The web professional's online magazine of choice. In: Columns > Behind the Curtain By Jonathan Snook Published on September 18, 2006
Abstract String Interpolation , the "Hello $name_of_planet!" style of generating strings, familiar to Perl, PHP, and Ruby programmers, provides a simple and intuitive way of specifying content in many languages from HTML to SQL to URLS. It also makes it very easy to introduce serious security problems.
Each application targets some domain problem. And each domain has its own set of rules and regulations that put constraints on data. When an application applies those constraints on data, the constraints become validations. All applications need to validate the data that users enter. Today, applications generally use combinations of if-else statements to validate data. These statements contain validation data that developers either hard-code or put through server-side code.