| HN Mirror

Y	Hacker News new \| ask \| show \| jobs


	by paulddraper 998 days ago
	...at what cost tho

1 comments

capableweb 998 days ago

The JEP makes it kind of clear:

> trading off a small amount of convenience to gain a large amount of safety

link

paulddraper 998 days ago

*large

*small

link

bcrosby95 998 days ago

You can create json and sql string template processors that suffer from no injection problems. I'd call that a large improvement over, for example, Javascript. But I'm not familiar enough with the string template feature in the other languages to comment on their relative security.

link

paulddraper 998 days ago

> You can create json and sql string template processors that suffer from no injection problems. I'd call that a large improvement over, for example, Javascript.

Bad example. JavaScript literally has that (ever since ES6). [1]

  function sql(strings, ...args) {
    // ...
  }

  sql`SELECT * FROM user WHERE email = $1`

[1] https://developer.mozilla.org/en-US/docs/Web/JavaScript/Refe...

link

5e92cb50239222b 998 days ago

This is a solved problem in .NET, and C# only has one kind of string templating:

  FormattableString foo = $"select * from {table} where {column} = 42";

https://learn.microsoft.com/en-us/ef/core/querying/sql-queri...

link

kaba0 998 days ago

Not sure if C# can do that, but java’s implementation can return an arbitrary object based on the templates/parameters.

link