[thrashh]

You can probably do it trivially in any language with operator overloading or a very expressive type system

However you would also probably want a language with some syntactic sugar that let users use your special string type easily otherwise the burden on users will be too high

[hxtk]

> However you would also probably want a language with some syntactic sugar that let users use your special string type easily otherwise the burden on users will be too high

In the instance under discussion in that section of the book I'm referencing, allowing the user to instantiate the special string type was precisely the behavior intended to avoid. The idea being that in the following three examples, the first succeeds and the rest fail at compile time:

    Query("SELECT * FROM Users WHERE id = ?;")
    
    id := "6"; Query("SELECT * FROM Users WHERE id = " + id + ";")

    id := 6; Query(fmt.Sprintf("SELECT * FROM Users WHERE id = %d;", id))

[thrashh]

But the output is actually effectively emitting special string types (or flags on the main string type — whatever) in the background transparently (either at compile-time or runtime). And that’s possible due to a language design with sufficiently expressive typing with good syntactic sugar.

I’m talking about the alternative world where people use tainted strings and have to manually taint or untaint strings explicitly everywhere and that is nuts. You have to do that when your language has nothing to help you with. If you have to resort to that, I think you need to give up.

[hxtk]

Ah, I see, it sounds like you're talking about how you'd implement that in other languages that don't have a solution as a trivial property of the type system. I'd missed that before.