# Wednesday, July 17, 2019

In a recent article, I introduced you to the "Recognize Text" API that returns the text in an image - process known as "Optical Character Recognition", or "OCR".

In this article, I will show how to call this API from a .NET application.

Recall that the "Recognize Text" API consists of two web service calls:

We call the "Recognize Text" web service and pass an image to begin the process.

We call the "Get Recognize Text Operation Result" web service to check the status of the processing and retrieive the resulting text, when the process is complete.

The sample .NET application

If you want to follow along, the code is available in the RecognizeTextDemo found in this GitHub repository.

To get started, you will need to create a Computer Vision key, as described here.

Creating this service gives you a URI endpoint to call as a web service, and an API key, which must be passed in the header of web service calls.

The App

To run the app, you will need to copy the key created above into the App.config file. Listing 1 shows a sample config file:

Listing 1:

<configuration>
   <appSettings>
     <add key="ComputerVisionKey" value="5070eab11e9430cea32254e3b50bfdd5" />
   </appSettings>
 </configuration>
  

You will also need an image with some text in it. For this demo, we will use the image shown in Fig. 1.

rt01-Kipling
Fig. 1

When you run the app, you will see the screen in Fig. 2.

rt02-Form1
Fig. 2

Press the [Get File] button and select the saved image, as shown in Fig. 3.

rt03-SelectImage
Fig. 3

Click the [Open] button. The Open File Dialog closes, the full path of the image is displays on the form, and the [Start OCR] button is enabled, as shown in Fig. 4.

rt04-Form2
Fig. 4

Click the [Start OCR] button to call a service that starts the OCR. If an error occurs, it is possible that you did not configure the key correctly or that you are not connected to the Internet.

When the service call returns, the URL of the "Get Text" service displays (beneath the "Location Address" label), and the [Get Text] button is enabled, as shown in Fig. 5.

rt05-Form3
Fig. 5

Click the [Get Text] button. This calls the Location Address service and displays the status. If the status is "Succeeded", it displays the text in the image, as shown in Fig. 6.

rt06-Form4
Fig. 6

## The code

Let's take a look at the code in this application. It is all written in C#. The relevant parts are the calls to the two web service: "Recognize Text" and "Get Recognize Text Operation Result". The first call kicks off the OCR job; the second call returns the status of the job and returns the text found, when complete.

The code is in the TextService static class.

This class has a constant: visionEndPoint, which is the base URL of the Computer Vision Cognitive Service you created above. The code in the repository is in Listing 2. You may need to modify the URL, if you created your service in a different region.

Listing 2:

const string visionEndPoint = "https://westus.api.cognitive.microsoft.com/";
  

### Recognize Text

The call to the "Recognize Text" API is in Listing 1:

Listing 3:

public static async Task<string> GetRecognizeTextOperationResultsFromFile(string imageLocation, string computerVisionKey)
{
    var cogSvcUrl = visionEndPoint + "vision/v2.0/recognizeText?mode=Printed";
    HttpClient client = new HttpClient();
    client.DefaultRequestHeaders.Add("Ocp-Apim-Subscription-Key", computerVisionKey);
    HttpResponseMessage response;
    // Convert image to a Byte array
    byte[] byteData = null;
    using (FileStream fileStream = new FileStream(imageLocation, FileMode.Open, FileAccess.Read))
    {
        BinaryReader binaryReader = new BinaryReader(fileStream);
        byteData = binaryReader.ReadBytes((int)fileStream.Length);
    }

    // Call web service; pass image; wait for response
    using (ByteArrayContent content = new ByteArrayContent(byteData))
    {
        content.Headers.ContentType = new MediaTypeHeaderValue("application/octet-stream");
        response = await client.PostAsync(cogSvcUrl, content);
    }

    // Read results
    RecognizeTextResult results = null;
    if (response.IsSuccessStatusCode)
    {
        var data = await response.Content.ReadAsStringAsync();
        results = JsonConvert.DeserializeObject<RecognizeTextResult>(data);
    }
    var headers = response.Headers;
    var locationHeaders = response.Headers.GetValues("Operation-Location");
    string locationAddress = "";
    IEnumerable<string> values;
    if (headers.TryGetValues("Operation-Location", out values))
    {
        locationAddress = values.First();
    }
    return locationAddress;
}
  

The first thing we do is construct the specific URL of this service call.

Then we use the System.Net.Http library to submit an HTTP POST request to this URL, passing in the image as an array of bytes in the body of the request. For more information on passing a binary file to a web service, see this article.

When the response returns, we check the headers for the "Operation-Location", which is the URL of the next web service to call. The URL contains a GUID that uniquely identifies this job. We save this for our next  call.

Get Recognize Text Operation Result

After kicking of the OCR, we need to call a different service to check the status and get the results. The code in Listing 4 does this.

Listing 4:

public static async Task<RecognizeTextResult> GetRecognizeTextOperationResults(string locationAddress, string computerVisionKey) 
 { 
    var client = new HttpClient(); 
    client.DefaultRequestHeaders.Add("Ocp-Apim-Subscription-Key", computerVisionKey); 
    var response = await client.GetAsync(locationAddress); 
    RecognizeTextResult results = null; 
    if (response.IsSuccessStatusCode) 
    { 
        var data = await response.Content.ReadAsStringAsync(); 
        results = JsonConvert.DeserializeObject<RecognizeTextResult>(data); 
    } 
    return results; 
 }
  

This code is much simpler because it is an HTTP GET and we don't need to pass anything in the request body.

We simply submit an HTTP GET request and use the Newtonsoft.Json libary to convert the response to a string.

Here is the complete code in the TextService class:

Listing 5:

using Newtonsoft.Json;
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Text;
using System.Threading.Tasks;
using TextLib.Models;

namespace TextLib
{

    public static class TextService
    {
        const string visionEndPoint = "https://westus.api.cognitive.microsoft.com/";

public static async Task<string> GetRecognizeTextOperationResultsFromFile(string imageLocation, string computerVisionKey)
{
    var cogSvcUrl = visionEndPoint + "vision/v2.0/recognizeText?mode=Printed";
    HttpClient client = new HttpClient();
    client.DefaultRequestHeaders.Add("Ocp-Apim-Subscription-Key", computerVisionKey);
    HttpResponseMessage response;
    // Convert image to a Byte array
    byte[] byteData = null;
    using (FileStream fileStream = new FileStream(imageLocation, FileMode.Open, FileAccess.Read))
    {
        BinaryReader binaryReader = new BinaryReader(fileStream);
        byteData = binaryReader.ReadBytes((int)fileStream.Length);
    }

    // Call web service; pass image; wait for response
    using (ByteArrayContent content = new ByteArrayContent(byteData))
    {
        content.Headers.ContentType = new MediaTypeHeaderValue("application/octet-stream");
        response = await client.PostAsync(cogSvcUrl, content);
    }

    // Read results
    RecognizeTextResult results = null;
    if (response.IsSuccessStatusCode)
    {
        var data = await response.Content.ReadAsStringAsync();
        results = JsonConvert.DeserializeObject<RecognizeTextResult>(data);
    }
    var headers = response.Headers;
    var locationHeaders = response.Headers.GetValues("Operation-Location");
    string locationAddress = "";
    IEnumerable<string> values;
    if (headers.TryGetValues("Operation-Location", out values))
    {
        locationAddress = values.First();
    }
    return locationAddress;
}

        public static async Task<RecognizeTextResult> GetRecognizeTextOperationResults(string locationAddress, string computerVisionKey)
        {
            var client = new HttpClient();
            client.DefaultRequestHeaders.Add("Ocp-Apim-Subscription-Key", computerVisionKey);
            var response = await client.GetAsync(locationAddress);
            RecognizeTextResult results = null;
            if (response.IsSuccessStatusCode)
            {
                var data = await response.Content.ReadAsStringAsync();
                results = JsonConvert.DeserializeObject<RecognizeTextResult>(data);
            }
            return results;
        }

    }
}
  

The remaining code

There is other code in this application to do things like select the file from disk and loop through the JSON to concatenate all the text; but this code is very simple and (hopefully) self-documenting. You may choose other ways to get the file and handle the JSON in the response.

In this article, I've focused on the code to manage the Cognitive Services calls and responses to those calls in order to get the text from a picture of text.

