Strings

AA2e72E

I have seen code like this:

Console.WriteLine(
"divisible by seven event raised!!! the guilty party is {0}",
e.TheNumber);

where {0} gets substituted by e.TheNumber

Is there a general way of doing this. e.g.

"Dear Mr {0} \r\nThank you for your letter of {1}","CSHARP","01/01/2007"

and have {0} replace by CSHARP and {1} replaced by 01/01/2007 and then have
the new string returned , e.g

string let = "Dear Mr {0} \r\nThank you for your letter of
{1}","CSHARP","01/01/2007"

Thsnks for your help.

Hi

In that case I would use the StringBuilder class.

<code>
Stringbuilder sb = new StringBuilder();
sb.AppendFormat("Dear Mr {0} \r\nThank you for your letter of
{1}","CSHARP","01/01/2007");

Console.WriteLine( sb.ToString() )
</code>

NB. You have to use the ToString() function to return a string, and not the
StringBuilder object. You will get a compile time error is you don't use
ToString().

HTH

--
Ged Moretta


-----------------------------------------------------------------------
This signature isn't automatic. I have to type it manually every time.


"AA2e72E" <> wrote in message
news:...
>I have seen code like this:
>
> Console.WriteLine(
> "divisible by seven event raised!!! the guilty party is {0}",
> e.TheNumber);
>
> where {0} gets substituted by e.TheNumber
>
> Is there a general way of doing this. e.g.
>
> "Dear Mr {0} \r\nThank you for your letter of {1}","CSHARP","01/01/2007"
>
> and have {0} replace by CSHARP and {1} replaced by 01/01/2007 and then
> have
> the new string returned , e.g
>
> string let = "Dear Mr {0} \r\nThank you for your letter of
> {1}","CSHARP","01/01/2007"
>
> Thsnks for your help.
>

Or, of course, you could use

String s = String.Format( "Dear Mr {0} \r\nThank you for your letter of
{1}","CSHARP","01/01/2007" );

Silly me !! D'oh !

--
Ged Moretta


-----------------------------------------------------------------------
This signature isn't automatic. I have to type it manually every time.


"AA2e72E" <> wrote in message
news:...
>I have seen code like this:
>
> Console.WriteLine(
> "divisible by seven event raised!!! the guilty party is {0}",
> e.TheNumber);
>
> where {0} gets substituted by e.TheNumber
>
> Is there a general way of doing this. e.g.
>
> "Dear Mr {0} \r\nThank you for your letter of {1}","CSHARP","01/01/2007"
>
> and have {0} replace by CSHARP and {1} replaced by 01/01/2007 and then
> have
> the new string returned , e.g
>
> string let = "Dear Mr {0} \r\nThank you for your letter of
> {1}","CSHARP","01/01/2007"
>
> Thsnks for your help.
>

Adam Bieganski

In this case StringBuilder would be an overkill.

The most efficient (performant) way of doing that is:

string.Concat("Dear Mr ", "CSHARP", "\r\nThank you for your letter of ",
"01/01/2007");


string.Format consumes more memory and takes longer to execute.

Cheers,
_____________
Adam Bieganski



"Ged" wrote:

> Or, of course, you could use
>
> String s = String.Format( "Dear Mr {0} \r\nThank you for your letter of
> {1}","CSHARP","01/01/2007" );
>
> Silly me !! D'oh !
>
> --
> Ged Moretta
>
>
> -----------------------------------------------------------------------
> This signature isn't automatic. I have to type it manually every time.
>
>
> "AA2e72E" <> wrote in message
> news:...
> >I have seen code like this:
> >
> > Console.WriteLine(
> > "divisible by seven event raised!!! the guilty party is {0}",
> > e.TheNumber);
> >
> > where {0} gets substituted by e.TheNumber
> >
> > Is there a general way of doing this. e.g.
> >
> > "Dear Mr {0} \r\nThank you for your letter of {1}","CSHARP","01/01/2007"
> >
> > and have {0} replace by CSHARP and {1} replaced by 01/01/2007 and then
> > have
> > the new string returned , e.g
> >
> > string let = "Dear Mr {0} \r\nThank you for your letter of
> > {1}","CSHARP","01/01/2007"
> >
> > Thsnks for your help.
> >
>
>

AA2e72E

Thanks Ged.

