[OT] C# can do all the interpolated strings now
Steven Schveighoffer
schveiguy at gmail.com
Thu Dec 9 14:18:35 UTC 2021
On 12/9/21 5:43 AM, deadalnix wrote:
> So I read the proposal for string interpolation in D, which I understand
> to be this one: https://github.com/John-Colvin/YAIDIP
>
> The immediate thing that stroke me is the shell example. The proposed
> exemple is simply terrible code as it allows for shell injection.
It depends on the executeShell function that accepts interpolations. It
could just text-ify the thing (convert to a string) or properly escape
anything in the interpolation portions. Granted, the DIP does not
discuss this possibility.
>
> One of the motivating example is SQL prepared statements, but once
> again, replacing this by the proposed string interpolation means SQL
> injection.
No, it doesn't. This tells me you are missing something in your
understanding of the proposal.
-Steve
More information about the Digitalmars-d
mailing list