String Interpolation
duckchess
duckchess at chess.com
Fri Oct 27 11:44:48 UTC 2023
On Thursday, 26 October 2023 at 16:25:26 UTC, Adam D Ruppe wrote:
> On Thursday, 26 October 2023 at 16:14:08 UTC, bachmeier wrote:
>> Why not this?
>
> https://en.wikipedia.org/wiki/String_interpolation#Security_issues
I'd argue that this is a problem of the sql library accepting a
string in the first place, not a problem of string interpolation
resulting in a string.
not having implicit to string conversion doesnt prevent someone
from doing
```sql_exec(i"...".text);```
i would have prefered a way to write sql"" instead of sql!i"" but
ultimately it doesn't matter that much.
the difference of your dip to macros is that we are stuck with
whatever syntax we pick for the capture, so probably ${}, so not
big of a deal.
and if we wanted we could still introduce a rewrite of sql"" into
sql!i"" later.
More information about the Digitalmars-d
mailing list