Jump to content

Talk:String interpolation

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Krauss (talk | contribs) at 09:35, 12 August 2014 (Merge with Variable interpolation). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

showing hexadecimal characters

The PHP example uses a   /x41   ('41'x)   and indicates it should show a capital A.
This would be true only for ASCII computers, not for EBCDIC. -- GerardSchildberger (talk) 20:23, 23 December 2012 (UTC)[reply]

suggestion about ordering the languages

As more languages are added to the list, should they be placed in alphabetic order to make finding/perusing them easier? -- GerardSchildberger (talk) 20:35, 23 December 2012 (UTC)[reply]

Security issues - nothing to do with string interpolation

I think the section in security issues should be removed. The reason is that it has nothing to do with string interpolation. You get the same problem when you do simple concatenation (as it already says in the article) ie: 

 query = "SELECT x, y, z FROM Table WHERE id='".$id."' ";

No difference at all. So actually I'm just going to remove the section myself right now. Fresheneesz (talk) 10:21, 27 December 2012 (UTC)[reply]

So I decided not to remove it myself, I want to get a second on this. If someone else agrees with me, I urge you to remove the section. Fresheneesz (talk) 10:23, 27 December 2012 (UTC)[reply]

Don't remove. It's a huge security issue. Concatenation is a runtime code execution security hole. String interpolation is a static text data security hole. A string interpolation problem could lie dormant in a database field for _years_ until it's finally triggered. Also, depending on the language or data form, the string interpolation could be _nested_, recursively expanding into something very nasty and totally opaque to surface analysis. Concatenation is like A=B+C, whereas string interpolation is like A=function(B,C), where function could be defined to be anything. Damon Simms (talk) 04:18, 19 March 2014 (UTC)[reply]

Merge with Variable interpolation

Seems these two (String interpolation and Variable interpolation) are about the same topic ... --Krauss (talk) 09:33, 12 August 2014 (UTC)[reply]

Voting

Next step...

Seems these three (String interpolation, Variable interpolation, and Printf format string) are about the same topic, give or take specifics (eg. printf being a specific implementation). Suggest merge, unless anyone can show they are actually distinct, or otherwise warrant separate articles. François Robere (talk) 12:27, 15 May 2014 (UTC)[reply]

I think printf is an article about a "de facto standard" and its evolution. So, is a separeted content. --Krauss (talk) 09:33, 12 August 2014 (UTC)[reply]
Retrieved from "https://en.wikipedia.org/w/index.php?title=Talk:String_interpolation&oldid=620892445"