You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Using prepared patterns, we can build a pattern while injecting user-data, similarly to how prepared statements in SQL work.
Java prepared statements:
varstatement = con.prepareStatement("UPDATE coffees SET SALES = ?"); // "?" is placeholderstatement.setString(1, "whatever");
T-Regx prepared patterns:
$pattern = Pattern::inject('[A-Z][a-z]+:@', ['whatever']); // "@" is placeholder, because "?" is reserved in regex
The question arises, what's the best/obvious/expected things that should happen when someone uses [A-Z][a-z]+:\@ (escaped \@)?
Currently, I must choose between two strategies:
User knows what he's doing - treat \@ as "@" literal
User doesn't know what he's doing - throw an exception
We can also interpret it based on what the "@" really is:
Is it part of regex/extension of regular expressions? If so, \@ should be escaped like other regexp meta-characters
Is it just a template format for building real regexp? If so, then \@ looks like an invalid terminaing escape + a placeholder afterwards, and should throw a similar exception as if pattern [a-z]\ wouldn've been used.
As to the interpretation, I sway more into the "template format" part, since @ is only valid in prepared patterns. Normal patterns (like Pattern::of() or /[a-z]+/) don't use @, and if @ is found in there, it's treated just like any character. Maybe it shouldn't? Maybe it should be the same for all entry points?
As to the "user knows what he's doing part", I'm not sure. Keep in mind that to include a quote in PHP, you need to quote it in your string, so to include a backslash and @, you need to type "\\@" (same in java). To include two slashes, you need to go with string "\\\\@". If you add more escapes and more complex regexp, accidental quotion of @ is more likely, and perhaps its better to throw an exception, than to silently include @ as a string "@" literal?
We can't compare it to SQL Prepared Patterns, since while "UPDATE coffees SET SALES = \?" does end in exception, there are nothing to be escaped in SQL with \. The only escapes are ' quotes, which are escaped with double quotes ''.
I would like to list pros and cons of each solutions. I'm counting on opinions from @pchmielowski, @Meeve, @budziam
PS: To render @ in regular expressions, currently you need to do:
Pattern::inject('[A-Z][a-z]+:@', ['@']); // "@" is both a placeholder and an injected value
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Using prepared patterns, we can build a pattern while injecting user-data, similarly to how prepared statements in SQL work.
The question arises, what's the best/obvious/expected things that should happen when someone uses
[A-Z][a-z]+:\@(escaped\@)?Currently, I must choose between two strategies:
\@as"@"literalWe can also interpret it based on what the
"@"really is:\@should be escaped like other regexp meta-characters\@looks like an invalid terminaing escape + a placeholder afterwards, and should throw a similar exception as if pattern[a-z]\wouldn've been used.As to the interpretation, I sway more into the "template format" part, since
@is only valid in prepared patterns. Normal patterns (likePattern::of()or/[a-z]+/) don't use@, and if@is found in there, it's treated just like any character. Maybe it shouldn't? Maybe it should be the same for all entry points?As to the "user knows what he's doing part", I'm not sure. Keep in mind that to include a quote in PHP, you need to quote it in your string, so to include a backslash and
@, you need to type"\\@"(same in java). To include two slashes, you need to go with string"\\\\@". If you add more escapes and more complex regexp, accidental quotion of@is more likely, and perhaps its better to throw an exception, than to silently include@as a string"@"literal?We can't compare it to SQL Prepared Patterns, since while
"UPDATE coffees SET SALES = \?"does end in exception, there are nothing to be escaped in SQL with\. The only escapes are'quotes, which are escaped with double quotes''.I would like to list pros and cons of each solutions. I'm counting on opinions from @pchmielowski, @Meeve, @budziam
PS: To render
@in regular expressions, currently you need to do:Beta Was this translation helpful? Give feedback.
All reactions