Nie dürft ihr so tief sinken, von dem Kakao,
durch den man euch zieht, auch noch zu trinken.
(Erich Kästner)

Dieser Inhalt wird in Deutschland nicht angezeigt. Weitere Informationen

A common pattern in discussions on programming languages is that somebody asks why there is no language that has $feature. And then I answer that there is one. And people who know me already know the most probable answer: Common Lisp.

One notable example comes from Fefe's Blog (German), who ignored my answer (maybe he did not read it or find it interesting).

So his question was whether it was possible to extend some programming language such that the argument that a string argument which is passed is actually constant, and not generated at runtime, such that people cannot generate SQL strings on the fly but must use an abstraction library. His example of the desired behaviour:

int SQL_statement(constexpr string& s);

SQL_statement("select * from table"); // ok
SQL_statement("select * from table where name='" + userinput + "'"); // compiler error

So here is the Common Lisp code I proposed:

(defun sql-statement-unsafe (str)
  "Unsafe function. In a production environment, this would not be
  exported from the namespace. In our case, it just outputs the string."
  (format t "~A" str))

(defmacro sql-statement (str)
    (assert (constantp str))
    `(sql-statement-unsafe ,str))

(sql-statement (format nil "~d" (random))) ; compile-time error
(sql-statement "hallo") ; no error

Well, furthermore, gcc has an extension __builtin_constant_p. And I guess the same can be done with C++11 static assertions meanwhile, but not sure, how.