String interpolation
In computer programming, string interpolation (or variable interpolation, variable substitution, or variable expansion) is the process of evaluating a string literal containing one or more placeholders, yielding a result in which the placeholders are replaced with their corresponding values. It is a form of simple template processing[1] or, in formal terms, a form of quasi-quotation (or logic substitution interpretation). String interpolation allows easier and more intuitive string formatting and content-specification compared with string concatenation.[2]
String interpolation is common in many programming languages which make heavy use of string representations of data, such as Groovy, Perl, PHP, Python, Ruby, Scala, and Swift, and most Unix shells. Two modes of literal expression are usually offered: one with interpolation enabled, the other without (termed raw string). Placeholders are usually represented by a bare or a named sigil (typically $
or %
), e.g. $placeholder
or %123
. Expansion of the string usually occurs at run time.
Variations
Some languages do not offer string interpolation, instead offering a standard function where one parameter is the printf format string, and other(s) provide the values for each placeholder.
Ruby uses the #
symbol for interpolation, and allows interpolating any expression, not only variables. Other languages may support more advanced interpolation with a special formatting function, such as printf
, in which the first argument, the format, specifies the pattern in which the remaining arguments are substituted.
Algorithms
There are two main types of expand variable algorithms for variable interpolation:[3]
- Replace and expand placeholders: creating a new string from the original one, by find-replace operations. Find variable-reference (placeholder), replace it by its variable-value. This algorithm offers no cache strategy.
- Split and join string: splitting the string into an array, and merging it with the corresponding array of values; then join items by concatenation. The split string can be cached to reuse.
Security issues
String interpolation, like string concatenation, may lead to security problems. If user input data is improperly escaped or filtered, the system will be exposed to SQL injection, script injection, XML External Entity Injection (XXE), and cross-site scripting (XSS) attacks.[4]
An SQL injection example:
query = "SELECT x, y, z FROM Table WHERE id='$id'
"
If $id
is replaced with "';
", executing this query will wipe out all the data in Table.DELETE FROM Table; SELECT * FROM Table WHERE id='
Examples
The following Perl code works identically in PHP:
$name = "Alice";
print "${name} said Hello World to the crowd of people.";
produces the output: Alice said Hello World to the crowd of people.
Bash
apples = 4
echo "I have $apples apples"
# or
echo "I have ${apples} apples"
The output will be:
I have 4 apples
Boo
apples = 4
print("I have $(apples) apples")
# or
print("I have {0} apples" % apples)
The output will be:
I have 4 apples
C#
var apples = 4;
// Before C# 6.0
System.Console.WriteLine(String.Format("I have {0} apples", apples));
// C# 6.0
System.Console.WriteLine($"I have {apples} apples");
The output will be:
I have 4 apples
ColdFusion Markup Language
ColdFusion Markup Language (CFML) script syntax:
apples = 4;
writeOutput("I have #apples# apples");
Tag syntax:
<cfset apples = 4>
<cfoutput>I have #apples# apples</cfoutput>
The output will be:
I have 4 apples
CoffeeScript
apples = 4
console.log "I have #{apples} apples"
The output will be:
I have 4 apples
Dart
int apples = 4, bananas = 3;
print('I have $apples apples.');
print('I have ${apples+bananas} fruit.');
The output will be:
I have 4 apples.
I have 7 fruit.
Groovy
def quality = 'superhero'
def sentence = "A developer is a ${quality}"
print sentence
The output will be:
A developer is a superhero
Haxe
var apples = 4;
var bananas = 3;
trace('I have $apples apples.');
trace('I have ${apples+bananas} fruit.');
The output will be:
I have 4 apples.
I have 7 fruit.