Wednesday, July 17, 2019 10:51:00 AM (GMT Daylight Time, UTC+01:00)
# Monday, January 28, 2019

Episode 547

Jon Skeet on Versioning

Versioning is more complex than most people believe. Jon Skeet describes the issues and how we can deal with the complexities to keep software libraries from breaking client applications.

Monday, January 28, 2019 8:11:00 AM (GMT Standard Time, UTC+00:00)
# Monday, December 17, 2018

Episode 542

Jim Wooley on Static Analyzers and Roslyn

Microsoft MVP Jim Wooley describes how to use Roslyn to create your own static analyzers to verify the quality of your code.

Monday, December 17, 2018 9:48:00 AM (GMT Standard Time, UTC+00:00)
# Monday, December 3, 2018

Episode 540

Bill Wagner on Nullable Reference Types

C# 8 will have support for Nullable reference types, which will allow you to know better when you need to check for null in your variables. Bill explains the syntax and implication of this upcoming language feature.

Monday, December 3, 2018 9:04:00 AM (GMT Standard Time, UTC+00:00)
# Friday, November 2, 2018

Sometimes, you want to store quotation marks within a string, as in the following example

"Alive", she cried!

In C#, there are at least 4 ways to embed a quote within a string:

  1. Escape quote with a backslash
  2. Precede string with @ and use double quotes
  3. Use the corresponding ASCII character
  4. Use the Hexadecimal Unicode character

Escape with backslash

You can precede any escaped character with a backslash ("\") to preserve that character.

For example:

var lyrics = "\"Alive\", she cried!"
  

Precede with @ and use double quotes

If you precede the string with the "@" character, you can use a double set of quotation marks to indicate a single set of quotation marks within a string.

For example:

var lyrics = @"""Alive"", she cried!"
  

Use the ASCII character

A double quote is the ASCII value 34, so you can append this to your string.

For example:

quote = (char)34 + "Alive" + (char)34 + ", she cried!";
  

Use the Hexadecimal Unicode character

You can escape Unicode characters by preceding the hexadecimal value with "\u". The hexadecimal value of a double quote is 0022, so you can include this in your string.

For example:

quote = "\u0022Alive\u0022, she cried!";
  

These techniques work for many other characters that are difficult to represent within quotation marks, such as line feeds, non-English characters, and non-printing characters.

There are other ways to include quotation marks within a C# string, but these should be enough to get you started.
C#
Friday, November 2, 2018 7:08:00 AM (GMT Standard Time, UTC+00:00)
# Friday, June 29, 2018

The .NET framework provides the FtpWebRequest class to assist you in managing FTP commands.

A common use of this class is to upload a file to an FTP site.

To do this in C#, we create an FtpWebRequest object (the WebRequest object has a static factory method to do this) on the object, set our intended method, and specify the FTP site's login credentials, as shown below.

string ftpUrl = @"ftp://blah.ftp.blah.com";
ftpUrl = ConfigurationManager.AppSettings["ftpUri"];
string userName = ConfigurationManager.AppSettings["userName"];
string password = ConfigurationManager.AppSettings["password"];

string ftpDestinationFolder = "site/wwwroot/content/Giard";
string localFolderSource = @"C:\Test\_source";
string fileName = "testfile.txt";

string sourcePath = @"C:\Test\_source\testfile.txt";
string destinationPath = @"ftp://blah.ftp.blah.com/folder1/testfile.txt";

FtpWebRequest request = (FtpWebRequest)WebRequest.Create(destinationPath);
request.Method = WebRequestMethods.Ftp.UploadFile;
  

A common mistake is to set only the site and folder name (and skip the filename) in the destinationPath.

To send a file via FTP, we need to read the file from disk and convert it into a Stream.

byte[] fileContents;
using (StreamReader sourceStream = new StreamReader(sourcePath))
{
	fileContents = Encoding.UTF8.GetBytes(sourceStream.ReadToEnd());
}
  

We then write this StreamReader to the FTP request object

request.ContentLength = fileContents.Length;
using (Stream requestStream = request.GetRequestStream())
{
	requestStream.Write(fileContents, 0, fileContents.Length);
}
  

Finally, we retrieve the FTP response.

using (FtpWebResponse response = (FtpWebResponse)request.GetResponse())
{
	var responseText = response.StatusDescription;
	Console.WriteLine("Completed uploading file {0}!", fileName);
	Console.WriteLine("Status={0}", responseText);
}
  

The full code of my console app is here:

using System;
using System.Configuration;
using System.IO;
using System.Net;
using System.Text;

namespace DemoFtp
{
    class Program
    {
        static void Main(string[] args)
        {
            string ftpUrl = @"ftp://blah.ftp.blah.com";
            // Note: I stored some values in app.config
            // I had to set a reference to System.Configuration to read these values
            ftpUrl = ConfigurationManager.AppSettings["ftpUri"];
            string userName = ConfigurationManager.AppSettings["userName"];
            string password = ConfigurationManager.AppSettings["password"];

            string ftpDestinationFolder = "site/wwwroot/content/Giard";
            string localFolderSource = @"C:\Test\_source";
            string fileName = "testfile.txt";

            string sourcePath = Path.Combine(localFolderSource, fileName);
            string destinationPath = Path.Combine(ftpUrl, ftpDestinationFolder, fileName);

            FtpWebRequest request = (FtpWebRequest)WebRequest.Create(destinationPath);
            request.Method = WebRequestMethods.Ftp.UploadFile;

            request.Credentials = new NetworkCredential(userName, password);

            byte[] fileContents;
            using (StreamReader sourceStream = new StreamReader(sourcePath))
            {
                fileContents = Encoding.UTF8.GetBytes(sourceStream.ReadToEnd());
            }

            request.ContentLength = fileContents.Length;
            using (Stream requestStream = request.GetRequestStream())
            {
                requestStream.Write(fileContents, 0, fileContents.Length);
            }

            using (FtpWebResponse response = (FtpWebResponse)request.GetResponse())
            {
                var responseText = response.StatusDescription;
                Console.WriteLine("Completed uploading file {0}!", fileName);
                Console.WriteLine("Status={0}", responseText);
            }

            Console.ReadLine();
        }
    }
}
  

You can find this console app in my github repository at https://github.com/DavidGiard/Demo-FTP-CSharp

.Net | C# | Web
Friday, June 29, 2018 7:38:00 AM (GMT Daylight Time, UTC+01:00)
# Wednesday, June 20, 2018

Parsing information from a web page is not a trivial task. Fortunately, HTML has a defined structure and libraries exist to help us navigate that structure.

One such library for C# is HTML Agility Pack or HAP.

You can add this library to a project via NuGet. Simply right-click your project in the Visual Studio Solution Explorer, select "Manage NuGet Packages" (Fig. 1); then search for "HTML Agility Pack" and install the package (Fig. 2).

hap01-MangeNuGet
Fig. 1

hap02-NuGet
Fig. 2

Once the package is installed, you can load your document into an HtmlAgilityPack.HtmlDocument and begin working with it.

There are 3 ways to load a web page into an HtmlDocument: from a file on disk; from a string of HTML, from a URL, and from whatever document is loaded in a browser.

Below are examples of each (taken from the HAP web site).

// From File
var doc = new HtmlDocument();
doc.Load(filePath);

// From String
var doc = new HtmlDocument();
doc.LoadHtml(html);

// From Web
var url = "http://html-agility-pack.net/";
var web = new HtmlWeb();
var doc = web.Load(url);

// From Browser
var web1 = new HtmlWeb();
var doc1 = web1.LoadFromBrowser(url, o =>
{
	var webBrowser = (WebBrowser) o;

	// WAIT until the dynamic text is set
	return !string.IsNullOrEmpty(webBrowser.Document.GetElementById("uiDynamicText").InnerText);
});
  

Listing 1

I am interested in this project because I have a web page that lists all my public presentations and I want to make this page data driven, so I won't have to update a text file every time I schedule a new presentation.

To populate a database with this information, I could either type in every presentation or grab it from my web page and parse out the relevant information in an HTML table. Since I have delivered nearly 500 presentations, re-typing each of these individually seemed like way too much work.

Here is a screenshot of my "Public Presentations" page:

image
Fig. 3

and here is a partial listing of the source HTML for that page.

