frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

On-Demand: AI Agent Automation

https://on-demand.io/
1•handfuloflight•1m ago•0 comments

U.S. Loses Last Triple-A Credit Rating

https://www.wsj.com/economy/central-banking/u-s-loses-last-triple-a-credit-rating-bfcbae5d
1•mudil•4m ago•0 comments

FDA clears first blood test for diagnosing Alzheimer's

https://www.statnews.com/2025/05/16/alzheimers-fujirebio-fda-approval/
1•pseudolus•4m ago•0 comments

Really Really Simple "Pure CSS" Squircles

https://gist.github.com/pouyakary/136fafc75a14abd867e0100856add5a0
1•pmkary•7m ago•0 comments

After HTTPS: Indicating Risk Instead of Security (2019)

https://scholarsarchive.byu.edu/etd/7403/
1•transpute•8m ago•0 comments

Our Idea of Happiness Has Gotten Shallow

https://www.nytimes.com/2025/05/03/magazine/happiness-history-living-well.html
1•gmays•13m ago•0 comments

Dept Homeland Security in vetting process for immigrant reality TV show

https://www.cnn.com/2025/05/16/politics/dhs-vetting-immigrant-reality-tv-show
1•jeffwass•13m ago•0 comments

HMPL v3.0: Small template language for displaying UI from server to client

https://github.com/hmpl-language/hmpl/releases/tag/3.0.0
1•todsacerdoti•15m ago•0 comments

Peter Lax, Pre-Eminent Cold War Mathematician, Dies at 98

https://www.nytimes.com/2025/05/16/science/peter-lax-dead.html
1•donohoe•15m ago•0 comments

Beyond the Gang of Four: Practical Design Patterns for Modern AI Systems

https://www.infoq.com/articles/practical-design-patterns-modern-ai-systems/
1•rbanffy•16m ago•0 comments

AI Could Help Humans Understand Animals

https://nautil.us/ai-could-help-humans-understand-animals-1211108/
1•rbanffy•16m ago•0 comments

Slopaganda

https://dbushell.com/2025/05/15/slopaganda/
1•ambigious7777•17m ago•0 comments

Implementing a Toy Optimizer (2022)

https://pypy.org/posts/2022/07/toy-optimizer.html
2•grep_it•23m ago•0 comments

Why are Truffles so expensive? Are they worth it? [video]

https://www.youtube.com/watch?v=KKddfnuQtd4
2•lawrenceyan•28m ago•0 comments

SDL3 examples: Full game and app demos

https://examples.libsdl.org/SDL3/demo/
2•xeonmc•29m ago•0 comments

Amazon-owned Zoox issues recall following robotaxi crash

https://techcrunch.com/2025/05/06/amazon-owned-zoox-issues-recall-following-robotaxi-crash/
3•PaulHoule•30m ago•0 comments

China Drops to No. 3 Holder of Treasuries, Falling Behind UK

https://www.bloomberg.com/news/articles/2025-05-16/china-falls-to-no-2-holder-of-treasuries-with-uk-on-the-rise
4•JumpCrisscross•31m ago•0 comments

Mice grow bigger brains when given this stretch of human DNA

https://www.nature.com/articles/d41586-025-01515-z
3•bookofjoe•32m ago•2 comments

US Credit Rating Cut by Moody's on Government Debt Increase

https://www.bloomberg.com/news/articles/2025-05-16/us-credit-rating-cut-by-moody-s-on-government-debt-increase
7•JumpCrisscross•33m ago•1 comments

Sloppy software is why you think you need new hardware

https://www.neowin.net/editorials/sloppy-software-is-why-you-think-you-need-new-hardware/
3•bundie•33m ago•0 comments

Moody's Ratings Downgrades United States Ratings to Aa1 from Aaa

https://www.moodys.com/web/en/us/about-us/usrating.html
4•ortusdux•35m ago•0 comments

When Should a SaaS App Implement SAML Authentication?

1•andy89•36m ago•0 comments

Top Priority for Pope Leo: Warn the World of the A.I. Threat

https://www.nytimes.com/2025/05/15/world/europe/pope-leo-artificial-intelligence.html
2•nanfinitum•37m ago•1 comments

A Skeptical Look at Grand Designs for the Future

https://undark.org/2025/05/16/book-review-more-everything-forever/
1•EA-3167•39m ago•0 comments

Coinbase says customers' personal information stolen in data breach

https://techcrunch.com/2025/05/15/coinbase-says-customers-personal-information-stolen-in-data-breach/
3•riffraff•40m ago•0 comments

Font Activations: A Note on the Type

https://robhorning.substack.com/p/font-activations
2•prismatic•40m ago•0 comments

