Talk:String interpolation

showing hexadecimal characters
The PHP example uses a  /x41   ('41'x)   and indicates it should show a capital A. This would be true only for ASCII computers, not for EBCDIC. -- GerardSchildberger (talk) 20:23, 23 December 2012 (UTC)

suggestion about ordering the languages
As more languages are added to the list, should they be placed in alphabetic order to make finding/perusing them easier? -- GerardSchildberger (talk) 20:35, 23 December 2012 (UTC)

Security issues - nothing to do with string interpolation
I think the section in security issues should be removed. The reason is that it has nothing to do with string interpolation. You get the same problem when you do simple concatenation (as it already says in the article) ie:

No difference at all. So actually I'm just going to remove the section myself right now. Fresheneesz (talk) 10:21, 27 December 2012 (UTC)
 * So I decided not to remove it myself, I want to get a second on this. If someone else agrees with me, I urge you to remove the section. Fresheneesz (talk) 10:23, 27 December 2012 (UTC)

Don't remove. It's a huge security issue. Concatenation is a runtime code execution security hole. String interpolation is a static text data security hole. A string interpolation problem could lie dormant in a database field for _years_ until it's finally triggered. Also, depending on the language or data form, the string interpolation could be _nested_, recursively expanding into something very nasty and totally opaque to surface analysis. Concatenation is like A=B+C, whereas string interpolation is like A=function(B,C), where function could be defined to be anything. Damon Simms (talk) 04:18, 19 March 2014 (UTC)


 * I agree with the O.P.. Nobody doubts that this (i.e., incompetent programmers who insert user-provided strings in code to be executed) is indeed a huge security hole. But this is not the subject of the article! As the O.P. says, if you concatenate (or simply exec) user-provided code then you will always have the same problem. The problem is not string interpolation, but missing conversions: $id should be an integer, in which case this it 100% safe. If strings are required, then 'addslashes' or similar must be added. Not doing so is nothing else than a programming error. The first search for "o'neil" or similar would reveal this error. A careless programmer has dozens of other ways to wipe out or corrupt the database himself. &mdash; MFH:Talk 02:41, 4 February 2019 (UTC)

Merge with Variable interpolation
Seems these two (String interpolation and Variable interpolation) are about the same topic ... --Krauss (talk) 09:33, 12 August 2014 (UTC)

Voting

 * Yes, merge it. --Krauss (talk) 09:27, 12 August 2014 (UTC)
 * Yes. François Robere (talk) 19:00, 12 August 2014 (UTC)

Ok, MERGED. Please review. --Krauss (talk) 05:41, 16 August 2014 (UTC)
 * Reviewed. Well done. François Robere (talk) 12:59, 17 August 2014 (UTC)

Next step...
Seems these three (String interpolation, Variable interpolation, and Printf format string) are about the same topic, give or take specifics (eg.  being a specific implementation). Suggest merge, unless anyone can show they are actually distinct, or otherwise warrant separate articles. François Robere (talk) 12:27, 15 May 2014 (UTC)
 * I think printf is an article about a "de facto standard" and its evolution. So, is a separeted content. --Krauss (talk) 09:33, 12 August 2014 (UTC)
 * I agree. However, it does have some content in the "timeline" section that is better suited to a more general article on string interpolation - more specifically, the pre-C and Lisp string interpolation examples (the article will also have to be renamed, but that's a separate issue). François Robere (talk) 20:15, 12 August 2014 (UTC)

Legacy content
FROM OLD Talk:Variable_interpolation, after MERGE. --Krauss (talk) 05:41, 16 August 2014 (UTC)

Uses of variable interpolation
"Here, Interpolation can be used in the best way"

The best way is creating 15 separate variables when arrays should instead be used? I doubt that's the best use of variable interpolation. Text replacement seems the most common and effective use of this tool. Generating 15 variables when more efficient programming constructs are available is not "the best way".

Unfortunately, I don't have subject-matter expertise and am thus hesitant to modify the article.Pritchard 21:43, 27 July 2012 (UTC) — Preceding unsigned comment added by TheAdventMaster (talk • contribs)

TODO
The following additions would enhance the article.


 * Give examples of more widely differing interpolation schemes, and contrast their different properties, such as the following.
 * Escaping: escaping rules allow the introducing character ($) to stand for itself; not all interpolation schemes have complete support for such escaping.
 * Windows shell '%foo%' notation: the special character goes at both the start and the end of the name.
 * Recursive expansion: interpolation in the C preprocessor #define syntax is recursively expanded until no more expansion occurs, while most schemes are not.
 * The #define syntax also doesn't use an introducing character, but identifies 'variable' names in a different way. — Preceding unsigned comment added by 94.119.4.169 (talk) 08:36, 11 June 2013 (UTC)

Misleading PHP example
The PHP example implies that only "${apples}" is valid (for the braces variant). Most other examples will use the equivalent of "{$apples}" (the "$" inside the braces).

The first is using the so-called "simple syntax".

Whereas "{$apples}" is an example of the so-called "complex syntax".

I suggest to add something to this effect.

--Mortense (talk) 20:52, 29 November 2019 (UTC)

None of the python examples are correct
The examples in the main section specify, but they don't seem to be valid Python. Here is what happens when I paste the code into my Python REPL (3.10.10):

As you can see, none of the three examples work as expected. The first one prints the string without interpolation, the second one raises a TypeError, and the third one prints out the two strings separately.

Are these examples meant to be a different language?

Novemellow (talk) 16:28, 18 May 2023 (UTC)


 * The code snippet is meant to illustrate the difference between interpolation, concatenation and format strings. It's not valid in any programming language. Dexxor (talk) 19:41, 18 May 2023 (UTC)
 * Ah, I see. But, providing an example that's valid is possible. It makes more sense to provide a valid one. Novemellow (talk) 19:34, 23 May 2023 (UTC)
 * I have updated the code snippet to be valid. I chose changing the code to Ruby because with Ruby, we can easily demonstrate the c-style format string. Novemellow (talk) 19:57, 23 May 2023 (UTC)