[OT] C# can do all the interpolated strings now

Steven Schveighoffer schveiguy at gmail.com
Thu Dec 9 14:18:35 UTC 2021


On 12/9/21 5:43 AM, deadalnix wrote:
> So I read the proposal for string interpolation in D, which I understand 
> to be this one: https://github.com/John-Colvin/YAIDIP
> 
> The immediate thing that stroke me is the shell example. The proposed 
> exemple is simply terrible code as it allows for shell injection.

It depends on the executeShell function that accepts interpolations. It 
could just text-ify the thing (convert to a string) or properly escape 
anything in the interpolation portions. Granted, the DIP does not 
discuss this possibility.

> 
> One of the motivating example is SQL prepared statements, but once 
> again, replacing this by the proposed string interpolation means SQL 
> injection.

No, it doesn't. This tells me you are missing something in your 
understanding of the proposal.

-Steve


More information about the Digitalmars-d mailing list