Scaling Python Task Queues Effectively

https://judoscale.com/blog/scaling-python-task-queues
1•rbanffy•42m ago•0 comments

New Research Shows Online Ads Have Limited Impact on Consumer Valuation for Meta

https://www.heinz.cmu.edu/media/2024/August/new-research-shows-online-ads-have-limited-impact-on-consumer-valuations-for-facebook
1•dpflan•43m ago•0 comments

Environmentally-Beneficial Housing Exemption

https://cayimby.org/legislation/ab-609/
1•JumpCrisscross•47m ago•0 comments

Solving physics-based initial value problems with unsupervised machine learning

https://link.aps.org/doi/10.1103/PhysRevE.111.055302
1•opnac•48m ago•0 comments
Open in hackernews

Show HN: SQL-tString a t-string SQL builder in Python

https://github.com/pgjones/sql-tstring
67•pgjones•9h ago
SQL-tString is a SQL builder that utilises the recently accepted PEP-750, https://peps.python.org/pep-0750/, t-strings to build SQL queries, for example,

    from sql_tstring import sql
    
    val = 2
    query, values = sql(t"SELECT x FROM y WHERE x = {val}")
    assert query == "SELECT x FROM y WHERE x = ?"
    assert values == [2]
    db.execute(query, values)  # Most DB engines support this
The placeholder ? protects against SQL injection, but cannot be used everywhere. For example, a column name cannot be a placeholder. If you try this SQL-tString will raise an error,

    col = "x"
    sql(t"SELECT {col} FROM y")  # Raises ValueError
To proceed you'll need to declare what the valid values of col can be,

    from sql_tstring import sql_context
    
    with sql_context(columns="x"):
        query, values = sql(t"SELECT {col} FROM y")
    assert query == "SELECT x FROM y"
    assert values == []
Thus allowing you to protect against SQL injection.

As t-strings are format strings you can safely format the literals you'd like to pass as variables,

    text = "world"
    query, values = sql(t"SELECT x FROM y WHERE x LIKE '%{text}'")
    assert query == "SELECT x FROM y WHERE x LIKE ?"
    assert values == ["%world"]
This is especially useful when used with the Absent rewriting value.

SQL-tString is a SQL builder and as such you can use special RewritingValues to alter and build the query you want at runtime. This is best shown by considering a query you sometimes want to search by one column a, sometimes by b, and sometimes both,

    def search(
        *,
        a: str | AbsentType = Absent,
        b: str | AbsentType = Absent
    ) -> tuple[str, list[str]]:
        return sql(t"SELECT x FROM y WHERE a = {a} AND b = {b}")
    
    assert search() == "SELECT x FROM y", []
    assert search(a="hello") == "SELECT x FROM y WHERE a = ?", ["hello"]
    assert search(b="world") == "SELECT x FROM y WHERE b = ?", ["world"]
    assert search(a="hello", b="world") == (
        "SELECT x FROM y WHERE a = ? AND b = ?", ["hello", "world"]
    )
Specifically Absent (which is an alias of RewritingValue.ABSENT) will remove the expression it is present in, and if there an no expressions left after the removal it will also remove the clause.

The other rewriting values I've included are handle the frustrating case of comparing to NULL, for example the following is valid but won't work as you'd likely expect,

    optional = None
    sql(t"SELECT x FROM y WHERE x = {optional}")
Instead you can use IsNull to achieve the right result,

    from sql_tstring import IsNull

    optional = IsNull
    query, values = sql(t"SELECT x FROM y WHERE x = {optional}")
    assert query == "SELECT x FROM y WHERE x IS NULL"
    assert values == []
There is also a IsNotNull for the negated comparison.

The final feature allows for complex query building by nesting a t-string within the existing,

    inner = t"x = 'a'"
    query, _ = sql(t"SELECT x FROM y WHERE {inner}")
    assert query == "SELECT x FROM y WHERE x = 'a'"
This library can be used today without Python3.14's t-strings with some limitations, https://github.com/pgjones/sql-tstring?tab=readme-ov-file#pr..., and I've been doing so this year. Thoughts and feedback very welcome.

Comments

schultzer•8h ago
Not really sure what a t string is or if it’s a macro, but feel similar to https://github.com/elixir-dbvisor/sql but less elegant and ergonomic.
1_08iu•6h ago
t-strings (or template strings) are an upcoming Python 3.14 feature. They have similar syntax to f-strings (which were introduced in 3.6) except that they provide access to the string and the interpolated values (the bits inside the curly brackets) before they have been combined. Previously, something like

  db.query(f"SELECT * FROM table WHERE id={id};")
would have been vulnerable to the classic "bobby tables" SQL injection but t-strings allow for almost the same syntax (which is quite natural for Python programmers) without incurring a security risk.

If you are curious, t-strings have previously been discussed here (https://news.ycombinator.com/item?id=43748512 and https://news.ycombinator.com/item?id=43647716) and you can read the PEP that proposed their addition to the language (https://peps.python.org/pep-0750/).

sirfz•8h ago
Technically this enforces parameterized queries since all it does is basically return the parameterized query in the given db client dialect and the list of parameters. It could be useful for building a unified interface for all sql db clients for example (instead of having to remember whether parameters are %s or ? or {param}, etc). On the other hand, db clients can utilize t-strings to directly allow you to safely execute queries such as t"select * from table where id = {id}" without passing any extra parameters.
90s_dev•8h ago
Your library looks great. But a tangential rant about t-strings, using lexical scope for placeholder lookup is just a terrible, terrible design. It should be explicitly passed in a dictionary. I'm not sure why they made this decision.
jitl•8h ago
If they’re gonna do that why bother making a new concept? You could already build(normalString, someDict)

Like why make me state “A goes here, also the value of A is 1” when I can just say “1 goes here”? When I build an array or map, I just write the expression

{ key1: value1 }

I don’t need to write

build({ key1, value1 }, { “key1”: key1, “value1”: value1 })

Why should an sql literal be any different from an array or dictionary literal?

90s_dev•7h ago
Yeah in retrospect it's identical to what JavaScript does with string literals. I don't know what I was thinking.
90s_dev•5h ago
Oh wait I know why. It's because the PIP had no specialized syntax highlighting to show that it was getting the variables from scope. So I started reasoning about it differently than I do about JS string literals, rather lazily too, and ended up thinking of something like emacs's dynamic scope or something. Amazing what syntax highlighting does to how we think.
williamdclt•4h ago
No I think your point is valid, and is valid in JavaScript too.

Designing the “right” approach to look like the “wrong” approach (string concatenation) is a bad idea, however cute it is.

It’s annoying that the wrong thing is the more ergonomic one, but at least it jumps out at any dev with any experience, they know what sqli risk looks like. With templated strings, it’s not so obvious anymore.

90s_dev•3h ago
`...` and fn`...` in JavaScript are just syntactic sugar for function calls, the former for array.join(...) and the latter for fn(...) so there's no issue with these utilizing the current scope since that's what all function calls do.
williamdclt•3h ago
I might have misunderstood your point, but scoping isn’t related to what I’m trying to say.

What I’m saying is that, regardless of how it works, I don’t think string templating for SQL is a good idea because it looks almost exactly like string concatenation. It makes more difficult to distinguish beteeen the right approach and the wrong approach (or learn about it)

90s_dev•2h ago
No it was me who misunderstood you. And I kind of agree. I've never been a fan of tagged template literals. It gives you no autocompletion, no type checking, no syntax highlighting, nothing. And it requires a runtime string parser. I get why people like it, and maybe it's fine if you don't need those things and don't mind the cost of runtime parsing, but I need them and I do mind.
jitl•8h ago
How does the SQL parsing work for the rewrites like removing expressions? I have a project using some non-standard SQL features and we have quite complex queries going on, so the rewriting makes me a bit nervous. The great thing about tstrings for sql is that it’s a total escape from “magick” creating ineffable and unknown sql replacing with very straightforward what you see is what you get sql right in the source code.

Do you support templating a sql tstring into an sql tstring for composition?

I use that feature a lot with the roughly equivalent TypeScript sql`…` template literals for the NOT NULL thing and handling absence but it’s all ternaries in “user space”.

pgjones•7h ago
The presence of Absent removes the entire expression, and if that removal results in an empty clause (or group) it will remove that as well. For example if `a = Absent` `WHERE a = {a}` will remove everything, whereas `WHERE a = {a} AND b = {b}` will result in `WHERE b = {b}`.

> Do you support templating a sql tstring into an sql tstring for composition?

