current community

your communities

more stack exchange communities

company blog
Stack Exchange Inbox Reputation and Badges
tour help
Code Review Stack Exchange is a question and answer site for peer programmer code reviews. Join them; it only takes a minute:

Sign up
Here's how it works:
  1. Anybody can ask a question
  2. Anybody can answer
  3. The best answers are voted up and rise to the top
up vote 0 down vote favorite

I have a c# application which displays the names of assessments and the zone which they are performed upon, separated by a comma and a space. For instance:

  • assessment1, Firewall
  • mom's assessment, LAN

When the user selects on of these assessments, I need to separate the assessment name from the zone name. I also need to replace any single quotes in the string by two single quotes so I can query my database without issues (this i cannot change, it has to be done because no SQLiteParameters are used in the function that queries my database).

This is how I do this currently (note that _view.SelectedAssessment is the entire string of both the assessment name and zone): 

string zone = _view.SelectedAssessment.Substring(_view.SelectedAssessment.IndexOf(", ") + 2);
string assessmentName = _view.SelectedAssessment.Substring(0, _view.SelectedAssessment.Length - zone.Length - 2);

Is there a better way to do this? Any improvements?

share|improve this question
    
no SQLiteParameters are used in the function that queries my database - why so? – t3chb0t 2 days ago
    
@t3chb0t This was already in place. I did change the insert function to use SQLiteParameters. But changing the query function would require me to rewrite way too much existing code. – Marthe Veldhuis 2 days ago
3  
requiring rewriting "way too much existing code" for the benefit of having code that's basically secure against SQL-Injection is not rewriting "way too much code" ... If it were me, I'd talk to whoever's saying that it's way too much code and try to make them see reason. Because that's a walking exploit in your application – Vogel612 2 days ago
1  
I understand what you are saying, but you do not know this situation. 1. I am a student on an internship with zero prior knowledge of building any application, this is my third year computer science and I just have to make it work. 2. The company knows nothing about programming so they cannot help me. 3. They just want an application that automates their report making, so only about five people will every use it. 4. It is not connected to the internet. – Marthe Veldhuis 2 days ago
    
Don't forget that other people might want to learn something out of your question's answers make sure you always mark the one that helped you the most. – denis 23 hours ago
up vote 7 down vote

Make it regex with named groups:

var matcher = new Regex(@"(?<assesment>.+?),\s*(?<zone>.+)");
var match = matcher.Match("assessment1, Firewall");
var assesment = match.Groups["assesment"].Value;
var zone = match.Groups["zone"].Value;

where

  • (?<assesment>.+?) - catches assesment ungreedy ? so that it stops at ,
  • ,\s* - the separator is , with an optional white space (zero or more times)
  • (?<zone>.+) - catches zone greedy

Sample at regex101.com

I wasn't aware of that but @Vogel612 kindly mentioned that backtracking as I use it in my solution above might be sometimes a problem: Why Using the Greedy .* in Regular Expressions Is Almost Never What You Actually Want and The Explosive Quantifier Trap.

Using the (?<assessment>[^,]+) expression would be much faster and safer here.

That change drops the match you propose from 30 steps until matching to 9, so it saves roughly 60% of execution time.

Another valuable remark by @forsvarir suggests using the statick Regex.IsMatch method over creating a new instance each time. This should be much faster here.

The difference in performance is due to the caching of regular expressions used in static method calls.

There is a lot more to that with pleny of examples on Optimizing Regular Expression Performance, Part I: Working with the Regex Class and Regex Objects [Ron Petrusha]

share|improve this answer
4  
What are the advantages of this over the Split method mentioned below? – Marthe Veldhuis 2 days ago
up vote 6 down vote

Just use the Split method

 string[] splittedArray = _view.SelectedAssessment.Split(new[]{','});
 string zone = splittedArray[1].Trim();
 string assessmentName = splittedArray[0].Trim();

Also be careful when doing a manual replace on strings that go into the DB as you might be vulnerable to SQL injection

share|improve this answer
1  
This blows up when there's more than one comma in the input. not that the current code handles that part well :) – Vogel612 2 days ago
3  
@Vogel612 for sure, but not knowing if there might be such cases I prefer simple solutions – Paweł Łukasik 2 days ago

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.