这有什么不好建设与XML字符串连接? [英] What's so bad about building XML with string concatenation?
问题描述
在该线程<一href=\"http://stackoverflow.com/questions/423823/whats-your-favorite-programmer-ignorance-pet-peeve/424058#424058\">What’s ?你最喜欢的程序员无知忌讳,会出现下面的答案,用大量upvotes的:
使用字符串连接建立谁XML程序员。
我的问题是,为什么通过字符串连接(如的StringBuilder 在C#)坏了?
我已经在过去做了几次,因为它有时对我来说,从A点到B点时,涉及到数据结构/对象我的工作最快捷的方式。到目前为止,我已经提出了几个原因,这是不是最大的做法,但有我俯瞰的东西吗?为什么要这样避免?
- 也许我能想到的最大的原因是,你需要手动逃避你的字符串,而大多数新的程序员(甚至一些有经验的程序员)会忘记这一点。它的工作非常适合他们,当他们进行测试,但随后随机他们的应用程序时,会抛出一个人的失败和放大器;象征他们的意见的地方。好吧,我就买这个,但它真的很容易prevent问题(<一个href=\"http://msdn.microsoft.com/en-us/library/system.security.securityelement.escape.aspx\">SecurityElement.Escape仅举一个)。
- 当我这样做,我通常省略了XML声明(即
&LT;?XML版本=1.0&GT;)。这是有害的? - 性能处罚?如果你坚持适当字符串连接(即
的StringBuilder),这是什么可担心? presumably,就像一个类的XmlWriter也需要做一些字符串操作... - 有生成XML的更优雅的方式,如使用
的XmlSerializer来自动序列化/反序列化类。好吧肯定的是,我同意。 C#有一吨有用的类此的,但有时我不想做一个类的东西真快,就像写了一个日志文件或东西。这只是我懒惰?如果我做的事情真实这是我的preferred做法,处理W / XML。
您可以结束了无效的XML,但你不会发现,直到您再次解析它 - 那么它是为时已晚。我这学到了艰辛的道路。
In the thread What’s your favorite "programmer ignorance" pet peeve?, the following answer appears, with a large amount of upvotes:
Programmers who build XML using string concatenation.
My question is, why is building XML via string concatenation (such as a StringBuilder in C#) bad?
I've done this several times in the past, as it's sometimes the quickest way for me to get from point A to point B when to comes to the data structures/objects I'm working with. So far, I have come up with a few reasons why this isn't the greatest approach, but is there something I'm overlooking? Why should this be avoided?
- Probably the biggest reason I can think of is you need to escape your strings manually, and most new programmers (and even some experienced programmers) will forget this. It will work great for them when they test it, but then "randomly" their apps will fail when someone throws an & symbol in their input somewhere. Ok, I'll buy this, but it's really easy to prevent the problem (SecurityElement.Escape to name one).
- When I do this, I usually omit the XML declaration (i.e.
<?xml version="1.0"?>). Is this harmful? - Performance penalties? If you stick with proper string concatenation (i.e.
StringBuilder), is this anything to be concerned about? Presumably, a class likeXmlWriterwill also need to do a bit of string manipulation... - There are more elegant ways of generating XML, such as using
XmlSerializerto automatically serialize/deserialize your classes. Ok sure, I agree. C# has a ton of useful classes for this, but sometimes I don't want to make a class for something really quick, like writing out a log file or something. Is this just me being lazy? If I am doing something "real" this is my preferred approach for dealing w/ XML.
You can end up with invalid XML, but you will not find out until you parse it again - and then it is too late. I learned this the hard way.
这篇关于这有什么不好建设与XML字符串连接?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
