Revision as of 09:24, 5 June 2022 edit Mr248 (talk \| contribs) Extended confirmed users 1,865 edits →Next Generation Shell: remove section. we have no article on this language. no reliable sources cited. no evidence this language meets notability requirements for inclusion in Wikipedia ← Previous edit		Revision as of 04:45, 25 June 2022 edit undo BrownHairedGirl (talk \| contribs) Autopatrolled, Extended confirmed users, File movers, Pending changes reviewers, Rollbackers 2,942,733 edits Cleanup 1 reference: convert <ref>URL {{webarchive}}</ref> to <ref>{{cite web}}</ref>. NB: title etc is missing, and will display error msg Tag: AWB Next edit →
Line 1: {{short description\|Replacing placeholders in a string with values}} In [[computer programming]], '''string interpolation''' (or '''variable interpolation''', '''variable substitution''', or '''variable expansion''') is the process of evaluating a [[string literal]] containing one or more [[Form (document)#Placeholders\|placeholders]], yielding a result in which the placeholders are replaced with their corresponding values. It is a form of simple [[Template processor\|template processing]]<ref>"[http://www.cs.usfca.edu/~parrt/papers/mvc.templates.pdf Enforcing Strict Model-View Separation in Template Engines]", T. Parr (2004), WWW2004 conference.</ref> or, in formal terms, a form of [[quasi-quotation]] (or logic [[~~Substitution_~~Substitution (logic)\|substitution]] interpretation). The placeholder may be a variable name, or in some languages an arbitrary expression, in either case evaluated in the current [[Scope (computer science)\|context]]. String interpolation is an alternative to building string via [[concatenation]], which requires repeated quoting and unquoting;<ref>{{Cite web\|url=http://perlmeme.org/howtos/using_perl/interpolation.html\|title = Interpolation in Perl \|quote="This is much tidier than repeated uses of the '.' concatenation operator."}}</ref> or substituting into a [[printf format string]], where the variable is far from where it is used. Compare: Line 20: == Security issues == String interpolation, like string concatenation, may lead to security problems. If user input data is improperly escaped or filtered, the system will be exposed to [[SQL injection]], [[script injection]], [[XML External Entity Injection]] (XXE), and [[cross-site scripting]] (XSS) attacks.<ref>{{cite web \|url=http://google-caja.googlecode.com/svn/changes/mikesamuel/string-interpolation-29-Jan-2008/trunk/src/js/com/google/caja/interp/index.html#-autogen-id-1 ~~{{Webarchive~~\|title= \|website=google-caja.googlecode.com \|archive-url=https://web.archive.org/web/20121019065315/http://google-caja.googlecode.com/svn/changes/mikesamuel/string-interpolation-29-Jan-2008/trunk/src/js/com/google/caja/interp/index.html#-autogen-id-1 \|archive-date=2012-10-19 }}</ref> An SQL injection example: Line 456: * [[Quasi-quotation]] * [[String literal]] * [[~~Substitution_~~Substitution (logic)\|Substitution]] == Notes ==

String interpolation: Difference between revisions