Hacker News new | past | comments | ask | show | jobs | submit login

You're framing this as a question of syntax preference, but actually the whole point of template tags is to cater to a very specific need: the ability to sanitize an interpolated value.

In this specific example, let's say you have:

    sql.from`book`.return`distinct ${field}`
You don't want a sql injection to occur if somehow `field = 'author'; drop table book; --` or similar.

With a plain function call, the library would have no way of knowing what to sanitize.

    sql.from('book').return(`distinct ${field}`) // hello security hole
And without template tags, the API would arguably look more complex, and require the user to discover/learn an ad-hoc interpolation DSL:

    sql.from('book').return('distinct ${field}', {field})
You can still target the template tag's raw API requirements without the syntax (though you'd lose readability with multiple interpolations):

    sql.from('book').return(['distinct'], field)



Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: