yet another string interp dip, simple edition

[Alexandru Ermicioi]

On Friday, 19 January 2024 at 10:07:38 UTC, cc wrote:
> Then it might be best not to allow any such practice of 
> injecting dynamic string data into a constructed string command 
> that will be fed into an interpreter that doesn't discriminate 
> between querying and manipulating data in the first place.  To 
> echo another poster, *that's SQL's problem*.😉

That is actually a problem for html templates as well, and any 
use case where a string template is desired to be used.

> Nothing wrong with saying "let's make this system a little 
> better", but how far is a language *really* obligated to go to 
> protect users from doing the same terrible thing they do in 
> every other language with a database interface known to have 
> some of the widest attack surfaces in history?  Not a 
> rhetorical question: I can see some advantage to D being able 
> to say "hey look, our string interpolation is THIS good, you 
> can do this with it and not get screwed!", but I can also see 
> it going too far and creating a wasteland of "can't have nice 
> things" because someone somewhere will carry on the same old 
> bad practices of shooting themselves in both feet with it.

Sloppy job is also a problem, and that is not related much to 
experience.

> Just my irrelevant 2 cents, anyway.  That ship has sailed, but 
> worth remembering for the next one to come into port, IMO.

Can't wait to try out dip1036e in reference compiler :). I guess 
we can stop this thread at this point of time.

Regards,
Alexandru.