The state of string interpolation
Adam D. Ruppe
destructionator at gmail.com
Thu Dec 6 18:06:51 UTC 2018
On Thursday, 6 December 2018 at 17:47:58 UTC, Andre Pany wrote:
> Does I understand your sql example right, although it looks
> like it is prone for sql injection attacks, it isn't because
> you evaluate the tuples and not use the string as whole?
Yeah, since it is tuples the function itself gets to manage how
they are used, including doing some escaping, etc.
I would take it one step further and put the other stuff in a
wrapped type from the compiler, so the function receiving it can
static if and tell what it is, so
i"foo $(foo)"
would be
tuple("foo ", FromInterpolation("foo", foo))
so you can identify when something was passed vs being literally
in the string. And it included the name as a string so we can do
some other crazy stuff too.
i"foo $(a + b)"
FromInterpolation("a + b", a+b)
so you can then print
a + b = 4
i think that would be kinda cool - the stuff inside is passed as
a code string. So really generally speaking it would be
tuple("string literal", FromInterpolation(code_as_string,
mixin(code)), " more string literal"); // and so on
I think that would be seriously cool and quite useful. You can
then see From Interpolation as a type in there and know to call
sql escape or replace with ? and move the arg or whatever - the
function can use it all with CT reflection.
More information about the Digitalmars-d
mailing list