Interpolated strings and SQL
Timon Gehr
timon.gehr at gmx.ch
Thu Jan 11 20:25:36 UTC 2024
On 1/10/24 00:21, Walter Bright wrote:
> ...
The other points I think have been adequately addressed already.
>> You are right, it doesn’t. Timon’s point (expressed as “This does not
>> work”) is that DIP1036 is able to do validation at compile time while
>> DIP1027 is only able to do it at runtime, when this function actually
>> gets invoked.
>
> The only validation it does is check for nested string interpolations.
That is not true in the least. It validates conclusively that no SQL
injection attack is going on. This is the main feature of the example!
More information about the Digitalmars-d
mailing list