On Sun, 11 Jul 2021 at 18:09, Dan Ackroyd <dan...@basereality.com> wrote:
> As I said in my reply to Rowan, making it easy to track down issues where > they occur, minimises the cost of using this feature over the years it > would be used. > This implementation allows you to do all of that. If you find debugging is a problem, you can choose not to use string concatenation (I haven't needed to). The implementation allows you to use a $query array, exactly as you describe: https://3v4l.org/aCFIT/rfc#vrfc.literals And the RFC itself provides you with a userland version of the `literal_concat()` function as you proposed, allowing anyone to customise it to their needs (e.g. only throwing an exception during development). But forcing every single project in existence to replace every instance of concatenation, especially when it is not necessary, and doesn’t improve security in any way, I would argue makes it too strict, and would harm adoption. Also, thanks for mentioning in your email to Rowan the problems with static analysis. Craig
