If JavaScript is your programming language of choice, you probably don't have to worry about string concatenation all that much. Instead, one of the recurring problems you might encounter is having to wait for JavaScript's npm package manager to install all of the required dependencies. If that sounds all too familiar, and you have some time on your hands until npm is done, you might as well spend it reading about how string concatenation works in other languages.
In this blog post, we examine why string concatenation is a complicated topic, why you can't concatenate two values of a different type in low-level programming languages without conversion, and how string concatenation can lead to vulnerabilities. We'll also explain how format strings that contain placeholders for certain types of data can cause serious trouble if they are controlled by an attacker. And, we'll conclude with a simple way to fix them.