[OT] C# can do all the interpolated strings now
Ola Fosheim Grøstad
ola.fosheim.grostad at gmail.com
Thu Dec 9 13:03:21 UTC 2021
On Thursday, 9 December 2021 at 12:43:31 UTC, Adam D Ruppe wrote:
> On Thursday, 9 December 2021 at 10:43:07 UTC, deadalnix wrote:
>> So I read the proposal for string interpolation in D, which I
>> understand to be this one:
>> https://github.com/John-Colvin/YAIDIP
>>
>> The immediate thing that stroke me is the shell example. The
>> proposed exemple is simply terrible code as it allows for
>> shell injection.
>
> You say you read it, then say something that is blatantly false
> about it.
>
> This dip does NOT produce strings. It produces argument lists.
> The receiving function knows what was part of the string
> literal and what were arguments and can process them
> accordingly.
But don't you think it would be better if you could write:
```
sql"SELECT x,y,z FROM {something} FROM {condition}"
```
Then have a user provided custom compile time function check the
string and wrap ```something``` and ```condition``` with the
proper escape-functions. Then you could pass it anywhere you want
as a properly typed SqlStatement. All you need is something like:
```
SqlStatement string_interpolation(string!"sql" s){
…
}
```
Which is called when a ```sql"…"``` literal fails to convert,
that allows libraries to override the default
```string_interpolation```.
You could let ```string!"sql"``` be a subtype of ```string``` for
ease of use.
Just one possibility that is much more flexible and safer as it
actually is *typed*. D should aim for generic programming within
the current framework, not add new weird special cases (tuples
are bad enough, no need to have more of that).
More information about the Digitalmars-d
mailing list