Documentation
in this example of using descriptors with "ORM" we have these two lines:
self.fetch = f'SELECT {name} FROM {owner.table} WHERE {owner.key}=?;'
self.store = f'UPDATE {owner.table} SET {name}=? WHERE {owner.key}=?;'I am not big fan of f-strings myself, (at least in SQL queries) and I think there should be a reason for using them in docs or production. Probably I see the reason, but I can not be 100% sure, just like another reader can't.
So I would have an afterword that says:
*Formatting string is not recommended for building SQL queries. Since it is just an example and we didn't want to make the code more complicated (in fact, using them in our example is quite justified), we decided to use it. You have to validate the data before putting it into a query string or trust an end-user, which sometimes is not the best option. Use placeholders instead, as we did in WHERE clause.
I don't think it is necessary but my experience says that a lot of newcomers forget to use placeholders. They use string f-strings (the most common case) for building an SQL query.
Linked PRs
Documentation
in this example of using descriptors with "ORM" we have these two lines:
I am not big fan of f-strings myself, (at least in SQL queries) and I think there should be a reason for using them in docs or production. Probably I see the reason, but I can not be 100% sure, just like another reader can't.
So I would have an afterword that says:
*Formatting string is not recommended for building SQL queries. Since it is just an example and we didn't want to make the code more complicated (in fact, using them in our example is quite justified), we decided to use it. You have to validate the data before putting it into a query string or trust an end-user, which sometimes is not the best option. Use placeholders instead, as we did in
WHEREclause.I don't think it is necessary but my experience says that a lot of newcomers forget to use placeholders. They use string f-strings (the most common case) for building an SQL query.
Linked PRs