string length

  • Thread starter Thread starter Aaron
  • Start date Start date
A

Aaron

I have a string assigned a value from a querystring

public string a = request.querystring[1]

how can i make sure string a is less than 250 char? without using if's


aaron
 
Unless you're willing to count the ternary operator as different from an
if, then I can't seem to think of one.

I'm thinking of something like this:

(a.length < 250) ? a : a.Substring(0,250)

I know it's basically an if, but you can put it inside a conditional or
any other statement, if that's why you need to avoid ifs.

The other string functions seem to be too exception happy to do anything
to creative with. Same with StringBuilder.

Dave
 
Klaus said:
public string a = Request.QueryString[2].Substring(0, 250);
Click to expand...

.... if you're willing to trap the ArgumentOutOfRangeException for
strings that are under 250 characters long.
 
Aaron said:
I have a string assigned a value from a querystring

public string a = request.querystring[1]

how can i make sure string a is less than 250 char? without using if's


aaron
Click to expand...

and in addition to what the others said, you can also limit the input:
make sure the textbox (if that is where the text comes from)
accepts no more than 250 chars. (MaxLength property)

Hans Kesting
 
I would use:
int lengthOrTruncated = Math.Min(Request.QueryString[1].Length, 250);
string a = Request.QueryString[1].Substring(0, lengthOrTruncated);

(or inline the temporary int variable).

Yanick
 
Then how about Substring(0,min(250,length))

D Cameron said:
Klaus said:
public string a = Request.QueryString[2].Substring(0, 250);
Click to expand...

... if you're willing to trap the ArgumentOutOfRangeException for
strings that are under 250 characters long.
Click to expand...
 
how can i make sure string a is less than 250 char? without using if's

With a lot of work, by instance through looping thru the string and add
everytime a char untill it reaches his end,

Comparing is older in computing than multiplying, what do you think the
computer does internally when you are not using that?

Just my thought,

Cor
 
and in addition to what the others said, you can also limit the input:
make sure the textbox (if that is where the text comes from)
accepts no more than 250 chars. (MaxLength property)
Click to expand...

Being a paranoid developer, I don't know that I would leave it at just that,
though. Setting the maxlength would cover the expected scenario (where a
user is typing into an edit box), but it would leave you open to accepting
strings longer than 250 if someone just constructs a query string and posts
it to a URL.

Now, in the world of unmanaged code, if your server-side code just trusts
the string to be shorter than 250, and someone sneaks a larger one in by
building and posting their own query string, your code may be open to a
buffer overrun attack.

In the managed world, as long as you are using safe code, I don't _think_
that you can get a real buffer overrun. However, it still seems kind of
dangerous to take for granted that a string passed from an external source
will always conform to your size rule. I'd be suspicious and check it.
 
J.Marsch said:
Being a paranoid developer, I don't know that I would leave it at just that,
though. Setting the maxlength would cover the expected scenario (where a
user is typing into an edit box), but it would leave you open to accepting
strings longer than 250 if someone just constructs a query string and posts
it to a URL.

Now, in the world of unmanaged code, if your server-side code just trusts
the string to be shorter than 250, and someone sneaks a larger one in by
building and posting their own query string, your code may be open to a
buffer overrun attack.

In the managed world, as long as you are using safe code, I don't _think_
that you can get a real buffer overrun. However, it still seems kind of
dangerous to take for granted that a string passed from an external source
will always conform to your size rule. I'd be suspicious and check it.
Click to expand...

true! As with validators, you should do both: client-side for quick feedback
and server-side for security.

Hans Kesting
 
Back
Top