Hello,
Python 3.14, scheduled for release in October, introduces Template
Strings (https://peps.python.org/pep-0750/), which might be useful to
compose query parameters in a very elegant way, while ensuring safety:
value = 42
cur.execute(t"select * from mytable where id = {value}")
I have started to think about a few details about the feature, such as
whether to allow non-values parts of the query too in the parameters,
for example allowing to use:
value = 42
table_name = sql.Identifier("mytable")
cur.execute(t"select * from {table_name} where id = {value}")
to which we would merge the table name client-side and the value server-side.
I have written some thoughts in
<https://github.com/psycopg/psycopg/discussions/1044>. if anyone would
like to express their opinion about the design of this feature, you
are very welcome.
Thank you very much!
-- Daniele
