Compartilhar via


String Suggestions for Speed and Security

Dave Fetterman has put together an excellent set of recommendations for string comparision practices.  Now I am really pleased by this because:

  • these recommendations are going to help you to avoid some nasty security weaknesses that might otherwise plague you
  • you get to use ordinal based comparisons more often and they are by far the fastest and cheapest

Speed and Security?  Say it isn't so!

https://msdn.microsoft.com/netframework/default.aspx?pull=/library/en-us/dndotnet/html/StringsinNET20.asp

Comments

  • Anonymous
    July 05, 2005
    Time to brush up on your string handling techniques and be introduced to the StringComparison enumeration ...
  • Anonymous
    July 05, 2005
    Time to brush up on your string handling techniques and be introduced to the StringComparison enumeration ...
  • Anonymous
    July 05, 2005
    Unfortunately, the article doesn't address two major issues:

    1) How does this impact the == operator for string comparison in C#?

    2) Is it safe to switch on a string in C#?
  • Anonymous
    July 05, 2005
    OK I don't have this memorized so I'm going to guess for fun then look it up later.

    I'm pretty sure both == and the switch statement require exact equality in C#. So that would make them like the case sensitive ordinal compare.

    Let's see how I do :)
  • Anonymous
    July 05, 2005
    Looks like I'm right. The switch uses operator== which in turn uses the default String.Equals.

    The article actually covers == in the discussion of String.Equals though it doesn't mention switch. All of this is easy enough to verify by looking at the IL.

    String.Equals
    Default interpretation: Ordinal

    The String class's equality methods include the static Equals, the static operator ==, and the instance method Equals. All of these operate by default in an ordinal fashion. Using an overload explicitly stating the StringComparison type is still recommended, even if you desire an ordinal comparison; in this way, searching code for a certain string interpretation becomes easier.
  • Anonymous
    July 06, 2005
    Time to brush up on your string handling techniques and be introduced to the StringComparison enumeration ...