In computer programming, string interpolation (or variable interpolation, variable substitution, or variable expansion) is the process of evaluating a string literal containing one or more placeholders, yielding a result in which the placeholders are replaced with their corresponding values. It is a form of simple template processing or, in formal terms, a form of quasi-quotation (or logic substitution interpretation). String interpolation allows easier and more intuitive string formatting and content-specification compared with string concatenation.
Contents
- Variations
- Algorithms
- Security issues
- Examples
- Bash
- Boo
- ColdFusion Markup Language
- CoffeeScript
- Dart
- Groovy
- Haxe
- JavaScript
- Kotlin
- Nemerle
- Perl
- PHP
- Ruby Crystal
- Rust
- Scala
- The standard interpolators
- Swift
- TypeScript
- References
String interpolation is common in many programming languages which make heavy use of string representations of data, such as Groovy, Kotlin, Perl, PHP, Python, Ruby, Scala, and Swift, and most Unix shells. Two modes of literal expression are usually offered: one with interpolation enabled, the other without (termed raw string). Placeholders are usually represented by a bare or a named sigil (typically $ or %), e.g. $placeholder or %123. Expansion of the string usually occurs at run time.
Variations
Some languages do not offer string interpolation, instead offering a standard function where one parameter is the printf format string, and other(s) provide the values for each placeholder.
Ruby uses the # symbol for interpolation, and allows interpolating any expression, not only variables. Other languages may support more advanced interpolation with a special formatting function, such as printf, in which the first argument, the format, specifies the pattern in which the remaining arguments are substituted.
Algorithms
There are two main types of expand variable algorithms for variable interpolation:
- Replace and expand placeholders: creating a new string from the original one, by find-replace operations. Find variable-reference (placeholder), replace it by its variable-value. This algorithm offers no cache strategy.
- Split and join string: splitting the string into an array, and merging it with the corresponding array of values; then join items by concatenation. The split string can be cached to reuse.
Security issues
String interpolation, like string concatenation, may lead to security problems. If user input data is improperly escaped or filtered, the system will be exposed to SQL injection, script injection, XML External Entity Injection (XXE), and cross-site scripting (XSS) attacks.
An SQL injection example:
query = "SELECT x, y, z FROM Table WHERE id='$id' "If $id is replaced with "'; ", executing this query will wipe out all the data in Table.DELETE FROM Table; SELECT * FROM Table WHERE id='
Examples
The following Perl code works identically in PHP:
produces the output: Alice said Hello World to the crowd of people.
Bash
The output will be:
Boo
The output will be:
The output will be:
ColdFusion Markup Language
ColdFusion Markup Language (CFML) script syntax:
Tag syntax:
The output will be:
I have 4 applesCoffeeScript
The output will be:
Dart
The output will be:
Groovy
The output will be:
Haxe
The output will be:
JavaScript
JavaScript, as of the ECMAScript 2015 (ES6) standard, supports string interpolation using backticks ``. This feature is called template literals. Here is an example:
The output will be:
Kotlin
The output will be:
Nemerle
It also supports advanced formatting features, such as:
The output will be:
Perl
The output will be:
PHP
The output will be:
The output will be:
Ruby / Crystal
The output will be:
Rust
Rust provides string interpolation via the std::fmt module, which is interfaced with through various macros such as format!, write!, and print!. These macros are converted into Rust source code at compile-time, whereby each argument interacts with a formatter. The formatter supports positional parameters, named parameters, argument types, and defining various formatting traits.
The output of each of these will be:
There are 4 apples and 3 bananas.Scala
Scala 2.10+ has implemented the following string interpolators: s, f and raw. It is also possible to write custom ones or override the standard ones.
The f interpolator is a compiler macro that rewrites a format string with embedded expressions as an invocation of String.format. It verifies that the format string is well-formed and well-typed.
The standard interpolators
Scala 2.10+'s string interpolation allows embedding variable references directly in processed string literals. Here is an example:
The output will be:
Swift
In Swift, a new String value can be created from a mix of constants, variables, literals, and expressions by including their values inside a string literal. Each item inserted into the string literal is wrapped in a pair of parentheses, prefixed by a backslash.
The output will be:
TypeScript
As of version 1.4, TypeScript supports string interpolation using backticks ``. Here is an example:
The output will be:
The console.log function can be used as a printf function. The above example can be rewritten, thusly:
The output remains the same.