Quoting Uri Guttman ([EMAIL PROTECTED]):
> and interpolating $foo in a format is useful so that is not stopped. i
> have used it for format precision values. i recently discovered that
> perl still supports the c style of * meaning to use the next arg for the
> precision/width value. i much prefer interpolating that where it belongs
> instead of matching more args up with format specifiers.
Interpolating into format strings is well known for causing bugs. Although
the security implications are less serious in Perl than C, it's still a
robustness problem.
In my opinion, any fix that introduces noise into printf is unacceptable. I
get the impression that the people who think this is a non-issue never use
printf. I do, and I use strftime on an almost daily basis.
I could live with doing strftime('%Y-%m-%d', localtime), though I'd have to
stop and think about it every time. When it comes to printf though, embedded
newlines are vital, and printf('%11d %11d %s'."\n", @a) and the other wacky
varients are just not gonna cut it. If I wanted to spend all day battling
quoting issues I'd program in shell.
I think there are only three possible solutions:
* An argument type that magically changes the interpolation conventions for
strings. Perl already has a bunch of argument types that do weird
compile-time things, so it wouldn't be unprecedented, and people could
continue to use printf, sprintf, strftime and my_printf as now.
* Throw out printf and write, and replace them with a new formatted-output
facility. It would have to seriously kick ass as compensation for forcing
everyone to learn it.
* Continue to use Perl 5 while we still have the freedom to do so.
Adam
--
Adam Rice -- [EMAIL PROTECTED] -- Blackburn, Lancashire, England
