Show HN: SQL-tString a t-string SQL builder in Python
a year ago
- #Python
- #SQL
- #security
- SQL-tString enables t-string based SQL query construction without SQL injection risks.
- Basic usage involves passing a t-string to the `sql` function, which returns a query string and a list of values.
- Parameters in t-strings must be simple variable identifiers; expressions like `{a - 1}` are invalid.
- `sql_context` allows pre-defining valid column and table names, raising errors if values don't match.
- Special values like `Absent` remove parameters from queries, useful for optional updates or conditionals.
- `IsNull` and `IsNotNull` rewrite conditionals to handle SQL NULL values correctly.
- Supports `qmark` and `asyncpg` paramstyles, configurable via `set_context`.
- Compatible with Python 3.12 and 3.13, using standard strings if t-strings (PEP 750) are unavailable.