Yep

jitl•4h ago
How do you know what the expression is though? Don’t you need to be parsing the SQL? If I have non standard SQL somewhere upstream in the text how does the parser cope?
pgjones•3h ago
It does parse the SQL. At the moment an expression is defined as all the text between the appropriate separators given the clause.
schultzer•8h ago
Just took a quick look, and it seams like the parser is hand written which is great, but you probably want to build a lexer and parser based on the BNF grammar take a look at how I do it here https://github.com/elixir-dbvisor/sql/tree/main/lib and do conformance testing with https://github.com/elliotchance/sqltest
pgjones•7h ago
Thanks, do you have a reference for SQL grammar - I've had no success finding an official source.
schultzer•7h ago
You can google SQL grammar. But here is the 2025: https://standards.iso.org/iso-iec/9075/-2/ed-6/en/
pgjones•7h ago
Thank you! My Google foo did not find this.
westurner•5h ago
Ibis has sqlglot for parsing and rewriting SQL query graphs; and there's sql-to-ibis: https://github.com/ibis-project/ibis/issues/9529

sqlglot: https://github.com/tobymao/sqlglot :

> SQLGlot is a no-dependency SQL parser, transpiler, optimizer, and engine [written in Python]. It can be used to format SQL or translate between 24 different dialects like DuckDB, Presto / Trino, Spark / Databricks, Snowflake, and BigQuery. It aims to read a wide variety of SQL inputs and output syntactically and semantically correct SQL in the targeted dialects.

owlstuffing•7h ago
Languages should strive to type safely inline SQL and other structured data.

With Java the manifold project achieves this via compiler plugin. The manifold-sql[1] module provides inline, type safe, native SQL.

1.https://github.com/manifold-systems/manifold/blob/master/man...

schultzer•7h ago
If your language has macros you can get by as well https://github.com/elixir-dbvisor/sql
hombre_fatal•6h ago
I thought this was just going to be the same ol "where id = {id}" interpolation but dang, those are some crazy examples.

I can imagine the behavior takes some trial and error to figure out, but it looks like you can write a search() query that contains fully-loaded sql statement as if all facets were provided, yet you can make each facet optional and those expressions will get removed from the statement.

That would be much nicer than the traditional route of building up a where clause with a bunch of if-statements where it's very hard to understand what the final where clause might look like without print(statement).

I'd rather write the whole SQL statement upfront which this seems to let you do.

williamdclt•4h ago
> the traditional route of building up a where clause with a bunch of if-statements where it's very hard to understand what the final where clause might look like without print(statement).

Seems similar on this front? You also need to print the final SQL to understand what the query looks like, what conditions have been dropped etc.

What you write still isn’t the sql that’s actually executed, it’s some sort of template.

In general I find that the right approach is to avoid the conditional clauses altogether: instead of repository methods with many options, make several dedicated repository methods. You repeat a good amount of sql, but it’s so much simpler, easier to understand what’s happening, closer to the use-case, easier to optimise…

caturopath•6h ago
For any of you also confused by

    with sql_context(columns="x"):
        query, values = sql(t"SELECT {col} FROM y")
I think

1. this is relying on the `col = "x"` in the previous example

2. columns is a set of strings, so it might be sql_context(columns={"foo", "bar", "x"}) to allow those as valid options. It just happens that "x" is a collection supporting the `in` operator so it works much like the set {"x"} would.

2a. (You might hope that something would convert such a string to a singleton set, but I don't think it does, which would have weird results with a multi-letter string.)

pgjones•5h ago
Sorry that is a typo, I meant,

    with sql_context(columns={"x"}):
bencyoung•4h ago
Looks very nice but the Absent functionality seems like a potential foot gun to me, easy to remove an entire WHERE clause and blow up a whole table! If I have a filter in sql query it's because I really want it to be used!
ilyagr•3h ago
I think that, since you don't allow `sql(t"SELECT {a-1}")`, you should allow `sql(t"SELECT {}", a - 1)`, as long as that is possible with t-strings. This would be similar to Rust's `format!` then.
ilyagr•3h ago
Ah, apparently with real t-strings, `t"SELECT {a-1}"` should be allowed while `t"SELECT {}"` is not.

Here is Python master branch:

    Python 3.15.0a0 (heads/main:ea2d707bd5, May 16 2025, 12:20:56) [Clang 16.0.0 (clang-1600.0.26.6)] on darwin
    Type "help", "copyright", "credits" or "license" for more information.
    >>> t"Hello {a}"
    Traceback (most recent call last):
      File "<python-input-1>", line 1, in <module>
        t"Hello {a}"
                 ^
    NameError: name 'a' is not defined
    >>> a=3
    >>> t"Hello {a+5}"
    Template(strings=('Hello ', ''), interpolations=(Interpolation(8, 'a+5', None, ''),))
    >>> t"Hello {}"
      File "<python-input-6>", line 1
        t"Hello {}"
                 ^
    SyntaxError: t-string: valid expression required before '}'
badmonster•1h ago
I had a question about dynamic query fragments: is there a recommended way to compose larger queries from smaller pieces while preserving placeholder safety and avoiding manual string concatenation? For example, conditionally building WHERE clauses or joins from pre-defined fragments?