String interpolation is a common feature in many programming languages such as Ruby, PHP, Perl, etc. It means to insert a string or replace a variable with its value. It makes string formatting and specifying contents more intuitive.[1]
Contents |
<?php $str = <<<EOD Example of string spanning multiple lines using heredoc syntax. EOD; class foo { var $foo; var $bar; function foo() { $this->foo = 'Foo'; $this->bar = array('Bar1', 'Bar2', 'Bar3'); } } $foo = new foo(); $name = 'Jason'; echo <<<EOT My name is "$name". I am printing some $foo->foo. Now, I am printing some {$foo->bar[1]}. This should print a capital 'A': \x41 EOT; ?>
The output will be:
My name is "Jason". I am printing some Foo. Now, I am printing some Bar2. This should print a capital 'A': A
#!/usr/bin/perl use strict; use warnings; my $apples = 4; print "I have $apples apples\n";
The output will be:
I have 4 apples
apples = 4 puts "I have #{apples} apples" # or puts "I have %s apples" % apples
The output will be:
I have 4 apples
apples = 4 print("I have $(apples) apples") // or print("I have {0} apples" % apples)
The output will be:
I have 4 apples
GeSHi Error: GeSHi could not find the language coffeescript (using path /usr/share/php-geshi/geshi/) (code 2)
You need to specify a language like this: <source lang="html4strict">...</source>
Supported languages for syntax highlighting:
abap, actionscript, actionscript3, ada, apache, applescript, apt_sources, asm, asp, autoit, avisynth, bash, basic4gl, bf, bibtex, blitzbasic, bnf, boo, c, c_mac, caddcl, cadlisp, cfdg, cfm, cil, cmake, cobol, cpp, cpp-qt, csharp, css, d, dcs, delphi, diff, div, dos, dot, eiffel, email, erlang, fo, fortran, freebasic, genero, gettext, glsl, gml, gnuplot, groovy, haskell, hq9plus, html4strict, idl, ini, inno, intercal, io, java, java5, javascript, kixtart, klonec, klonecpp, latex, lisp, locobasic, lolcode, lotusformulas, lotusscript, lscript, lsl2, lua, m68k, make, matlab, mirc, modula3, mpasm, mxml, mysql, nsis, oberon2, objc, ocaml, ocaml-brief, oobas, oracle11, oracle8, pascal, per, perl, php, php-brief, pic16, pixelbender, plsql, povray, powershell, progress, prolog, properties, providex, python, qbasic, rails, rebol, reg, robots, ruby, sas, scala, scheme, scilab, sdlbasic, smalltalk, smarty, sql, tcl, teraterm, text, thinbasic, tsql, typoscript, vb, vbnet, verilog, vhdl, vim, visualfoxpro, visualprolog, whitespace, whois, winbatch, xml, xorg_conf, xpp, z80
The output will be:
I have 4 apples
apples = 4 print "I have %s apples" % apples
The output will be:
I have 4 apples
String Interpolation, like string concatenation, may lead to security problems. When failed to properly escape or filter user input data, system will expose to SQL Injection, Script Injection, XML External Entity Injection (XXE), and Cross Site Scripting (XSS) attacks.[2]
An example of SQL Injection will be like this:
query = "SELECT x, y, z FROM Table WHERE id= '$id'
If id is replaced with "'; DELETE FROM Table WHERE = '", executing this query will wipe out all the data on the local machine.