The state of string interpolation
Steven Schveighoffer
schveiguy at gmail.com
Thu Dec 6 18:30:14 UTC 2018
On 12/6/18 1:06 PM, Adam D. Ruppe wrote:
> On Thursday, 6 December 2018 at 17:47:58 UTC, Andre Pany wrote:
>> Does I understand your sql example right, although it looks like it is
>> prone for sql injection attacks, it isn't because you evaluate the
>> tuples and not use the string as whole?
>
> Yeah, since it is tuples the function itself gets to manage how they are
> used, including doing some escaping, etc.
>
> I would take it one step further and put the other stuff in a wrapped
> type from the compiler, so the function receiving it can static if and
> tell what it is, so
>
> i"foo $(foo)"
> would be
>
> tuple("foo ", FromInterpolation("foo", foo))
>
>
> so you can identify when something was passed vs being literally in the
> string. And it included the name as a string so we can do some other
> crazy stuff too.
>
> i"foo $(a + b)"
>
> FromInterpolation("a + b", a+b)
>
> so you can then print
>
> a + b = 4
>
>
> i think that would be kinda cool - the stuff inside is passed as a code
> string. So really generally speaking it would be
>
>
> tuple("string literal", FromInterpolation(code_as_string, mixin(code)),
> " more string literal"); // and so on
>
>
> I think that would be seriously cool and quite useful. You can then see
> From Interpolation as a type in there and know to call sql escape or
> replace with ? and move the arg or whatever - the function can use it
> all with CT reflection.
It would be useful, but I don't like the mechanism. It requires you have
a lot more machinery to deal with the paramters, where as now it Just
Works with things like writeln.
It could be an extra piece of data that is accessible from the
compile-time tuple:
foo(i"a + b = $(a+b));
void foo(Params...)(Params p) {
static assert(__traits(getInterpolation, p[1]) == "a+b");
static assert(__traits(getInterpolation, p) == AliasSeq!("a + b = ",
"a+b"));
}
Maybe __traits(getInterpolation, ...) returns empty sequence for
non-interpolated portions? Or maybe it's an error?
Just thought of a cool other possibility, if the aliases are accessible
in the function:
@formatSpec("%x") int a;
writeln(i"a is $a"); -> prints hex version of `a`
The downside of this is that there is potentially a separate
instantiation for when string interpolation is used, vs. when the
parameters are passed normally. Maybe that means it requires you use
compile-time arguments. A small price to pay I would think.
-Steve
More information about the Digitalmars-d
mailing list