# Shocking truth about strings formatting

In [24]:
# Copyright 2021 aaaaaaaalesha

## 1. "Classic" strings formatting

In [25]:
name = "Robert"

In [26]:
# Using %s format specifier.
'Hello %s' % name

'Hello Robert'

In [27]:
errno = 16

In [28]:
# Represent int as hex-str.
'%x' % errno

'10'

In [29]:
# Multiple args.
'Hey, %s! There is an error 0x%x!' % (name, errno)

'Hey, Robert! There is an error 0x10!'

In [30]:
# Another variant using variables.
'Hey, %(name)s! There is an error 0x%(errno)x!' % {
    "name": name, "errno": errno
}

'Hey, Robert! There is an error 0x10!'

## 2. "Modern" strings formatting

In [31]:
'Hello, {}'.format(name)

'Hello, Robert'

In [32]:
'Hey, {name}! There is an error 0x{errno:x}!'.format(
    name = name, errno=errno
)

'Hey, Robert! There is an error 0x10!'

## 3. Interpolation of literal strings

In [33]:
f"Hello {name}"

'Hello Robert'

In [34]:
a = 5
b = 10
f'Five plus ten equals {a + b} but not {2 * (a + b)}'

'Five plus ten equals 15 but not 30'

In [35]:
def asker(name_, question_):
    return f"Hello {name_}! {question_}?"

asker(name, "How are you")

'Hello Robert! How are you?'

In [36]:
# Under the hood...
import dis
dis.dis(asker)

  2           0 LOAD_CONST               1 ('Hello ')
              2 LOAD_FAST                0 (name_)
              4 FORMAT_VALUE             0
              6 LOAD_CONST               2 ('! ')
              8 LOAD_FAST                1 (question_)
             10 FORMAT_VALUE             0
             12 LOAD_CONST               3 ('?')
             14 BUILD_STRING             5
             16 RETURN_VALUE


In [37]:
f"Hey {name}! There is an {errno:#x}!"

'Hey Robert! There is an 0x10!'

## 4. Template strings

In [38]:
from string import Template
t = Template("Hey $name_!")
t.substitute(name_=name)

'Hey Robert!'

In [39]:
# Promlems with security in previous methods.
SECRET = 'this is secret!'

class Error:
    def __init__(self):
        pass

err = Error()
user_input = "{error.__init__.__globals__[SECRET]}"
user_input.format(error=err)

'this is secret!'

In [40]:
# Using template-strings.
user_input = '${error.__init__.__globals__[SECRET]}'
Template(user_input).substitute(error=err) # error traceback - SECRET has been protected

ValueError: Invalid placeholder in string: line 1, col 1