JavaScript
JavaScript, as of the ECMAScript 2015 (ES6) standard, supports string interpolation using backticks ``
. This feature is called template literals.[7] Here is an example:
var apples = 4;
var bananas = 3;
console.log(`I have ${apples} apples`);
console.log(`I have ${apples + bananas} fruits`);
The output will be:
I have 4 apples
I have 7 fruits
Nemerle
def apples = 4;
def bananas = 3;
Console.WriteLine($"I have $apples apples.");
Console.WriteLine($"I have $(apples + bananas) fruit.");
It also supports advanced formatting features, such as:
def fruit = ["apple", "banana"];
Console.WriteLine($<#I have ..$(fruit; "\n"; f => f + "s")#>);
The output will be:
apples
bananas
Perl
my $apples = 4;
my $bananas = 3;
print "I have $apples apples.\n";
print "I have @{[$apples+$bananas]} fruit.\n"; # Uses the Perl array (@) interpolation.
The output will be:
I have 4 apples.
I have 7 fruit.
PHP
<?php
class foo {
var $foo;
var $bar;
function foo() {
$this->foo = 'Foo';
$this->bar = array('Bar1', 'Bar2', 'Bar3');
}
}
$foo = new foo();
$name = 'Jason';
echo <<<EOT
My name is "$name". I am printing some $foo->foo.
Now, I am printing some {$foo->bar[1]}.
This should print a capital 'A': \x41
EOT;
?>
The output will be:
My name is "Jason". I am printing some Foo.
Now, I am printing some Bar2.
This should print a capital 'A': A
Python
# in all versions
apples = 4
print "I have %d apples" % apples
print "I have %(apples)d apples" % locals()
# with Python 2.6+
print "I have {} apples".format(apples)
print "I have {a} apples".format(a=apples)
# or with Python 3.6+
print(f"I have {apples} apples")
The output will be:
I have 4 apples
Ruby
apples = 4
puts "I have #{apples} apples"
# or
puts "I have %s apples" % apples
# or
puts "I have %{a} apples" % {a: apples}
The output will be:
I have 4 apples
Scala
Scala 2.10+ has implemented the following string interpolators: s, f and raw. It is also possible to write custom ones or override the standard ones.
The f interpolator is a compiler macro that rewrites a format string with embedded expressions as an invocation of String.format. It verifies that the format string is well-formed and well-typed.
The standard interpolators
Scala 2.10+'s string interpolation allows embedding variable references directly in processed string literals. Here is an example:
val apples = 4
val bananas = 3
//before Scala 2.10
printf("I have %d apples\n", apples)
println("I have %d apples" format apples)
//Scala 2.10+
println(s"I have $apples apples")
println(s"I have ${apples + bananas} fruits")
println(f"I have $apples%d apples")
The output will be:
I have 4 apples
Swift
In Swift, a new String value can be created from a mix of constants, variables, literals, and expressions by including their values inside a string literal. Each item inserted into the string literal is wrapped in a pair of parentheses, prefixed by a backslash.
let apples = 4
print("I have \(apples) apples")
The output will be:
I have 4 apples
TypeScript
As of version 1.4, TypeScript supports string interpolation using backticks ``
. Here is an example:
var apples: number = 4;
console.log(`I have ${apples} apples`);
The output will be:
I have 4 apples
The console.log
function can be used as a printf
function. The above example can be rewritten, thusly:
var apples: number = 4;
console.log("I have %d apples", apples);
The output remains the same.
See also
Notes
- ↑ "Enforcing Strict Model-View Separation in Template Engines", T. Parr (2004), WWW2004 conference.
- ↑ http://perlmeme.org/howtos/using_perl/interpolation.html
- ↑ "smallest-template-system/Simplest algorithms", a online tutorial for placeholder-template-systems.
- ↑ http://google-caja.googlecode.com/svn/changes/mikesamuel/string-interpolation-29-Jan-2008/trunk/src/js/com/google/caja/interp/index.html#-autogen-id-1
- ↑ https://github.com/dotnet/roslyn/wiki/Languages-features-in-C%23-6-and-VB-14
- ↑ "", String interpolation in Haxe official manual.
- ↑ https://developer.mozilla.org/docs/Web/JavaScript/Reference/Template_literals
- ↑ https://docs.python.org/3/whatsnew/3.0.html
- ↑ https://www.python.org/dev/peps/pep-0498/
- ↑ http://www.horstmann.com/