How can I use f-string with a variable, not with a string literal?

Question

I want to use f-string with my string variable, not with string defined with a string literal, "...".

Here is my code:

name=["deep","mahesh","nirbhay"]
user_input = r"certi_{element}" # this string I ask from user  

for element in name:
    print(f"{user_input}")

This code gives output:

certi_{element}
certi_{element}
certi_{element}

But I want:

certi_{deep}
certi_{mahesh}
certi_{nirbhay}

How can I do this?

---

_{See also: How to postpone/defer the evaluation of f-strings?}

Answer 1

I recently (September 3, 2024) had a need to use a string variable holding an f-string to connect to a SQLite Cloud database, using information I wanted to keep private inside a .env file.

The template was part of the key/value pairs stored inside my .env file:

sqlite_cloud_connection_template = 'sqlitecloud://{project_name}:{port_number}/{database_name}?apikey={api_key}'
sqlite_cloud_project_name = 'YOUR PROJECT NAME'
sqlite_cloud_project_port = 'YOUR PORT NUMBER'
sqlite_cloud_db_name = 'YOUR DATABASE NAME'
sqlite_cloud_api_key = 'YOUR API KEY'

Inside a class called Settings (settings.py) I defined the following static method that calls other static methods to get the components needed to build the final string result:

    
    @classmethod
    def cloud_connection_string(cls) -> str:
        """ Return the SQLite Cloud connection string from its components using an f-string template.
        'sqlitecloud://{project_name}:{port_number}/{database_name}?apikey={api_key}'
        """
        return cls.cloud_connection_template().format(project_name=cls.cloud_project_name(),
                                                      port_number=cls.cloud_project_port(),
                                                      database_name=cls.database_name(),
                                                      api_key=cls.cloud_api_key())

The public repo is in GitLab here: Python Sqlite Cloud Example

Answer 2

This is what you’re looking for. Just change the last line of your original code:

name=["deep","mahesh","nirbhay"]
user_input = "certi_{element}" # this string I ask from user  

for element in name:
  print(eval("f'" + f"{user_input}" + "'"))

Answer 3

I was looking for something similar with your problem. I came across this other question's answer: https://stackoverflow.com/a/54780825/7381826

Using that idea, I tweaked your code:

user_input = r"certi_"

for element in name:
    print(f"{user_input}{element}")

And I got this result:

certi_deep
certi_mahesh
certi_nirbhay

If you would rather stick to the layout in the question, then this final edit did the trick:

for element in name:
    print(f"{user_input}" "{" f"{element}" "}")

Reading the security concerns of all other questions, I don't think this alternative has serious security risks because it does not define a new function with eval().

I am no security expert so please do correct me if I am wrong.

Answer 4

If you define:

def fstr(template):
    return eval(f"f'{template}'")

Then you can do:

name=["deep","mahesh","nirbhay"]
user_input = r"certi_{element}" # this string i ask from user  

for element in name:
    print(fstr(user_input))

Which gives as output:

certi_deep
certi_mahesh
certi_nirbhay

But be aware that users can use expressions in the template, like e.g.:

import os  # assume you have used os somewhere
user_input = r"certi_{os.environ}"

for element in name:
    print(fstr(user_input))

You definitely don't want this!

Therefore, a much safer option is to define:

def fstr(template, **kwargs):
    return eval(f"f'{template}'", kwargs)

Arbitrary code is no longer possible, but users can still use string expressions like:

user_input = r"certi_{element.upper()*2}"

for element in name:
    print(fstr(user_input, element=element))

Gives as output:

certi_DEEPDEEP
certi_MAHESHMAHESH
certi_NIRBHAYNIRBHAY

Which may be desired in some cases.

Answer 5

f"..." strings are great when interpolating expression results into a literal, but you don't have a literal, you have a template string in a separate variable.

You can use str.format() to apply values to that template:

name=["deep","mahesh","nirbhay"]
user_input = "certi_{element}" # this string i ask from user  

for value in name:
    print(user_input.format(element=value))

String formatting placeholders that use names (such as {element}) are not variables. You assign a value for each name in the keyword arguments of the str.format() call instead. In the above example, element=value passes in the value of the value variable to fill in the placeholder with the element.

Unlike f-strings, the {...} placeholders are not expressions and you can't use arbitrary Python expressions in the template. This is a good thing, you wouldn't want end-users to be able to execute arbitrary Python code in your program. See the Format String Syntax documenation for details.

You can pass in any number of names; the string template doesn't have to use any of them. If you combine str.format() with the **mapping call convention, you can use any dictionary as the source of values:

template_values = {
    'name': 'Ford Prefect',
    'number': 42,
    'company': 'Sirius Cybernetics Corporation',
    'element': 'Improbability Drive',
}

print(user_input.format(**template_values)

The above would let a user use any of the names in template_values in their template, any number of times they like.

While you can use locals() and globals() to produce dictionaries mapping variable names to values, I'd not recommend that approach. Use a dedicated namespace like the above to limit what names are available, and document those names for your end-users.

Answer 6

If you want the user to have access to your namespace, you can do that, but the consequences are entirely on you. Instead of using f-strings, you can use the format method to interpolate dynamically, with a very similar syntax.

If you want the user to have access to only a small number of specific variables, you can do something like

name=["deep", "mahesh", "nirbhay"]
user_input = "certi_{element}" # this string i ask from user  

for element in name:
    my_str = user_input.format(element=element)
    print(f"{my_str}")

You can of course rename the key that the user inputs vs the variable name that you use:

my_str = user_input.format(element=some_other_variable)

And you can just go and let the user have access to your whole namespace (or at least most of it). Please don't do this, but be aware that you can:

my_str = user_input.format(**locals(), **globals())

The reason that I went with print(f'{my_str}') instead of print(my_str) is to avoid the situation where literal braces get treated as further, erroneous expansions. For example, user_input = 'certi_{{{element}}}'