The state of string interpolation...one year later

Olivier FAURE couteaubleu at gmail.com
Mon Mar 18 09:05:33 UTC 2019


On Sunday, 17 March 2019 at 14:01:36 UTC, ag0aep6g wrote:
> Either way, you likely got yourself an HTML injection.
>
> That might be the crux of string interpolation: It looks nice 
> in simple examples, but is it still nice when you need to 
> encode your variables for the output?

One way to deal with these cases would be to have an alternate 
string interpolation syntax for format string, eg:

     fi"SELECT $field FROM $table"

is lowered to

     "SELECT %s FROM %s", field, table

Other alternatives have been suggested (eg interpolation creating 
delegates that can be passed at compile time), but I think the 
above solution is the most KISS and elegant.

It encourages robust design, where the only argument parsed is 
the first one and every other argument is sanitized by default.


More information about the Digitalmars-d mailing list