String interpolation

From Wikipedia, the free encyclopedia
Jump to: navigation, search

In computer programming, string interpolation or variable interpolation (also variable substitution or variable expansion) is the process of evaluating a string literal containing one or more placeholders, yielding a result in which the placeholders are replaced with their corresponding values. It is a form of simple template processing.[1] or, in formal terms, a form of Quasi-quotation (or logic substitution interpretation). String interpolation allows for easier and more intuitive string formatting and content-specification compared with string concatenation.[2]

String interpolation is common in many programming languages which make heavy use of string representations of data, such as C, Perl, PHP, Python, Ruby, Scala and Swift, and most Unix shells. Two modes of literal expression are usually offered: one with interpolation enabled, the other without ("raw string"). Placeholders are usually represented by a bare or a named sigil, (typically $ or %), eg. $placeholder or %123. Expansion of the string usually occurs at run time

Variations[edit]

Some languages do not offer string interpolation, instead offering a standard function where one parameter is the printf format string, and other(s) provide the values for each placeholder.

Ruby uses the "#" symbol for interpolation, and allows one to interpolate any expression, not just variables. Other languages may support more advanced interpolation with a special formatting function, such as printf, in which the first argument, the format, specifies the pattern in which the remaining arguments are substituted.

Algorithms[edit]

There are two main types of "expand variable" algorithms for variable interpolation:[3]

  1. Replace and exapand placeholders: creating a new string from the original one, by find-replace operations. Find variable-reference (placeholder), replace it by its variable-value. This algorithm offers no cache strategy.
  2. Split and join string: splitting the string into an array, and merging it with the corresponding array of values; then join itens by concatenation. The splitted string can be cached to reuse.

Security issues[edit]

String Interpolation, like string concatenation, may lead to security problems. When failed to properly escape or filter user input data, system will expose to SQL injection, script injection, XML External Entity Injection (XXE), and cross-site scripting (XSS) attacks.[4]

An example of SQL injection will be like this:

query = "SELECT x, y, z FROM TABLE WHERE id='$id' "

If $id is replaced with "'; DELETE FROM TABLE; SELECT * FROM TABLE WHERE id='", executing this query will wipe out all the data in Table.

Examples[edit]

The following Perl code works identically in PHP:

$name = "Alice";
print "${name} said Hello World to the crowd of people.";

produces the output: Alice said Hello World to the crowd of people.

Boo[edit]

apples = 4
print("I have $(apples) apples")
# or
print("I have {0} apples" % apples)

The output will be:

I have 4 apples

C# .NET[edit]

apples = 4;
System.Console.WriteLine(String.format("I have {0} apples", apples));

The output will be:

I have 4 apples

CFML[edit]

Script syntax:

apples = 4;
writeOutput("I have #apples# apples");

Tag syntax:

<cfset apples = 4>
<cfoutput>I have #apples# apples</cfoutput>

The output will be:

I have 4 apples

CoffeeScript[edit]

apples = 4
console.log "I have #{apples} apples"

The output will be:

I have 4 apples

Dart[edit]

int apples = 4, bananas = 3;
print('I have $apples apples');
print('I have ${apples+bananas} fruits');

The output will be:

I have 4 apples
I have 7 fruits

Lisp[edit]

Using strings:

(print (format t "I have ~D apples" 4))

The output will be:

I have 4 apples

We can also generalise this to arbitrary (non-string) LISP expressions, known as s-expressions. The equivalent of string interpolation for s-expressions is quasi-quotation, for example:

(let ((num 4))
     (quasiquote (I have (unquote num) apples)))

This results in the s-expression (I have 4 apples), where "I", "have", "4" and "apples" are symbols (i.e. identifiers), rather than strings.

Nemerle[edit]

def apples = 4;
def bananas = 3;
Console.WriteLine($"I have $apples apples");
Console.WriteLine($"I have $(apples + bananas) fruits");

You can also use advanced formatting features like this:

def fruits = ["apple", "banana"];
Console.WriteLine($<#I have ..$(fruits; "\n"; f => f + "s")#>);

The output will be:

apples
bananas

Perl[edit]

my $apples = 4;
print "I have $apples apples\n";

The output will be:

I have 4 apples

PHP[edit]

<?php
$str = <<<EOD
Example of string
spanning multiple lines
using heredoc syntax.
EOD;
class foo {
    var $foo;
    var $bar;
    function foo() {
        $this->foo = 'Foo';
        $this->bar = array('Bar1', 'Bar2', 'Bar3');
    }
}
$foo = new foo();
$name = 'Jason';
echo <<<EOT
My name is "$name". I am printing some $foo->foo.
Now, I am printing some {$foo->bar[1]}.
This should print a capital 'A': \x41
EOT;
?>

The output will be:

My name is "Jason". I am printing some Foo.
Now, I am printing some Bar2.
This should print a capital 'A': A

Python[edit]

apples = 4
print "I have %d apples" % apples
# or in newer versions:
print "I have {} apples".format(apples)
print "I have {a} apples".format(a=apples)

The output will be:

I have 4 apples

Ruby[edit]

apples = 4
puts "I have #{apples} apples"
# or
puts "I have %s apples" % apples
# or
puts "I have %{a} apples" % {a: apples}

The output will be:

I have 4 apples

Scala[edit]

Scala has with compiler macro's easily the following string interpolators implemented: s,f and raw. It is even possible to write your own.

The s interpolator[edit]

Scala's string Interpolation allows users to embed variable references directly in processed string literals. It's done by the Scala Macro feature. Macros are functions that are called by the compiler during compilation. Here is an example:

val apples = 4
println(s"I have $apples apples")

The output will be:

I have 4 apples

Swift[edit]

In Swift you can create a new String value from a combination of constants, variables, literals, and expressions by including their values inside a string literal. Each item that you insert into the string literal is wrapped in a pair of parentheses, prefixed by a backslash.

let apples = 4
println("I have \(apples) apples")

The output will be:

I have 4 apples

See also[edit]

Notes[edit]