The state of string interpolation
Neia Neutuladh
neia at ikeran.org
Thu Dec 6 18:28:09 UTC 2018
On Thu, 06 Dec 2018 18:06:51 +0000, Adam D. Ruppe wrote:
> I would take it one step further and put the other stuff in a wrapped
> type from the compiler, so the function receiving it can static if and
> tell what it is, so
>
> i"foo $(foo)"
> would be
>
> tuple("foo ", FromInterpolation("foo", foo))
I was about to suggest wrapping the non-parameters in a Literal{} struct,
but FromInterpolation makes more sense.
I was thinking about protecting against errors produced when you have to
use an even/odd rule to figure out what's part of the literal and what's
part of the interpolation:
auto c = ");drop table foo;--";
// whoops, forgot a comma
db.exec("SELECT * FROM foo WHERE id IN ($a,$b$c)");
->
db.prepare("SELECT * FROM foo WHERE id IN(?, ?);drop table foo;--?")
.inject(a, b, ")");
With FromInterpolation, you'd be able to reliably come up with the correct
SQL: "SELECT * FROM foo WHERE id IN (?, ??)". Which is invalid and would
be rejected.
More information about the Digitalmars-d
mailing list