将字符串转换为命令 [英] Convert String to Command

问题描述

如何将字符串更改为Command?

例如:
字符串s ="Console.ReadKey();" ;
.
.
.

Hi,
How can I change a string to a Command ?

e.g. :
string s = "Console.ReadKey();" ;
.
.
.
???

推荐答案

错误的主意.是的，您可以编译以字符串形式显示的源代码，在同一进程中加载​​它并运行，但是它几乎不是命令"，它应该是完整的程序集-至少一种类型，带有所有必需的引用程序集.

更重要的是，命令"方法将使对抗内存泄漏的工作变得非常头疼.在.NET中，原则上不可能卸载任何已加载的程序集.您只能卸载整个应用程序域.可以编译新程序集并将其加载到新创建的应用程序域"中.当不再需要它时，可以卸载整个应用程序域.基于这种方法来实现某些应用程序是很有可能的(类似于"C#计算器")，但是在Application Domain之间穿墙工作并不是一件容易的事.它需要IPC传递数据.

要了解其中涉及的内容，请查看我过去关于该主题的答案并围绕该主题进行讨论:
创建使用可重载插件的WPF应用程序... [ ^ ]，
AppDomain拒绝加载程序集 [使用CodeDom生成代码 [创建使用可重载插件的WPF应用程序... [ ^ ].

我怀疑您的想法能否与所需的工作量和预期的收益进行比较. :-)

—SA

Bad idea. Yes, you can compile source code presented in a string, load it in the same process and run, but it''s hardly a "command", it should be fully-fledged assembly — at least one type, with all required referenced assemblies.

More than that, a "command" approach will turn in a serious headache of the fight against memory leak. In .NET it is principally impossible to unload any loaded assembly. You can only unload a whole Application Domain. New assembly can be compiled and loaded in a newly create Application Domain. When it is no longer needed, the whole Application Domain can be unloaded. It''s quite possible to implement some application based on this approach (something like a "C# calculator"), but working through the wall between Application Domain is not so easy; it requires IPC to pass data.

To get an idea on what''s involved, look at my past answers on the topic and discussion around it:
Create WPF Application that uses Reloadable Plugins...[^],
AppDomain refuses to load an assembly[^],
code generating using CodeDom[^],
Create WPF Application that uses Reloadable Plugins...[^].

I doubt that your idea can stand a comparison of the required effort and expected pay-off. :-)

—SA

仅补充SA所说:从安全角度来看，这也是一个坏主意.根据您输入字符串的方式，请记住，.NET具有对计算机的完全访问权限.如果您允许用户输入代码，那么您将面临痛苦的世界.例如，大多数用户只能通过应用程序访问数据库，这会严格限制他们可以看到的内容.如果允许用户输入代码并执行代码，则他们可以绕过DB的所有登录要求，删除表或复制整个表内容.您确定要允许吗?

Just to add to what SA says: it is also a bad idea from a security point of view. Depending on how you enter your string, remember that .NET has full access to your machine. If you allow the user to enter code, you are leaving yourself open to a world of pain. For example, most users can only access a database via an application, which carefully restricts what they can see. If you allow users to enter code and execute it, they can bypass any login requirements to you DB, drop tables, or copy off the whole table contents. Are you sure you want to allow this?

这篇关于将字符串转换为命令的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！