String formatting uses a process of string interpolation (variable substitution) to evaluate a string literal containing one or more placeholders, yielding a result in which the placeholders are replaced with their corresponding values.
Most current programming languages provide one or more string formatting functions that use a template string with placeholders and optional alignment, width, and precision indicators to generate formatted output.
|C++|| || |
|C#|| || |
|Java|| || |
|Python|| || |
|Swift||interpolation || |
String interpolation, like string concatenation, may lead to security problems. If user input data is improperly escaped or filtered, the system may be exposed to code injection.
- code injection
- The exploitation of a computer bug that is caused by processing invalid data.
- Modifying the way the output is displayed.
- string interpolation
- Evaluating a string literal containing one or more placeholders, yielding a result in which the placeholders are replaced with their corresponding values.