Skip to content

Instantly share code, notes, and snippets.

@EliJDonahue

EliJDonahue/aras_labs_combining_items_best_practice.cs

Created July 11, 2017 18:50
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save EliJDonahue/cb868d27bdffa94c0efa265d7ef601aa to your computer and use it in GitHub Desktop.
Save EliJDonahue/cb868d27bdffa94c0efa265d7ef601aa to your computer and use it in GitHub Desktop.
Download ZIP
Demonstrates the Aras Best Practice of building a single AML statement instead of combining items with appendItem()
Raw
aras_labs_combining_items_best_practice.cs
string myAml = "<AML>";
for (int i=0; i<10; i++)
{
myAml = myAml + "<Item type=\"CAD\" action=\"add\">";
myAml = myAml + "<item_number>" + "Test " + i + "</item_number>";
myAml = myAml + "</Item>";
}
myAml = myAml + "</AML>";
Item res = inn.applyAML(myAml);
@erdomke
Copy link

erdomke commented Jul 14, 2017

A couple of concerns with this example

  1. Performance: For more than 10's of string concatenations, the memory allocations can get relatively slow when compared to using classes such as System.Text.StringBuilder or System.IO.StringWriter
  2. Security: If unvalidated user input is concatenated with the AML, it would allow the user to inject AML into your command. Even if this is not intentionally malicious, I have created numerous bugs because I forgot to account for characters such as &, <, or > in the user input.

I forked this example and made some tweaks to address both concerns.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment