What do you think of when you see the following C# code:
ExecuteSql($"SELECT * FROM SomeTable WHERE SomeColumn = {someValue}");
- Huh? Nothing exciting here.
- STOP!!!! SQL injection vulnerability.
- Way cool language technique!!!! (Hint! Hint!)
What do you think of when you see the following C# code:
ExecuteSql($"SELECT * FROM SomeTable WHERE SomeColumn = {someValue}");
Let’s say you maintain a class whose constructor expects a configuration object:
class MyDbConnection { public MyDbConnection(MyDbConfiguration config) { … } } ... var config = new MyDbConfiguration { Server = "SuperFastDbServer", User = "jsmith", Password = … }; var connection = new MyDbConnection(config);
Along the way, developers asked for a simple, textual way to set configuration options. To accommodate this, you gave the configuration class a constructor that accepts a settings string as its argument:
var connection = new MyDbConnection(new MyDbConfiguration("server=SuperFastDbServer;user=jsmith;password=…"));
Now, you’ve received a request to further streamline usage by allowing the configuration string to be passed directly to the main class, bypassing the need to reference the settings class:
var connection = new MyDbConnection("server=SuperFastDbServer;user=jsmith;password=…");
Since the goal is to construct instances of the main class by passing a string, it seems the way to implement this request is to give the main class a constructor that accepts a string as its argument.
Surprisingly, adding a constructor isn’t the only way to achieve the desired effect! In fact, it’s possible to satisfy this request without any modifications to the main class. Likely, you’ve already used the functionality that makes this possible—though perhaps without realizing you could use it with classes and structs you create.
However, there is a philosophical question about the appropriateness of applying this technique in this scenario. We’ll touch on this question later. Even if you decide against using the technique in this case, knowing about it hopefully will come in handy down the road when you encounter other, unquestionably appropriate situations where it can be used. Continue reading