How to embed quotes in a string



  • I have seen this line lots of times, but it wasn't until today that I actually read it. It seems a bit unnecessary.

    xmlStr = "<?xml version=" + '"' + "1.0" + '"' + "?>";


  • What language? In JS, " and ' mean the same thing, so I exclusively write code with single quotes, except for strings with SQL queries. Gratuitous escaping makes my eyes hurt.



  • Thats gotta be PHP.

    I  love the C# @-escaping of strings.



  • @Eric Shinn said:

    Thats gotta be PHP.

    I  love the C# @-escaping of strings.

     

    Actually could be C# as well...

    Guess he has never heard of \"



  • @Eric Shinn said:

    Thats gotta be PHP.
    It's too cheap, doesn't have enough $.



  • @Eric Shinn said:

    Thats gotta be PHP.

    I hadn't thought about it, but I agree.  php would try to parse the insides of the <? and ?> as PHP, which it is clearly not, so you have to echo a string that contains it.

    But that doesn't preclude any other language that uses <? and ?> to enclose the parseable code.  Are there any?



  • @Eric Shinn said:

    Thats gotta be PHP.

    I  love the C# @-escaping of strings.

    Insta-fail!   PHP variables are prefixed with a dollar sign and the + operator is not used for concatenation.  And you should almost almost always use single quotes for strings in PHP because single quotes do not allow for variable expansion or escape sequences, which makes parsing them much faster for the interpreter.

     

    It's probably JS, but that's just a guess.



  • @dhromed said:

    What language? In JS, " and ' mean the same thing, so I exclusively write code with single quotes, except for strings with SQL queries. Gratuitous escaping makes my eyes hurt.

     You build SQL queries in JS?  I guess you meant on the backend but that would imply you aren't using parameterized queries and are instead concatenating variables inline.  Due to the poor security of this, I'm going to guess that you are programming in PHP.  I do a lot of PHP, but opening your software to SQL injection seems to be something committed primarily by PHP developers.



  • I think it's Java or C++. String + character + string + character + string. At least I think the operators are overloaded to work that way...



  •  @morbiuswilters said:

    You build SQL queries in JS?  I guess you meant on the backend but that would imply you aren't using parameterized queries and are instead concatenating variables inline.  Due to the poor security of this, I'm going to guess that you are programming in PHP.  I do a lot of PHP, but opening your software to SQL injection seems to be something committed primarily by PHP developers.

    I expected this to come up. :)

    We're a little behind on the times where I work, so it's ASP/JScript.

    And when I build SQL queries, I use our custom lib's implementation of parametrized queries (because classic asp doesn't have them), which are mandated by our coding standards, and everyone who doesn't use them gets a slappin' of the bad form. they also make your SQL a lot clearer; sans "+' "'+' '"+ and the likes.



  • @Welbog said:

    I think it's Java or C++. String + character + string + character + string. At least I think the operators are overloaded to work that way...



    Still looks like C# to me. To be more precise, it looks like someone who came from VB.NET and couldn't figure out how the hell to put a quote in a string. I am surprised there isn't a chr(34) in there instead.



  • @Welbog said:

    I think it's Java or C++. String + character + string + character + string. At least I think the operators are overloaded to work that way...

    In C++, they're not (and cannot be).



  • TRWTF(tm) is that the author (nor anyone else here, apparently) knows that XML doesn't CARE what quotes you use:

     xmlStr = "<?xml version='1.0'?>"; // works fine, and is a LOT easier on the eyes!



  • @MasterPlanSoftware said:

    it looks like someone who came from VB.NET and couldn't figure out how the hell to put a quote in a string.
     

    I'm not sure about that, if it was from VB.NET we woulda seen "<?xml version=""1.0"'?>".  I'd hazard a guess it's C# and there's a braindead development standard that prohibits use of escapes for some wacky reason.



  • @mfah said:

    @MasterPlanSoftware said:

    it looks like someone who came from VB.NET and couldn't figure out how the hell to put a quote in a string.
     

    I'm not sure about that, if it was from VB.NET we woulda seen "<?xml version=""1.0"'?>".  I'd hazard a guess it's C# and there's a braindead development standard that prohibits use of escapes for some wacky reason.

     

    You misquoted/misread what I said. I said it looks like C# generated by someone with a VB.NET background. It is obviously not actual VB.NET.



  • @MasterPlanSoftware said:

    You misquoted/misread what I said. I said it looks like C# generated by someone with a VB.NET background. It is obviously not actual VB.NET.
     

    I missed the @ of course, my bad there, but prefixed with an @ it's valid C#. 



  • @mfah said:

    @MasterPlanSoftware said:

    You misquoted/misread what I said. I said it looks like C# generated by someone with a VB.NET background. It is obviously not actual VB.NET.
     

    I missed the @ of course, my bad there, but prefixed with an @ it's valid C#. 

     

    I must have missed something, because I have absolutely no idea what you are talking about.



  • And the correct answer to the langauge question is: C#

    The code is written by consults in several layers, so it's hard to say who wrote this piece. If it's the person before me I think his background was more in C++ than VB. But that doesn't seem to fit, so perhaps it was someone else.

    This is in fact parsed in a Symbian phone, so I wouldn't count on single quotes to work as someone suggested.



  • @Gieron said:

    And the correct answer to the langauge question is: C#
     

    Whoo hoo! I win!



  • @Gieron said:

    This is in fact parsed in a Symbian phone, so I wouldn't count on single quotes to work as someone suggested.
    They work as proof in your own OP.



  • @dhromed said:

    I use our custom lib's implementation of parametrized queries (because classic asp doesn't have them)
     

    Zuh? We have several aging classic ASP apps where I work, and all use parameterized queries to SQL Server (and, god help me, Jet) databases via ADO.

    ASP isn't a data access provider, it rightfully knows nothing about parameterized queries, nor does ASP.NET, etc. It's not like you need to roll your own implementation.



  • @Lingerance said:

    @Gieron said:
    This is in fact parsed in a Symbian phone, so I wouldn't count on single quotes to work as someone suggested.
    They work as proof in your own OP.

    I think he means single quotes around the XML attributes.


Log in to reply