String Interpolation
Arafel
er.krali at gmail.com
Thu Oct 26 17:29:16 UTC 2023
On 26/10/23 18:25, Adam D Ruppe wrote:
> On Thursday, 26 October 2023 at 16:14:08 UTC, bachmeier wrote:
>> Why not this?
>
> https://en.wikipedia.org/wiki/String_interpolation#Security_issues
>
That's a weak argument. First, it's not specific to string interpolation:
> String interpolation, like string concatenation, may lead to security problems. If user input data is improperly escaped or filtered
Should we also restrict string concatenation? Of course you'll get SQL
injection if you don't sanitize strings!
What a security-conscious SQL function could do is not to accept normal
strings, only the raw tuples returned by the lowering.
But this doesn't mean you need to restrict other valid usages where
that's not a concern.
More information about the Digitalmars-d
mailing list