Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Demonstrates the Aras Best Practice of building a single AML statement instead of combining items with appendItem()
string myAml = "<AML>";
for (int i=0; i<10; i++)
myAml = myAml + "<Item type=\"CAD\" action=\"add\">";
myAml = myAml + "<item_number>" + "Test " + i + "</item_number>";
myAml = myAml + "</Item>";
myAml = myAml + "</AML>";
Item res = inn.applyAML(myAml);

This comment has been minimized.

Copy link

@erdomke erdomke commented Jul 14, 2017

A couple of concerns with this example

  1. Performance: For more than 10's of string concatenations, the memory allocations can get relatively slow when compared to using classes such as System.Text.StringBuilder or System.IO.StringWriter
  2. Security: If unvalidated user input is concatenated with the AML, it would allow the user to inject AML into your command. Even if this is not intentionally malicious, I have created numerous bugs because I forgot to account for characters such as &, <, or > in the user input.

I forked this example and made some tweaks to address both concerns.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment