Nitpick: sql example screams sql injection

[burner]

Total nitpick, but the sql example has written sql injection written all over it.
The example is works, but as a casual reader this annoyed me.

At least postgres has its own prepare statement syntax that has something that could be considered to be string interpolation like.
That is just in https://code.dlang.org/packages/dpq2

I would like to see a different example, but as said nitpick.

[schveiguy]

In fact, the SQL injection is not present in the example, because the expectation is that the library processes interpolated strings differently (i.e. in an injection proof way). Otherwise, the call is an error. This is actually my main use case for this (and prior) DIP.

However, it would be nice to see discussion of how this still avoids sql injection, while being conveniently readable.

For an example of a library that is a trivial change away from using this, see mysql-native's query function.

[rmanthorpe]

I thought exactly the same thing as @burner when I read this. I think the DIP needs to make it clear that this facilitates avoiding sql injection or needs to use a different example.