Why are String Formatted Queries Considered So Magical?

Nobody nobody at nowhere.com
Tue Jun 29 05:35:43 EDT 2010 

On Tue, 29 Jun 2010 12:30:36 +1200, Lawrence D'Oliveiro wrote:

>> Seriously, almost every other kind of library uses a binary API. What
>> makes databases so special that they need a string-command based API?
> 
> HTML is also effectively a string-based API.

HTML is a data format. The sane way to construct or manipulate HTML is via
the DOM, not string operations.

> And what about regular expressions?

What about them? As the saying goes:

	Some people, when confronted with a problem, think
	"I know, I'll use regular expressions."
	Now they have two problems.

They have some uses, e.g. defining tokens[1]. Using them to match more
complex constructs is error-prone and should generally be avoided unless
you're going to manually verify the result. Oh, and you should never
generate regexps dynamically; that way madness lies.

[1] Assuming that the language's tokens can be described by a regular
grammar. This isn't always the case, e.g. you can't tokenise PostScript
using regexps, as string literals can contain nested parentheses.

> And all the functionality available through the subprocess 
> module and its predecessors?

The main reason why everyone recommends subprocess over its predecessors
is that it allows you to bypass the shell, which is one of the most
common sources of the type of error being discussed in this thread.

IOW, rather than having to construct a shell command which (hopefully)
will pass the desired arguments to the child, you just pass the desired
arguments to the child directly, without involving the shell.

> The reality is, embedding one language within another is a fact of life. I 
> think it’s important for programmers to be able to deal correctly with it.

That depends upon what you mean by "embedding". The correct way to use
code written in one language from code written in another is to make the
first accept parameters and make the second pass them, not to have the
second (try to) generate the former dynamically.

Sometimes dynamic code generation is inevitable (e.g. if you're writing a
compiler, you probably need to generate assembler or C code), but it's not
to be done lightly, and it's unwise to take shortcuts (e.g. ad-hoc string
substitutions).

More information about the Python-list mailing list