to be used,
from sql_tstring import sql, sql_context
col = "a"
table = "tbl"
with sql_context(columns={"a"}, tables={"tbl"}):
query, values = sql(
t"SELECT {col} FROM {table}",
)
If the value of col
or table
does not match the valid values
given to the sql_context
function an error will be raised.
SQL-tString will also remove parameters if they are set to the special
value of Absent
(or RewritingValue.Absent
). This is most
useful for optional updates, or conditionals,
from sql_tstring import Absent, sql
a = Absent
b = Absent
query, values = sql(
t"""UPDATE tbl
SET a = {a},
b = 1
WHERE b = {b}""",
)
As both a
and b
are Absent
the above query
will be
UPDATE tbl SET b =1
.
In addition for conditionals the values IsNull
(or
RewritingValue.IS_NULL
) and IsNotNull
(or
RewritingValue.IS_NOT_NULL
) can be used to rewrite the conditional
as expected. This is useful as x = NULL
is always false in SQL.
By default SQL-tString uses the qmark
paramstyle (dialect) but also
supports the $
paramstyle or asyncpg dialect. This is best changed
globally via,
from sql_tstring import Context, set_context
set_context(Context(dialect="asyncpg"))
t-strings were introduced in Python 3.14 via, PEP 750, however this library can be
used with Python 3.12 and 3.13 as follows,
from sql_tstring import sql
a = 1
query, values = sql(
"""SELECT a, b, c
FROM tbl
WHERE a = {a}""",
locals(),
)
Please note though that only simple variable identifiers can be placed
within the braces.
Keep your files stored safely and securely with the SanDisk 2TB Extreme Portable SSD. With over 69,505 ratings and an impressive 4.6 out of 5 stars, this product has been purchased over 8K+ times in the past month. At only $129.99, this Amazon’s Choice product is a must-have for secure file storage.
Help keep private content private with the included password protection featuring 256-bit AES hardware encryption. Order now for just $129.99 on Amazon!
Help Power Techcratic’s Future – Scan To Support
If Techcratic’s content and insights have helped you, consider giving back by supporting the platform with crypto. Every contribution makes a difference, whether it’s for high-quality content, server maintenance, or future updates. Techcratic is constantly evolving, and your support helps drive that progress.
As a solo operator who wears all the hats, creating content, managing the tech, and running the site, your support allows me to stay focused on delivering valuable resources. Your support keeps everything running smoothly and enables me to continue creating the content you love. I’m deeply grateful for your support, it truly means the world to me! Thank you!
BITCOIN bc1qlszw7elx2qahjwvaryh0tkgg8y68enw30gpvge Scan the QR code with your crypto wallet app |
DOGECOIN D64GwvvYQxFXYyan3oQCrmWfidf6T3JpBA Scan the QR code with your crypto wallet app |
ETHEREUM 0xe9BC980DF3d985730dA827996B43E4A62CCBAA7a Scan the QR code with your crypto wallet app |
Please read the Privacy and Security Disclaimer on how Techcratic handles your support.
Disclaimer: As an Amazon Associate, Techcratic may earn from qualifying purchases.