php-is-literal-rfc/others/python/main.py at main · craigfrancis/php-is-literal-rfc · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
#!/usr/bin/env python3.11

# Run with:
#  export NAME="Example"; python3.11 main.py

# Check with:
#  https://pyre-check.org/play/

# More details at:
#  https://docs.python.org/3.11/library/typing.html#typing.LiteralString
#  https://peps.python.org/pep-0675/
#  https://www.youtube.com/watch?v=nRt_xk2MGYU

import sys
import os
import typing

def main() -> int:

  #---

  name = input('Your name: ')

  #---

  run_sql('WHERE name = ?', [name])

  run_sql('WHERE name = ' + name) # Wrong
  run_sql('WHERE name = ' + os.getenv('NAME')) # Wrong
  run_sql('WHERE name = ' + sys.argv[0]) # Wrong

  #---

  sql = 'SELECT * FROM user WHERE deleted IS NULL'
  param = []

  if name != '':
    sql += ' AND name LIKE ?'
    param.append('%' + name + '%')

  ids = [1, 2, 3]
  if len(ids) > 0:
    sql += ' AND id IN (' + placeholders(len(ids)) + ')'
    param.extend(ids)

  run_sql(sql, param)

  #---

  return 0

def run_sql(sql: typing.LiteralString, parameters: typing.List[str] = []) -> None:
  print(sql, '\n', parameters, '\n')

def placeholders(count: int) -> typing.LiteralString:
  sql = '?'
  for x in range(1, count):
    sql += ',?'
  return sql

if __name__ == '__main__':
  sys.exit(main())