"Ged" wrote:

> Or, of course, you could use
>
> String s = String.Format( "Dear Mr {0} \r\nThank you for your letter of
> {1}","CSHARP","01/01/2007" );
>
> Silly me !! D'oh !
>
> --
> Ged Moretta
>
>
> -----------------------------------------------------------------------
> This signature isn't automatic. I have to type it manually every time.
>
>
> "AA2e72E" <> wrote in message
> news:...
> >I have seen code like this:
> >
> > Console.WriteLine(
> > "divisible by seven event raised!!! the guilty party is {0}",
> > e.TheNumber);
> >
> > where {0} gets substituted by e.TheNumber
> >
> > Is there a general way of doing this. e.g.
> >
> > "Dear Mr {0} \r\nThank you for your letter of {1}","CSHARP","01/01/2007"
> >
> > and have {0} replace by CSHARP and {1} replaced by 01/01/2007 and then
> > have
> > the new string returned , e.g
> >
> > string let = "Dear Mr {0} \r\nThank you for your letter of
> > {1}","CSHARP","01/01/2007"
> >
> > Thsnks for your help.
> >
>
>

Jon Skeet [C# MVP]

On Sep 18, 10:32 am, Adam Bieganski <abieganski(at)gmail.com> wrote:
> In this case StringBuilder would be an overkill.

Agreed.

> The most efficient (performant) way of doing that is:
>
> string.Concat("Dear Mr ", "CSHARP", "\r\nThank you for your letter of ",
> "01/01/2007");
> string.Format consumes more memory and takes longer to execute.

These all take longer than:

"Dear Mr CSHARP\r\nThank you for your letter of 01/01/2007"

In real situations, I'd expect the date to be passed in as a DateTime,
and the format to be potentially specified elsewhere. String.Format is
a nicer solution IMO, and the performance difference is *very*
unlikely to be significant. Clarity is almost always more important
than micro-optimisations like this.

Jon

AA2e72E

String concatenation on a piecemeal basis, I think, creates clutter and make
the code difficult to follow; I have in mind to use this substitution
technique as follows:

1. hold an SQL statement with {n}
2. substitute the n values in

and then execute it.

Jon Skeet [C# MVP]

On Sep 18, 11:06 am, AA2e72E <>
wrote:
> String concatenation on a piecemeal basis, I think, creates clutter and make
> the code difficult to follow; I have in mind to use this substitution
> technique as follows:
>
> 1. hold an SQL statement with {n}
> 2. substitute the n values in
>
> and then execute it.

No, please don't do that. That will still build a literal piece of
SQL, which is likely to be vulnerable to SQL injection attacks.
Instead, use a parameterized SQL command, and get client API to
perform any substitutions it needs to (or more likely, send the values
separately).

The exact form of this will depend on which database you're talking
to, but it's *definitely* the way to go.

Jon

Adam Bieganski

"AA2e72E" wrote:

>
> String concatenation on a piecemeal basis, I think, creates clutter and make
> the code difficult to follow; I have in mind to use this substitution
> technique as follows:
>
> 1. hold an SQL statement with {n}
> 2. substitute the n values in
>
> and then execute it.

Why not use SqlCommand and its Parameters collection then?

_____________
Adam Bieganski

AA2e72E

I take your point. BUT I do not understand how the approach I proposed is
MORE vulnerable to SQL injection attacks than an approach that uses SQL
Command

1 .... in an EXE or DLL i.e the user interface does not allow execution of
SQL statements directly i.e does not have a 'Query Analyser' type facility.
2. Someone with malicious intent can easily use Reflector.exe to reverse
engineer all the code and other particulars to ...destroy...

Given what is said here, I'll review my strategy; however, I have several
complex and long SQL statements (20+lines long) stored in resource files, the
database connection is passed in to my DLL to a private object; the
application needs to run the SQLs with different parameters.