<table id="talklist">
 <tr style="height:15.0pt">
  <th style="height:15.0pt;width:62pt" width="83">
   Date</th>
  <th width="458">
   Topic</th>
  <th width="311">
   Event</th>
  <th width="64">
	Location</th>
 </tr>
        
 <tr style="height:15.0pt">
 <td>
  Sep 20, 2018
 </td>
 <td>
  Adding Image and Voice Intelligence to Your Apps with Microsoft Cognitive Services
 </td>
 <td>
  VSLive
 </td>
 <td>
  Chicago, IL
 </td>
 </tr>

 <tr style="height:15.0pt">
 <td>
  Sep 20, 2018
 </td>
 <td>
  Effective Data Visualization
 </td>
 <td>
  VSLive
 </td>
 <td>
  Chicago, IL
 </td>
 </tr>

 <tr style="height:15.0pt">
 <td>
  Jun 22, 2018
 </td>
 <td>
  Effective Data Visualization
 </td>
 <td>
  Beer City Code
 </td>
 <td>
  Grand Rapids, MI
 </td>
 </tr>
  

Listing 2

I used the following code to load the data into an HtmlDocument:

var url = "http://www.davidgiard.com/Schedule.aspx";
Console.WriteLine("Getting data from {0}...", url);
var web = new HtmlWeb();
var doc = web.Load(url);
  

Listing 3

The HtmlDocument has a DocumentNode property, which returns the root element of the HTML document as a node. Most of the time, I found myself working with nodes and collections of nodes. Each node has a SelectSingleNode and a SelectNodes method which returns a node and a collection of nodes, respectively. These take an XPATH argument, with which I was familiar from my days working with XML documents.

The following code retrieves a nodelist of all the <tr> row nodes within the "talklist" table, shown in Listing 2.

var documentNode = doc.DocumentNode;
var tableNode = documentNode
			.SelectSingleNode("//table[@id='talklist']");
var rowsNodesList = tableNode.SelectNodes("tr");
  

Listing 4

Finally, because each <tr> node contains 4 nodes of <td> cells, I can iterate through each node, find all the cells, and the innertext of each cell. For good measure, I stripped off any non-printing characters. Because the title row contains <th> cells, instead of <td> cells, I want to check for this before extracting information.

The code for this is in Listing 5.

var rowCount = 1;
foreach (var row in rowsNodesList)
{
	var cells = row.SelectNodes("td");
	if (cells != null && cells.Count > 0)
	{
		var date = cells[0].InnerText;
		date = date.Replace("\r\n", "").Trim();
		var topic = cells[1].InnerText;
		topic = topic.Replace("\r\n", "").Trim();
		var eventName = cells[2].InnerText;
		eventName = eventName.Replace("\r\n", "").Trim();
		var location = cells[3].InnerText;
		location = location.Replace("\r\n", "").Trim();

		Console.WriteLine("Row: {0}", rowCount);
		Console.WriteLine("Date: {0}", date);
		Console.WriteLine("Topic: {0}", topic);
		Console.WriteLine("Event: {0}", eventName);
		Console.WriteLine("Location: {0}", location);
		Console.WriteLine("--------------------");
		rowCount++;
	}
}
  

Listing 5

Here is the full code listing for my console app that retrieves the text of each cell.

using HtmlAgilityPack;
using System;

namespace TestHAP
{
    class Program
    {
        static void Main(string[] args)
        {
            var url = "http://www.davidgiard.com/Schedule.aspx";
            Console.WriteLine("Getting data from {0}...", url);
            var web = new HtmlWeb();
            var doc = web.Load(url);

            var documentNode = doc.DocumentNode;
            var tableNode = documentNode
                        .SelectSingleNode("//table[@id='talklist']");
            var rowsNodesList = tableNode.SelectNodes("tr");

            var rowCount = 1;
            foreach (var row in rowsNodesList)
            {
                var cells = row.SelectNodes("td");
                if (cells != null && cells.Count > 0)
                {
                    var date = cells[0].InnerText;
                    date = date.Replace("\r\n", "").Trim();
                    var topic = cells[1].InnerText;
                    topic = topic.Replace("\r\n", "").Trim();
                    var eventName = cells[2].InnerText;
                    eventName = eventName.Replace("\r\n", "").Trim();
                    var location = cells[3].InnerText;
                    location = location.Replace("\r\n", "").Trim();

                    Console.WriteLine("Row: {0}", rowCount);
                    Console.WriteLine("Date: {0}", date);
                    Console.WriteLine("Topic: {0}", topic);
                    Console.WriteLine("Event: {0}", eventName);
                    Console.WriteLine("Location: {0}", location);
                    Console.WriteLine("--------------------");
                    rowCount++;
                }
            }

            Console.ReadLine();
        }
    }
}
  

Listing 6

You can download this solution from my GitHub repository.

Although I don’t intend to use it for this, HAP also supports modifying the HTML you select with node methods like AppendChild(), InsertAfter(), and RemoveChild().

This tool will help me to retrieve and parse the hundreds of rows of data from my web page and insert them into a database.

C# | HTML5 | Web
Wednesday, June 20, 2018 8:39:00 AM (GMT Daylight Time, UTC+01:00)
# Wednesday, May 18, 2016

The Newtonsoft.Json library contains a number of tools for working with JSON from within your .NET application.

New ASP.NET applications created in Visual Studio already contain a reference to the Newtonsoft.Json library. But if you want to add the library to a different project type or if you want to update the version installed by default with an ASP.NET application, you can right-click your project in the Visual Studio Solution Explorer and select "Manage NuGet Package..." and search for Newtonsoft.Json. Select the "Newtonsoft.Json" package (Fig 1) and click either "Install" or "Update".

Newtonsoft is very good at serializing .NET objects into JSON objects.

One feature that I find useful is its ability to rename attributes in my classes. For example, if I have a class named "SocialSecurityNumber" in my C# class and the client consuming my JSON object expects that same property to be named "ssn", I can make this transformation declaratively by adding the JsonProperty attribute to the class property, as shown in Listing 1.

[JsonProperty("ssn")]
public string SocialSecurityNumber { get; set; } 

By convention, C# developers tend to name public properties with mixed case (capitalize the first letter of each word); while JavaScript and JSON developers tend to name properties using Camel casing (capitalize the first letter of each word, except the first word). In the past, I used the JsonProperty attribute to accomplish this, renaming every variable that would be serialized to JSON, as in the following example:

[JsonProperty("firstName")]
public string FirstName { get; set; }
 
[JsonProperty("lastName")]
public string LastName { get; set; }

For projects with many objects and many properties, this can be a tedious task. Fortunately, I recently learned a shortcut.

ASP.NET contains a Formatters class that controls how items are formatted and Newtonsoft.Json can tap into this. The following code, when run at the start of your application, converts all properties to Camel-Case as you transform them to JSON.

var formatters = GlobalConfiguration.Configuration.Formatters;
var jsonFormatter = formatters.JsonFormatter;
var settings = jsonFormatter.SerializerSettings;
settings.ContractResolver = new CamelCasePropertyNamesContractResolver(); 

I added this code to the Register method of the WebApiConfig class in my ASP.NET MVC project, so that it is run when the application starts up, before any serialization is done.

Another useful setting is to add carriage returns and line feeds to the JSON that is created. This has the disadvantage of making your JSON slightly larger; but it makes it much easier for human beings to read, which can be very useful during debugging. This is accomplished with the following line:

settings.Formatting = Formatting.Indented; 

The full listing in the Register() method is shown below:

var formatters = GlobalConfiguration.Configuration.Formatters;
var jsonFormatter = formatters.JsonFormatter;
var settings = jsonFormatter.SerializerSettings;
settings.Formatting = Formatting.Indented;
settings.ContractResolver = new CamelCasePropertyNamesContractResolver(); 

Using the tools in the Newtonsoft.Json library, we can easily adhere to the conventional naming conventions of whatever platform in which our data is used.

C# | JavaScript | Web
Wednesday, May 18, 2016 8:18:48 PM (GMT Daylight Time, UTC+01:00)
# Monday, May 9, 2016
Monday, May 9, 2016 4:07:00 PM (GMT Daylight Time, UTC+01:00)
# Tuesday, February 23, 2016
# Monday, July 27, 2015
Monday, July 27, 2015 4:01:00 PM (GMT Daylight Time, UTC+01:00)
# Monday, June 29, 2015
Monday, June 29, 2015 2:02:00 PM (GMT Daylight Time, UTC+01:00)
# Wednesday, June 17, 2015

The Null Coalescing operator has been around since the early days of C#. Yet it still remains unused by most developers. I'm guessing this is because they are unaware of it, rather than deliberately rejecting it.

The operator is simply a double question mark ("??"). Some people refer to it as the "Elvis Operator" because, if you squint your eyes just right, the curvy parts of each question mark resemble the waves of singer Elvis Presley's famous pompadour-style hair while the dots resemble his eyes.


The King

The operator takes 2 arguments and returns a single value. If the first argument is not null, the null coalescing operator returns that argument; otherwise, it returns the second argument.

This is clarified by the following 2 examples

String a = "first";
String b = "second";
String c = a ?? b;
Console.WriteLine(c);
// Output: first 
 
String d = null;
String e = "second";
String f = d ?? e;
Console.WriteLine(f);
// Output: second 
 

Of course, the code snippet

String f = d ?? e;

is identical to the following:

String f = "";
if (a == null)
    f = e;
else
    f = d; 

The arguments must be nullable and the examples above work because "string" is nullable by default. You may need to use the nullable version of other data types as in the example below that features integers.

int? g = 1;
int? h = 2;
int? i = g ?? h;
Console.WriteLine(i);
// Output: 1 
 
int? j = null;
int? k = 2;
int? l = j ?? k;
Console.WriteLine(l);
// Output: 2 
 

You can even use this operator with custom classes and objects, as in the following example.

public class Person
{
    public string FirstName { get; set; }
    public string LastName { get; set; }
} 
 
class Program
{
    static void Main(string[] args)
    {
        Person m = null;
        Person n = new Person() { FirstName = "David", LastName = "Giard" };
        Person o = m ?? n;
        Console.WriteLine(o.FirstName);
        Console.ReadLine();
    }
} 
 

So why bother using the null coalescing operator? Why not continue to use the longer "if/else" version if the results are the same. There are a couple reasons to use the null coalescing operator: Converting Nullable properties to Non-Nullable properties and Ease of Reading.

Converting to Non-Nullable Properties

The Null Coalescing operator is useful for converting a nullable property into a non-nullable property.

For example, the following example, returns "N/A" for the FavoriteColor property if none is assigned. This assures that FavoriteColor will never return Null.

private string _favoriteColor;
public string FavoriteColor
{
    get { return _favoriteColor ?? "N/A"; }
    set { _favoriteColor = value; }
}

Ease of reading

The single line of a code allowed by the Null coalescing operator tends to be much more terse and more clear than the multiple lines of an IF/ELSE construct. This is particularly true if you have a lot of similar checks in a row. Given the following examples, it is much easier to read the first than the second. Once you are comfortable with the syntax, it is easy to see what the code is doing. Even though you are almost certainly familiar with the syntax of an "if" construct, you still must pause to step through the code and think about what the second example is doing.

Some will argue that the Null Coalescing operator is more difficult to read because so many are unfamiliar with it. This seems a weak argument to me, given how long it has been in the language and how useful it is. As a developer, we owe it to ourselves to become familiar with the core structures of our language of choice and this includes the operators.

So don’t be cruel, Hound Dog! Ignore those suspicious minds and check out of Heartbreak Hotel!

Make your code more concise and readable by using the Null Coalescing operator.

.Net | C#
Wednesday, June 17, 2015 3:23:00 PM (GMT Daylight Time, UTC+01:00)
# Tuesday, June 16, 2015

C# contains a single operator that handles conditional logic in a single statement. It is generally written as "?:" (making it difficult to find using a search engine) and it is often referred to as the conditional operator, although the official documentation does not give it this name.

I write about it here, not because it is new or extra cool, but because I believe it is underused by C# developers.

The syntax is:
condition ? ValueIfTrue : ValueIfFalse;

where

  • condition is a boolean expression to test
  • ValueIfTrue is the value to return if the condition expression is true
  • ValueIfFalse is the value to return if the condition expression is false

An example should clarify this:

   1: int x;
   2: string y;
   3: x = 1;
   4: y = x >= 0 ? "Positive" : "Negative";
   5: Console.WriteLine(y); 
   6:  
   7: x = -1;
   8: y = x >= 0 ? "Positive" : "Negative";
   9: Console.WriteLine(y); 

The output of this code snippet is:

Positive
Negative

The expression

x >= 0 ? "Positive" : "Negative";

returns the string "Positive" if x is at least 0 and "Negative" if x is less than 0.

Of course the same expression could be written like the following:

   1: x = 1;
   2: if (x >= 0)
   3: {
   4:     y = "Positive";
   5: }
   6: else
   7: {
   8:     y = "Negative";
   9: }
  10: Console.WriteLine(y);
  11: 
  12: x = -1;
  13: if (x >;= 0)
  14: {
  15:     y = "Positive";
  16: }
  17: else
  18: {
  19:     y = "Negative";
  20: }
  21: Console.WriteLine(y);

But this requires more typing (which provides more changes for errors); and (more importantly), it takes more time to read, so it cannot be digested as quickly by someone reviewing the code later. Of course, I'm assuming that the code reviewer is familiar with this operator, but I don't think that's an unreasonable expectation, given that it has been in the C# language over 10 years.

Many developers are not familiar with ?: operator, but they should be. It simplifies code and makes it easier to read.


Here is the full code of a console application demonstrating these concepts:

   1: class Program
   2: {
   3:     static void Main(string[] args)
   4:     {
   5:         int x;
   6:         string y;
   7:         x = 1;
   8:         y = x >= 0 ? "Positive" : "Negative";
   9:         Console.WriteLine(y);
  10: 
  11:         x = -1;
  12:         y = x >;= 0 ? "Positive" : "Negative";
  13:         Console.WriteLine(y);
  14: 
  15:         x = 1;
  16:         if (x >;= 0)
  17:         {
  18:             y = "Positive";
  19:         }
  20:         else
  21:         {
  22:             y = "Negative";
  23:         }
  24:         Console.WriteLine(y);
  25: 
  26:         x = -1;
  27:         if (x >;= 0)
  28:         {
  29:             y = "Positive";
  30:         }
  31:         else
  32:         {
  33:             y = "Negative";
  34:         }
  35:         Console.WriteLine(y);
  36: 
  37:         Console.ReadLine();
  38:     }
  39: }
Tuesday, June 16, 2015 5:34:00 PM (GMT Daylight Time, UTC+01:00)
# Monday, July 29, 2013
Monday, July 29, 2013 4:22:00 PM (GMT Daylight Time, UTC+01:00)
# Tuesday, June 5, 2012

The .NET Framework provides configuration files - app.config and web.config - to store application-wide configurable information.

But these are just text files, so they can be read by anyone with the proper permissions. What if I want to store sensitive information in this file, such as a password or a connection string?f

Fortunately, the .NET Framework also provides a mechanism for encrypting parts of a config file. This functionality is available in the System.Configuration namespace in the System.Configuration assembly, so you will need to set a reference to this assembly (Project | Add Reference | .NET tab) and add the following line to the top of your class file
using System.Configuration;

The ConfigurationManager.OpenExeConfiguration static method accepts the name of an assembly and returns a Configuration object that can be used to manipulate the config file. It is important to remember that, when a project is built, the project's app.config file is renamed to {AssemblyName}.exe.config and copied to the bin\Debug or bin\Release folder (depending on the build configuration). It is the {AssemblyName}.exe that is passed into the OpenExeConfiguration method and it is the config file under the bin folder that will be affected by our code.

