On Thursday, 25 January 2024 at 16:37:07 UTC, novice2 wrote:
>IMHO, string interpolation should no be used for DB code.
Version proposed here indeed should not be used. Dip 1036e, as far as I understood, can be used and does provide some security benefits against sql injection, given sql library in question uses interpolated strings. I think we should stop discussing this proposal, since dip1036 is already accepted.
If you're curious how interpolated strings might help with sql injection check recent debates about interpolated strings, there are plenty of examples.