interpolation proposals and safety

Adam D Ruppe destructionator at gmail.com
Fri Aug 30 13:46:48 UTC 2024 

On Friday, 30 August 2024 at 11:18:10 UTC, kdevel wrote:
> Ideally compilation of such unadorned writes would fail.

for what its worth, after starting to use this more, I'm actually 
inclined to agree with you.

The idea behind 1036e is that it allows the language to provide 
the pieces that library authors can use to make things that do 
the right thing. Two existing library functions work with it out 
of the box in a reasonably good way: std.conv.text and 
std.stdio.writeln.

I've seen people in the wild using std.conv.text to do things 
like make sql queries - exactly what you're not supposed to do. 
We want some way to do a toString, but it should be a bit of a 
pain: doing it the right thing should be the easy way. Some of 
this is just because library support is still a bit immature - I 
still haven't even put it in place in all the places arsd wants 
it - but part of it means committing to the change too.

So like we currently have `db.query(string, args...)` and... 
maybe that should be deprecated, so people stop trying to do 
`db.query(text(istring))`. Maybe text(istring) itself should be 
deprecated. It is some breakage though that requires users update 
their compiler so that makes it more complicated. Also, you 
sometimes DO want a runtime string, so it probably more of a 
rename than a remove.

I didn't think about using writeln directly in a cgi context. 
There's MUCH better ways to make cgi programs! And much better 
ways to construct html too. And those libraries tend to make you 
be more careful with these cases. But indeed, writeln bypasses 
all that. I do think this is a harder case though... outright 
banning writeln in these cases isn't super realistic so the 
question is where you balance people's capability of doing it 
wrong with the flexibility to build anything on top at all.

A lot of it comes back to making the better way the easy way: use 
my cgi library, and `cgi.write(i"istring")` is a compile error. 
But it still doesn't prevent you from bypassing the library and 
doing it wrong. Still, my feeling is if you make the right way 
just as easy as the wrong way, at least it helps point people the 
right way.

More information about the Digitalmars-d mailing list