For example, the following code creates a Configuration object to read and manipulate the config file associated with the MyAwesomeApp.exe assembly

string appName = "MyAwesomeApp.exe";
Configuration config = ConfigurationManager.OpenExeConfiguration(appName);

We can call the Configuration object's GetSection method to get a reference to a particular section of the config file. For example, if we want to work with the connectionStrings section, we use the code

var section = (ConnectionStringsSection) config.GetSection("connectionStrings");

Now we can check to see if the section is already encrypted (IsProtected property), encrypt the section (ProtectSection method), or decrypt the section (UnprotectSection method). The following code encrypts the connectionString section

string appName = "MyAwesomeApp.exe";
Configuration config = ConfigurationManager.OpenExeConfiguration(appName);
ConnectionStringsSection section = config.GetSection("connectionStrings") as ConnectionStringsSection;
if (!section.SectionInformation.IsProtected)
{
    section.SectionInformation.ProtectSection("DataProtectionConfigurationProvider");
}
config.Save();


The code below decrypts the connectionString section

string appName = "MyAwesomeApp.exe";
Configuration config = ConfigurationManager.OpenExeConfiguration(appName);
ConnectionStringsSection section = config.GetSection("connectionStrings") as ConnectionStringsSection;
if (section.SectionInformation.IsProtected)
{
    //it is so we need to remove the encryption
    section.SectionInformation.UnprotectSection();
}
config.Save();

The final step is to write changes back to the file by calling the Configuration object's Save method.
config.Save();

Below is the unencrypted config file

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <connectionStrings>
    <add name="MyApp_Dev" connectionString="Data Source=Server01;Initial Catalog=AwesomeDB_Dev;Integrated Security=True"/>
    <add name="MyApp_QA" connectionString="Data Source=Server01;Initial Catalog=AwesomeDB_QA;Integrated Security=True"/>
    <add name="MyApp_Prod" connectionString="Data Source=Server01;Initial Catalog=AwesomeDB;Integrated Security=True"/>
  </connectionStrings>
  <appSettings>
    <add key="CompanyName" value="The Awesome Company"/>
    <add key="CompanyPhone" value="313-555-4321"/>
  </appSettings>
</configuration>

And here is the same config file with the connectionStrings section encrypted
<?xml version="1.0" encoding="utf-8" ?>
<configuration>

  <connectionStrings configProtectionProvider="DataProtectionConfigurationProvider">
    <EncryptedData>
      <CipherData>
        <CipherValue>AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA/NM6tBoQfE2WAlH0NVuRWQQAAAACAAAAAAAQZgAAAAEAACAAAADdZOBg8ugEiLd8RlHk95C+fuXUTC706/hDeZT2XN8G0gAAAAAOgAAAAAIAACAAAABEW5bTk3uNJDoKMt26yvD+YY1v0fqe2et8KWeJOewx3UADAADGEgVw4K4nlwQjjKpu6BZYMYXeB1eovlbYrEbg/A+Kk6UhqBTdAqt6UmW/6B4M2pXWpP9VqDTDfr7GKEK06qDdXRnYfGYH1JAg2xPoI3aeA5DQP6HAIbSymXejw/B+s47L4rTT2R4PvfRfMYiMppxCrEh+eopKdvcg34JsD+o6Il+6a4TiTiYLzQ9BESoxepfY9pqaADFrLChPYzwjymAqfsAFE/n++APjb7aktViu5+AI+QM3RDEhDFzsP7Wy+UkGsPrIoyMUaLMFNibK7LZFiBL6+VHZEur+4xyI+Uu+UH194oBOX1g77nBzuTsivNgH7048JhbzeSk9mjOZrGACX433vC6neqGaJ42sC9sC16JX9CGEZrnipeoyEeR0RT1H3A38Xasn9lYkUyE3LBIJ1k0iZJoAAnCvXfmSzXoXsHjpvmmlst3SAo24TL7WsdaVliBR/6i5N6AswTOemjvFe0Rhb5zoeGX36aI4SD71DYaLxqss1MVm5gc6CEsringGeHbFRqu/kTylA6xgr8rfL/eTcjQs2zRIUTzc4/DUSsyNIUWQ0+z+BDoR/AGTSx7v2OKp2vpmHLf7kn3DxYITlpDV6voJrbmpMx9lN3Z7DYQD4vNLczGPHpKbBCEXDHNw1E7QDrQaz38Ka4pRKnCRa/GL7X8euA82bYaJmEmUEBqhcZg3mQHR31X5tUbZ3HkvMxEUcRmJITpj29V6RKEmugkWmxl3OCJzuZ3vcUSgKnQIAJkqr3YBuZR3YJjDCo7i5EElFAcpv89rM2RtSVNC7i6KLJLsISjOgzD5CktrDjgMZLtxN6BdyljvWNj0L29APvSxd5ovxgCOKXE2UYpH3l4HgX78P82wx1vBNhO5UmqP7xdz1jTi9cGP6HHNiv8qJZjlTOO2/afnDDYt/pKJqWWTRUhJiZZipC+dQ6bBYOhMZbclROzptu0fIYwqdeDxPcXalN3kjIXW4kwblSd4TxmCO01JD9eL+MFT/PSaipj7CqaAHTnpL0n40jV4WK4EaxUTuXi0/NXBUjMFw4ZTdlEnLv1jjCKZ+r2Q1YbrrI286PATrwLDbYsVVGEefp8vBsOD7xfHmIPeYolbEOq2QAAAAHoGwcm8HT1RS0pXvgOjRR37Gy1BLfG/5xsYdZqOB9nT6xthVULhqwPlAsFwDXLfNZQLnpZiocwHDf07DeQiNK8=</CipherValue>
      </CipherData>
    </EncryptedData>
  </connectionStrings>
  <appSettings>
    <add key="CompanyName" value="The Awesome Company"/>
    <add key="CompanyPhone" value="313-555-4321"/>
  </appSettings>
</configuration>

Here is a complete code snippet for getting a config and toggling the decryption of the connectionStrings section

string appName = "MyAwesomeApp.exe";
Configuration config = ConfigurationManager.OpenExeConfiguration(appName);
ConnectionStringsSection section = config.GetSection("connectionStrings") as ConnectionStringsSection;
if (section.SectionInformation.IsProtected)
{
    section.SectionInformation.UnprotectSection();
}
else
{
    section.SectionInformation.ProtectSection("DataProtectionConfigurationProvider");
}
config.Save();

One of the nice things about using these libraries to encrypt config file sections is that we don’t need to change our code that reads the values in this section. For example, the following code

string connectionString = section.ConnectionStrings["MyApp_Dev"].ConnectionString;
.Net | C#
Tuesday, June 5, 2012 4:01:00 PM (GMT Daylight Time, UTC+01:00)
# Saturday, May 12, 2012

Here is Bill Wagner's presentation at GANG10, the October 1 event celebrating 10 years of the Great Lakes Area .NET User Group. Bill talks about asynchronous programming, including the new features coming in C# 5.

.Net | C# | Video
Saturday, May 12, 2012 3:39:00 PM (GMT Daylight Time, UTC+01:00)
# Friday, May 4, 2012

At Codeslingers last night, someone pulled out some coding Katas. For those who don’t know, a Kata is a coding exercise that is designed to practice your programming skills, rather than to solve a particular business problem. I was handed the classic “FizzBuzz” problem. The assignment:

Create a function that will print the integers from 1 to 100 with the following exceptions:

  • If a number is divisible by 3, print the word “Fizz” in place of that number.
  • If a number is divisible by 5, print the word “Buzz” in place of that number.
  • If a number is divisible by both 3 and 5, print the word “FizzBuzz” in place of that number.

The output should look something like the following:

1
2
Fizz
4
Buzz
Fizz
7
8
Fizz
Buzz
11
Fizz
13
14
FizzBuzz
16

I started with a C# console application because that is the language with which I am most familiar. It was able to finish the following in under 2 minutes. It took me 5 minutes to write the unit tests.

class Program
{
    static void Main(string[] args)
    {
        for (int i = 1; i < 100; i++)
        {
            var p = FizzBuzz(i);
            Console.WriteLine(p);
        }
        Console.ReadLine();
    }

    protected static string FizzBuzz(int i)
    {
        if (i % 15 == 0)
            return "FizzBuzz";
        if (i % 3 == 0)
            return "Fizz";
        if (i % 5 == 0)
            return "Buzz";
        return i.ToString();
    }
}

I only occasionally code in JavaScript, so I tackled that language next. Someone recommended using http://jsfiddle.net/
as an online IDE for writing and sharing JavaScript, so I tried it and liked it. Of course, JavaScript is a dynamic language and one of my big challenges was spelling things correctly without all the help Visual Studio provides when writing in a statically-typed language. In my case, I misspelled the id of a div, which cost me at least 15 minutes. I created the following boilerplate HTML:

<html>
    <body>
        <div id="fizzbuzz"></div>
    </body>
</html>

Then, I used the following JavaScript (plus a bit of jQuery) to output the FizzBuzz results:

for (i = 1; i <= 100; i++) {
    $("#fizzbuzz").append(function() {
        var newLine = i;
        if (i % 3 === 0) {
            newLine = "Fizz";
        }
        if (i % 5 === 0) {
            newLine = "Buzz";
        }
        if (i % 15 === 0) {
            newLine = "FizzBuzz";
        }
        var newDiv = $("<div>").text(newLine);
        return newDiv;
    });
}

A simple program like this provides a fun way to practice an old language and to learn a new language. Next up, I’ll try this program with F# and Ruby, since I have very little experience with these languages.

Friday, May 4, 2012 12:40:00 AM (GMT Daylight Time, UTC+01:00)
# Friday, April 13, 2012

SQL Injection  is one of the most frequently-exploited vulnerabilities in the software world. It refers to user-entered data making its way into commands sent to back-end systems. It is common because so many developers are unaware of the risk and how to mitigate it.

Most of the applications I work with read from and write to a relational database, such as Microsoft SQL Server.  I frequently run across ADO.NET code like the following:

string lastName = "'Adams'";
string sql = "Select * from dbo.Customer where LastName = '" + lastName + "'";
string connString = ConfigurationManager.ConnectionStrings["LocalConn"].ConnectionString;
using (var conn = new SqlConnection(connString))
{
    conn.Open();
    var cmd = conn.CreateCommand();
    cmd.CommandText = sql;
    SqlDataReader reader = cmd.ExecuteReader();
    while (reader.Read())
    {
        Console.WriteLine("Bad Name: {0} {1}", reader["FirstName"], reader["LastName"]);
    }
}

This code is designed to call a stored procedure like the following:

CREATE PROCEDURE [dbo].[GetCustomersByFirstName]
    @FirstName NVARCHAR(50)
AS
BEGIN
    -- SET NOCOUNT ON added to prevent extra result sets from
    SET NOCOUNT ON;

    SELECT 
            Id, 
            FirstName, 
            LastName
        FROM dbo.Customer
        WHERE FirstName = @FirstName
        ORDER BY Id
END

GO

This method of code has several disadvantages

  1. This code is not optimal because SQL Server does not have a chance to reuse a cached query plan unless the user happens to send the exact same text into SQL Server.
  2. The string concatenation opens the system to SQL Injection attacks.

A SQL Injection Attack is an attempt by an unscrupulous user to pass malicious commands to a database. In the above example, imagine that the variable x was provided by a user inputting text into a text box on a web age. An evil user might type something like

"Smith';DROP TABLE Customer;//"

If that code runs with sufficient permissions, it would wreak havoc on your database. The following query would be passed to SQL Server.
Select * from dbo.Customer where LastName = 'Smith';DROP Table Customer;//'

Clearly, dropping the customer table is not what your code is intended to do.

Many of you will read the above example and decide that you are safe because

  1. Your web code runs under a context with insufficient privileges to drop a table; and
  2. You are validating all user inputs to ensure a user cannot enter anything bad.

There are problems with this reasoning.

  1. A clever hacker can sometimes trick a user into running code under elevated privileges. Often there are multiple steps to an attack.
  2. Even if you have caught every possible injection possibility in your user interface, you cannot guarantee that every call to this API will be made only from your UI for all eternity. You may open up the API to the public or you may subcontract writing a mobile application that calls this API or you may hire a new programmer who doesn't know better.

The point is that you need to check security at every level of your application. And part of checking security is to not trust your inputs.

A far better approach than concatenating strings to form a SQL statement is to create parameter instances; set the value of each parameter; and add these parameters to a Parameters collection.

The code below shows how to do this.

string lastName = "Adams";
string sql = "Select * from dbo.Customer where LastName = @LastName";
string connString = ConfigurationManager.ConnectionStrings["LocalConn"].ConnectionString;
using (var conn = new SqlConnection(connString))
{
    conn.Open();
    var cmd = conn.CreateCommand();
    cmd.CommandText = sql;
    SqlParameter lnParam = cmd.CreateParameter();
    lnParam.ParameterName = "@LastName";
    lnParam.Value = lastName;
    cmd.Parameters.Add(lnParam);
    SqlDataReader reader = cmd.ExecuteReader();
    while (reader.Read())
    {
        Console.WriteLine("Good Name: {0} {1}", reader["FirstName"], reader["LastName"]);
    }
    Console.WriteLine();

Pass an unexpected parameter here and it will no t be executed on the end of the query because SQL Server is expecting a parameter for a specific use.

The same pattern works if I want to pass in a dynamic string of SQL. Passing Parameter instances is more secure than concatenating SQL and passing that string to SQL Server.

Below is a console application that uses the vulnerable string concatenation method to call SQL Server via ADO.NET

using System;
using System.Configuration;
using System.Data.SqlClient;

namespace PassingSql_WrongWay
{
    class Program
    {
        static void Main(string[] args)
        {
            CallSqlQuery();
            CallStoredProc();
            Console.ReadLine();
        }

        private static void CallSqlQuery()
        {
            string lastName = "'Adams'";
            //string lastName = "Adams';DROP TABLE dbo.ExtraTable;--";
            string sql = "Select * from dbo.Customer where LastName = '" + lastName + "'";
            string connString = ConfigurationManager.ConnectionStrings["LocalConn"].ConnectionString;
            using (var conn = new SqlConnection(connString))
            {
                conn.Open();
                var cmd = conn.CreateCommand();
                cmd.CommandText = sql;
                SqlDataReader reader = cmd.ExecuteReader();
                while (reader.Read())
                {
                    Console.WriteLine("Bad Name: {0} {1}", reader["FirstName"], reader["LastName"]);
                }
            }
            Console.WriteLine();
        }

        private static void CallStoredProc()
        {
            string firstName = "James";
            string sql = "EXEC GetCustomersByFirstName '" + firstName + "'";
            string connString = ConfigurationManager.ConnectionStrings["LocalConn"].ConnectionString;
            using (var conn = new SqlConnection(connString))
            {
                conn.Open();
                var cmd = conn.CreateCommand();
                cmd.CommandText = sql;
                SqlDataReader reader = cmd.ExecuteReader();
                while (reader.Read())
                {
                    Console.WriteLine("Bad Name: {0} {1}", reader["FirstName"], reader["LastName"]);
                }
                Console.WriteLine();
            }
        }
    }
}

Below is a similar console app, using the more secure parameters pattern

using System;
using System.Configuration;
using System.Data.SqlClient;

namespace PassingSql_RightWay
{
    class Program
    {
        static void Main(string[] args)
        {
            CallSqlQuery();
            CallStoredProc();
            Console.ReadLine();
        }

        private static void CallSqlQuery()
        {
            string lastName = "Adams";
            //string lastName = "Adams;DROP TABLE dbo.ExtraTable;--";
            string sql = "Select * from dbo.Customer where LastName = @LastName";
            string connString = ConfigurationManager.ConnectionStrings["LocalConn"].ConnectionString;
            using (var conn = new SqlConnection(connString))
            {
                conn.Open();
                var cmd = conn.CreateCommand();
                cmd.CommandText = sql;
                SqlParameter lnParam = cmd.CreateParameter();
                lnParam.ParameterName = "@LastName";
                lnParam.Value = lastName;
                cmd.Parameters.Add(lnParam);
                SqlDataReader reader = cmd.ExecuteReader();
                while (reader.Read())
                {
                    Console.WriteLine("Good Name: {0} {1}", reader["FirstName"], reader["LastName"]);
                }
                Console.WriteLine();
            }
        }

        private static void CallStoredProc()
        {
            string firstName = "James";
            string storedProcName = "GetCustomersByFirstName";
            string connString = ConfigurationManager.ConnectionStrings["LocalConn"].ConnectionString;
            using (var conn = new SqlConnection(connString))
            {
                conn.Open();
                var cmd = conn.CreateCommand();
                cmd.CommandText = storedProcName;
                cmd.CommandType = System.Data.CommandType.StoredProcedure;
                SqlParameter lnParam = cmd.CreateParameter();
                lnParam.ParameterName = "@FirstName";
                lnParam.Value = firstName;
                cmd.Parameters.Add(lnParam);
                SqlDataReader reader = cmd.ExecuteReader();
                while (reader.Read())
                {
                    Console.WriteLine("Good Name: {0} {1}", reader["FirstName"], reader["LastName"]);
                }
                Console.WriteLine();
            }
        }
    }
}

If you wish to use the above code, create a new database named TestData and run the following SQL DDL to create the database objects.

USE [TestData]
GO

/****** Object:  Table [dbo].[ExtraTable]    
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
CREATE TABLE [dbo].[ExtraTable](
    [foo] [nchar](10) NULL,
    [bar] [nchar](10) NULL
) ON [PRIMARY]
GO

/****** Object:  Table [dbo].[Customer]    
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
CREATE TABLE [dbo].[Customer](
    [Id] [int] IDENTITY(1,1) NOT NULL,
    [FirstName] [nvarchar](50) NULL,
    [LastName] [nvarchar](50) NOT NULL
) ON [PRIMARY]
GO

INSERT INTO dbo.Customer (FirstName, LastName) VALUES ('George', 'Washington') 
GO 
INSERT INTO dbo.Customer (FirstName, LastName) VALUES ('John', 'Adams') 
GO 
INSERT INTO dbo.Customer (FirstName, LastName) VALUES ('Thomas', 'Jefferson') 
GO 
INSERT INTO dbo.Customer (FirstName, LastName) VALUES ('James', 'Madison') 
GO 
INSERT INTO dbo.Customer (FirstName, LastName) VALUES ('James', 'Monroe') 
GO 
INSERT INTO dbo.Customer (FirstName, LastName) VALUES ('John Quincy', 'Adams') 
GO 

/****** Object:  StoredProcedure [dbo].[GetCustomersByFirstName]   
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
CREATE PROCEDURE [dbo].[GetCustomersByFirstName]
    @FirstName NVARCHAR(50)
AS
BEGIN
    SET NOCOUNT ON;

    SELECT 
            Id, 
            FirstName, 
            LastName
        FROM dbo.Customer
        WHERE FirstName = @FirstName
        ORDER BY Id
END
GO

With a little bit of thought and a few lines of code, you can significantly reduce the risk of SQL injection in your ADO.NET code.

.Net | C# | SQL Server
Friday, April 13, 2012 12:13:00 AM (GMT Daylight Time, UTC+01:00)
# Monday, April 9, 2012
Monday, April 9, 2012 3:03:00 PM (GMT Daylight Time, UTC+01:00)
# Monday, February 28, 2011
Monday, February 28, 2011 6:15:00 PM (GMT Standard Time, UTC+00:00)
# Monday, January 31, 2011
# Monday, September 13, 2010

At the June 2010 Great Lakes Area .Net User Group meeting, Microsoft Regional Director Bill Wagner shows off many of the new features of C# 4.0

Here is that presentation captured on video.

C# | Video
Monday, September 13, 2010 3:48:14 AM (GMT Daylight Time, UTC+01:00)
# Thursday, May 13, 2010

The var keyword was introduced in C# 3.0 and is used to declare a new variable.

The var keyword looks suspiciously like the variant keyword from Visual Basic 6. However, unlike variant, var is used to specify a strongly-typed variable. The type of the variable is inferred by the value initially assigned to that variable. As a result, whenever we use var to declare a variable, we must assign a value to the variable on the same line. So

var myString = "Hello";

is valid, but

var myString;

is not.

As mentioned earlier, the type of a variable is inferred from the value assigned to it, so in the line

var myString = "Hello";

is equivalent to

string myString = "Hello";

and

var myNum = 99;

is equivalent to

int myNum = 99;

The compiler is smart enough to recognize that "Hello" is a string and 99 is an integer and type the variable appropriately. This type checking is done at compile time, so the following code is invalid and will not compile

var x = 99;
x = "Hello";

because x is an integer, it is not possible to assign a string to it and the compiler knows this.

The var keyword is also smart enough to infer data types from the return types of functions. For example, if I have a function that returns an int and I assign the results of that function to a variable declared with the var keyword, that variable will be defined as an int. Here is a sample

static int AddNumbers(int x, int y)
{
return x + y;
}
var sum = AddNumbers(2,3);

The variable sum is an int because AddNumbers returns an int.

Earlier this year, following a user group presentation and someone noticed my use of the var keyword in my demos. The appropriateness of var became a Twitter debate and the subject of at least one blog post.

As long as I follow the rules, the compiler doesn't care whether I declare a variable using var or the explicit data type. So when do I use var? I use var when I think it will improve readability.

Consider the following 2 (equivalent) lines of code

Line 1: Customer cust = new Customer();
Line 2: var cust = new Customer();

Both lines are the same as far as the compiler is concerned. But the second line of code is more concise and easy to read. I have communicated the same information in a shorter command and with no loss of information. It should be obvious to anyone reading the second line that the variable cust contains a Customer object. In this case, I would declare the variable with the 'var' keyword because it is more readable.

The last example may not seem like there is much difference in readability between the two lines, but check out the following two equivalent lines

Line1: Dictionary<int, string> dict = new Dictionary<int, string>();
Line2: var dict = new Dictionary<int, string>();

Clearly, Line2 is more readable than Line1 in this case.

Now consider the following (equivalent) lines of code

Line 1: Customer cust = RetrievePrimaryCustomer();
Line 2: var cust = RetrievePrimaryCustomer();

Both lines are the same as far as the compiler is concerned. But I can't be sure, just from looking at the declaration, what data type is returned by the RetrievePrimaryCustomer method. The compiler knows the type, but I need to go through one or more manual steps to figure it out. In this case, the first option is more readable because it provides to anyone reading my code more information about the variable.

So my rule for using var is simple:

If the data type is obvious to anyone reading my code, use the var keyword; Otherwise explicitly specify the data type.

The var keyword is a useful shortcut that can help make your code more readable.

C#
Thursday, May 13, 2010 12:42:27 PM (GMT Daylight Time, UTC+01:00)
# Monday, January 18, 2010

Episode 64

In this interview, author and developer Bill Wagner discusses the dynamic features in the upcoming C# 4.0.

Monday, January 18, 2010 3:03:20 PM (GMT Standard Time, UTC+00:00)
# Sunday, September 13, 2009

Back To Basics

The yield return and yield break keywords are shortcuts introduced in C# 3.0. They are designed to assist you in a method that returns IEnumerable <T>.
Often such methods consist of the following steps

  1. Create an empty IEnumerable set.
  2. Loop through some data (via a while, foreach or other construct)
  3. Add to the set within your loop.
  4. Exit the loop when some limit is reached.
  5. Return the set.

A sample of such code is shown below.

public IEnumerable<Int32> GetOddNumbers_Old(Int32 maxNumber)
{
    List<Int32> oddSet = new List<Int32>();
    int num = 0;
    while (true)
    {
        System.Threading.Thread.Sleep(1000);
        num++;
        if (num % 2 == 1)
        {
            oddSet.Add (num);
        }
        if (num >= maxNumber)
        {
            break;
        }
    }

    return oddSet;
}

The new yield keywords allow you to shorten your code to only the following steps

  1. Loop through some data
  2. yield return within the loop
  3. yield break if a limit is reached before the loop is complete

That’s it. There is no need to explicitly create or return your IEnumerable set.

The yield return statement appends a value to the IEnumerable set. The yield break statement exits any looping construct to prevent more items being added to the return set. If you omit yield break, the loop exits as it normally would.

The difference between using the yield return and simply returning a set is subtle. Returning a set at the end of the method returns the entire set at once. The client must wait until the method is complete before it can use any values in the return set. Each time the yield return statement executes, the client has access to another element in the set. Essentially the set trickles back a little at a time. This can provide a gain in performance or perceived performance if you have a large set to return.

Here is a sample that returns the same results as above, using yield return and yield break.

public IEnumerable<Int32> GetOddNumbers_Yield(Int32 maxNumber)
{
    int num = 0;
    while (true)
    {
System.Threading.Thread.Sleep(1000); num++; if (num % 2 == 1) { yield return num; } if (num >= maxNumber) { yield break; } } }

If we call the two methods above, we will get the same results but they will return in slightly different ways. I added the System.Threading.Thread.Sleep(1000); line to help demonstrate this. That line simply pauses execution for 1 second each time the loop executes.

Assume the above two methods are in a class named MyMethods.  The following code will call each.

