The state of string interpolation

Neia Neutuladh neia at
Thu Dec 6 18:28:09 UTC 2018

On Thu, 06 Dec 2018 18:06:51 +0000, Adam D. Ruppe wrote:
> I would take it one step further and put the other stuff in a wrapped
> type from the compiler, so the function receiving it can static if and
> tell what it is, so
> i"foo $(foo)"
> would be
> tuple("foo ", FromInterpolation("foo", foo))

I was about to suggest wrapping the non-parameters in a Literal{} struct, 
but FromInterpolation makes more sense.

I was thinking about protecting against errors produced when you have to 
use an even/odd rule to figure out what's part of the literal and what's 
part of the interpolation:

    auto c = ");drop table foo;--";
    // whoops, forgot a comma
    db.exec("SELECT * FROM foo WHERE id IN ($a,$b$c)");
    db.prepare("SELECT * FROM foo WHERE id IN(?, ?);drop table foo;--?")
      .inject(a, b, ")");

With FromInterpolation, you'd be able to reliably come up with the correct 
SQL: "SELECT * FROM foo WHERE id IN (?, ??)". Which is invalid and would 
be rejected.

More information about the Digitalmars-d mailing list