String formatting uses a process of string interpolation (variable substitution) to evaluate a string literal containing one or more placeholders, yielding a result in which the placeholders are replaced with their corresponding values.
Most current programming languages provide one or more string formatting functions that use a template string with placeholders and optional alignment, width, and precision indicators to generate formatted output.
String interpolation, like string concatenation, may lead to security problems. If user input data is improperly escaped or filtered, the system may be exposed to code injection.
- code injection
- The exploitation of a computer bug that is caused by processing invalid data.
- Modifying the way the output is displayed.
- string interpolation
- Evaluating a string literal containing one or more placeholders, yielding a result in which the placeholders are replaced with their corresponding values.