Jump to content

Talk:String interpolation

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia

showing hexadecimal characters

[edit]

The PHP example uses a   /x41   ('41'x)   and indicates it should show a capital A.
This would be true only for ASCII computers, not for EBCDIC. -- GerardSchildberger (talk) 20:23, 23 December 2012 (UTC)[reply]

suggestion about ordering the languages

[edit]

As more languages are added to the list, should they be placed in alphabetic order to make finding/perusing them easier? -- GerardSchildberger (talk) 20:35, 23 December 2012 (UTC)[reply]

Security issues - nothing to do with string interpolation

[edit]

I think the section in security issues should be removed. The reason is that it has nothing to do with string interpolation. You get the same problem when you do simple concatenation (as it already says in the article) ie:

 query = "SELECT x, y, z FROM Table WHERE id='".$id."' ";

No difference at all. So actually I'm just going to remove the section myself right now. Fresheneesz (talk) 10:21, 27 December 2012 (UTC)[reply]

So I decided not to remove it myself, I want to get a second on this. If someone else agrees with me, I urge you to remove the section. Fresheneesz (talk) 10:23, 27 December 2012 (UTC)[reply]

Don't remove. It's a huge security issue. Concatenation is a runtime code execution security hole. String interpolation is a static text data security hole. A string interpolation problem could lie dormant in a database field for _years_ until it's finally triggered. Also, depending on the language or data form, the string interpolation could be _nested_, recursively expanding into something very nasty and totally opaque to surface analysis. Concatenation is like A=B+C, whereas string interpolation is like A=function(B,C), where function could be defined to be anything. Damon Simms (talk) 04:18, 19 March 2014 (UTC)[reply]

I agree with the O.P.. Nobody doubts that this (i.e., incompetent programmers who insert user-provided strings in code to be executed) is indeed a huge security hole. But this is not the subject of the article! As the O.P. says, if you concatenate (or simply exec()) user-provided code then you will always have the same problem. The problem is not string interpolation, but missing conversions: $id should be an integer, in which case this it 100% safe. If strings are required, then 'addslashes()' or similar must be added. Not doing so is nothing else than a programming error. The first search for "o'neil" or similar would reveal this error. A careless programmer has dozens of other ways to wipe out or corrupt the database himself. — MFH:Talk 02:41, 4 February 2019 (UTC)[reply]

Seems these two (String interpolation and Variable interpolation) are about the same topic ... --Krauss (talk) 09:33, 12 August 2014 (UTC)[reply]

Voting

[edit]

Ok, MERGED. Please review. --Krauss (talk) 05:41, 16 August 2014 (UTC)[reply]

Reviewed. Well done. François Robere (talk) 12:59, 17 August 2014 (UTC)[reply]

Next step...

[edit]

Seems these three (String interpolation, Variable interpolation, and Printf format string) are about the same topic, give or take specifics (eg. printf being a specific implementation). Suggest merge, unless anyone can show they are actually distinct, or otherwise warrant separate articles. François Robere (talk) 12:27, 15 May 2014 (UTC)[reply]

I think printf is an article about a "de facto standard" and its evolution. So, is a separeted content. --Krauss (talk) 09:33, 12 August 2014 (UTC)[reply]
I agree. However, it does have some content in the "timeline" section that is better suited to a more general article on string interpolation - more specifically, the pre-C and Lisp string interpolation examples (the article will also have to be renamed, but that's a separate issue). François Robere (talk) 20:15, 12 August 2014 (UTC)[reply]

Legacy content

[edit]

FROM OLD Talk:Variable_interpolation, after MERGE. --Krauss (talk) 05:41, 16 August 2014 (UTC)[reply]

Uses of variable interpolation

[edit]

"Here, Interpolation can be used in the best way"

The best way is creating 15 separate variables when arrays should instead be used? I doubt that's the best use of variable interpolation. Text replacement seems the most common and effective use of this tool. Generating 15 variables when more efficient programming constructs are available is not "the best way".

Unfortunately, I don't have subject-matter expertise and am thus hesitant to modify the article.Pritchard 21:43, 27 July 2012 (UTC) — Preceding unsigned comment added by TheAdventMaster (talkcontribs)

TODO

[edit]

The following additions would enhance the article.

  • Give examples of more widely differing interpolation schemes, and contrast their different properties, such as the following.
  • Escaping: escaping rules allow the introducing character ($) to stand for itself; not all interpolation schemes have complete support for such escaping.
  • Windows shell '%foo%' notation: the special character goes at both the start and the end of the name.
  • Recursive expansion: interpolation in the C preprocessor #define syntax is recursively expanded until no more expansion occurs, while most schemes are not.
  • The #define syntax also doesn't use an introducing character, but identifies 'variable' names in a different way. — Preceding unsigned comment added by 94.119.4.169 (talk) 08:36, 11 June 2013 (UTC)[reply]

Misleading PHP example

[edit]

The PHP example implies that only "${apples}" is valid (for the braces variant). Most other examples will use the equivalent of "{$apples}" (the "$" inside the braces).

The first is using the so-called "simple syntax".

Whereas "{$apples}" is an example of the so-called "complex syntax".

I suggest to add something to this effect.

--Mortense (talk) 20:52, 29 November 2019 (UTC)[reply]

None of the python examples are correct

[edit]

The examples in the main section specify lang="python", but they don't seem to be valid Python. Here is what happens when I paste the code into my Python REPL (3.10.10):

>>> apples = 4
>>> print("I have ${apples} apples.") # string interpolation
I have ${apples} apples.
>>> print("I have " + apples + " apples.") # string concatenation
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
TypeError: can only concatenate str (not "int") to str
>>> print("I have %s apples.", apples) # format string
I have %s apples. 4

As you can see, none of the three examples work as expected. The first one prints the string without interpolation, the second one raises a TypeError, and the third one prints out the two strings separately.

Are these examples meant to be a different language?

Novemellow (talk) 16:28, 18 May 2023 (UTC)[reply]

The code snippet is meant to illustrate the difference between interpolation, concatenation and format strings. It's not valid in any programming language. Dexxor (talk) 19:41, 18 May 2023 (UTC)[reply]
Ah, I see. But, providing an example that's valid is possible. It makes more sense to provide a valid one. Novemellow (talk) 19:34, 23 May 2023 (UTC)[reply]
I have updated the code snippet to be valid. I chose changing the code to Ruby because with Ruby, we can easily demonstrate the c-style format string. Novemellow (talk) 19:57, 23 May 2023 (UTC)[reply]