Skip to content

Instantly share code, notes, and snippets.

@EliJDonahue

EliJDonahue/aras_labs_combining_items_best_practice.cs

Created Jul 11, 2017
Star
Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
Demonstrates the Aras Best Practice of building a single AML statement instead of combining items with appendItem()
Raw
aras_labs_combining_items_best_practice.cs
string myAml = "<AML>";
for (int i=0; i<10; i++)
{
myAml = myAml + "<Item type=\"CAD\" action=\"add\">";
myAml = myAml + "<item_number>" + "Test " + i + "</item_number>";
myAml = myAml + "</Item>";
}
myAml = myAml + "</AML>";
Item res = inn.applyAML(myAml);
@erdomke

This comment has been minimized.

Sign in to view
Copy link

@erdomke erdomke commented Jul 14, 2017

A couple of concerns with this example

  1. Performance: For more than 10's of string concatenations, the memory allocations can get relatively slow when compared to using classes such as System.Text.StringBuilder or System.IO.StringWriter
  2. Security: If unvalidated user input is concatenated with the AML, it would allow the user to inject AML into your command. Even if this is not intentionally malicious, I have created numerous bugs because I forgot to account for characters such as &, <, or > in the user input.

I forked this example and made some tweaks to address both concerns.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment