The state of string interpolation

Adam D. Ruppe destructionator at
Thu Dec 6 18:06:51 UTC 2018

On Thursday, 6 December 2018 at 17:47:58 UTC, Andre Pany wrote:
> Does I understand your sql example right, although it looks 
> like it is prone for sql injection attacks, it isn't because 
> you evaluate the tuples and not use the string as whole?

Yeah, since it is tuples the function itself gets to manage how 
they are used, including doing some escaping, etc.

I would take it one step further and put the other stuff in a 
wrapped type from the compiler, so the function receiving it can 
static if and tell what it is, so

i"foo $(foo)"
would be

tuple("foo ", FromInterpolation("foo", foo))

so you can identify when something was passed vs being literally 
in the string. And it included the name as a string so we can do 
some other crazy stuff too.

i"foo $(a + b)"

FromInterpolation("a + b", a+b)

so you can then print

a + b = 4

i think that would be kinda cool - the stuff inside is passed as 
a code string. So really generally speaking it would be

tuple("string literal", FromInterpolation(code_as_string, 
mixin(code)), " more string literal"); // and so on

I think that would be seriously cool and quite useful. You can 
then see From Interpolation as a type in there and know to call 
sql escape or replace with ? and move the arg or whatever - the 
function can use it all with CT reflection.

More information about the Digitalmars-d mailing list