Console.WriteLine("Get Odd Numbers using old way:");
MyMethods mm = new MyMethods();
IEnumerable<Int32> oddNumbers2 = mm.GetOddNumbers_Old(11);
foreach (Int32 n in oddNumbers2)
{
    Console.WriteLine(n);
}

Console.WriteLine();


Console.WriteLine("Get Odd Numbers using new YIELD keyword:");
IEnumerable<Int32> oddNumbers1 = mm.GetOddNumbers_Old(11);
foreach (Int32 n in oddNumbers1)
{
    Console.WriteLine(n);
}

Console.ReadLine();

The above code produces the following output

Get Odd Numbers using old way:
1
3
5
7
9
11

Get Odd Numbers using new YIELD keyword:
1
3
5
7
9
11

Notice that both methods return the same data. However, if you watch the code as it runs, you will notice the first method waits 12 seconds, then immediately outputs all odd numbers; while the second method outputs a number every 2 seconds. Each method returns the same values and each takes the same amount of time, but the second method uses yield return, so the client is able to output a bit of data each time a yield return executes.

There are a few restrictions to using the yield keywords

  • These keywords cannot appear in blocks marked "unsafe"
  • These keywords cannot appear in a method with ref or out parameters
  • The yield return statement is not allowed inside a try-catch block, although it may be located inside a try-finally block.
  • A yield break statement may not be located inside a finally block.

You can download this sample code at DemoYield.zip (45.06 KB)


Mike Wood contributed to this article.

Sunday, September 13, 2009 2:44:07 PM (GMT Daylight Time, UTC+01:00)
# Saturday, September 12, 2009

Back To Basics

Prior to C# 3.0, we had two common ways to initialize the public properties of an object.

  1. We could use the default constructor to instantiate the object; then, use a separate line of code to assign a value to each property. (Listing 1)
  2. We could create a constructor that accepts an argument for each property; and write code in this constructor to assign to each public property the value passed in for each corresponding argument. (Listing 2 and Listing 3)

The first method is quite verbose and requires a lot of code for complex objects.

Listing 1:

Customer cust1 = new Customer();
cust1.CustomerID = 1;
cust1.FirstName = "George";
cust1.LastName = "Washington";
cust1.StreetAddress = "111 A St";
cust1.City = "Aville";
cust1.State = "MI";
cust1.ZipCode = "10001";

Listing 2:

class Customer
{
    public Int32 CustomerID { get; set; }
    public string FirstName { get; set; }
    public string LastName { get; set; }
    public string StreetAddress { get; set; }
    public string City { get; set; }
    public string State { get; set; }
    public string ZipCode { get; set; }

    public Customer
        (
        Int32 customerID,
        string firstName,
        string lastName,
        string streetAddress,
        string city,
        string state,
        string zipCode
        )
    {
        CustomerID = customerID;
        FirstName = firstName;
        LastName = lastName;
        StreetAddress = streetAddress;
        City = city;
        State = state;
        ZipCode = zipCode;
    }
}

Listing 3:

Customer cust2 = new Customer
    (
    2,
    "John",
    "Adams",
    "222 B Ave",
    "Beetown",
    "MI",
    "20002"
    );

The second method is more elegant, but assumes we always want to initialize every single public property at object instantiation. Of course, we could create multiple constructors to accommodate times when we only want to initialize certain variables but this can get complex in a hurry when our class has a lot of public properties.

Beginning with C# 3.0, we can now initialize public properties in the same line of that instantiates an object; and we can do so without creating a new constructor. We use object initializers to do this. 

Using object initializers we can still use the default constructor (or any public constructor we want); but we can set public properties by appending the property assignments within a set of curly braces at the end of the object initializer, as shown in listing 4.

Listing 4:

Customer cust4 = new Customer() 
            {   CustomerID = 4, 
                FirstName = "James", 
                LastName = "Monroe" 
            };

This new C# feature is known as object initializers. This method gives us a great deal of flexibility. At the time we instantiate an object, we can decide which properties to initialize. And we can do so without creating a plethora of constructors for the object or return to the verbose way of assigning property values after an object's instantiation.

Object initializers are most useful when you instantiate a class in many different places throughtout an application.

Download this code to view and run a simple application that uses object initializers DemoObjectInitializers.zip (24.92 KB)
Saturday, September 12, 2009 2:10:03 PM (GMT Daylight Time, UTC+01:00)
# Friday, September 11, 2009

Back To Basics

Automatic properties were introduced in C# 3.0 as a convenience to developers.

C# and Visual Basic .Net provide two ways for a class to maintain state: Fields and Properties.

A field is a simply a public variable defined inside a class, such as in the following example

public string foo;

A property looks much like a field to the outside world, but exposes two methods – a “getter” to allow you to retrieve the value of the property and a “setter” to allow you to assign a value to the property. The following sample demonstrates how to implement a read-write property in C#.

private string _firstName;
public string FirstName
{
    get
    {
        return _firstName;
    }
    set
    {
        _firstName = value;
    }
}

This is a common use of property getters and setters – to assign and retrieve the value from a private variable. Because there is no extra logic in these methods, similar functionality could be achieved using a field, but I prefer to use properties in case I decide later to add some validations or calculations to the setter or getter. Making a change like that to a property will not break the class signature, forcing a recompile of dependent objects.

But this is a lot of typing for such simple functionality. So much in fact that Visual Studio 2005 provided a right-click accelerator to type much of it for you.

Beginning with C# 3.0, automatic properties provide a shorthand notation for this functionality.  Simply provide the scope, the type and the name of the property, followed by “{get; set; }” and the framework will automatically create a private variable for you and provide code to save and retrieve to/from that private variable. This is all done behind the scenes for us so we don’t need to write any of this code.  Below is a sample of the code we need to write for a public property.

public string FirstName { get; set; }

To make a property read-only, simply omit the "set" keyword. To make it write-only, omit the "get" keyword. Below is syntax for the same property if I wanted it to be read-only.

public string FirstName { get; }

The only disadvantage to automatic properties is that the rest of the code in our class no longer has access to the private variables create by the framework. Even from within the same class, we must go through the public property in order to get or set the private variable.

This is a small price to pay for the amount of code we are saving.

Automatic properties not only require less typing, they are far easier to read when your class has a bunch of properties. Which of the following easier to read?

public string FirstName { get; set; }
public string LastName { get; set; }
public string StreetAddress { get; set; }
public string City { get; set; }
public string State { get; set; }
public string Zip { get; set; }

or

private string _firstName;
public string FirstName
{
    get
    {
        return _firstName;
    }
    set
    {
        _firstName = value;
    }
}

private string _lastName;
public string LastName
{
    get
    {
        return _lastName;
    }
    set
    {
        _lastName = value;
    }
}

private string _streetAddress;
public string StreetAddress
{
    get
    {
        return _streetAddress;
    }
    set
    {
        _streetAddress = value;
    }
}

private string _city;
public string City
{
    get
    {
        return _city;
    }
    set
    {
        _city = value;
    }
}

private string _state;
public string State
{
    get
    {
        return _state;
    }
    set
    {
        _state = value;
    }
}

private string _zip;
public string Zip
{
    get
    {
        return _zip;
    }
    set
    {
        _zip = value;
    }
}

I think you’ll agree that it is far easier to read and understand the more terse syntax of the first example.  And code that is easier to understand is easier to maintain.

Because both syntax versions compile to the same Intermediate Language, I recommend always using the newer Automatic Properties syntax when you create properties that do nothing more than save and retrieve state.

Download the following sample code to see automatic properties in action: DemoAutomaticProperties.zip (26.83 KB)
Friday, September 11, 2009 1:17:17 PM (GMT Daylight Time, UTC+01:00)
# Saturday, September 5, 2009

Back To Basics

Extensions methods are a new feature of C# 3.0 and they are easier to use than they first appear.

An extension method is a method that is external to an existing class but appears as if it were a method on that class.

The rules for creating an extension method are simple.

  1. Create a static method
  2. The first parameter of the static method should be the type of the class you wish to extend
  3. Precede the parameter type of this first parameter with the "this" keyword.
  4. Call the method as if it were a method of the class. Omit the first parameter.

An example should clarify this. Assume we have a class Customer with properties FirstName and LastName as shown below

    public class Customer
    {
        public string FirstName { get; set; }
        public string LastName { get; set; }
    }

We can create a new static class MyExtensions with a static method GetFullName that returns the formatted first and last name of the customer. We do so with the following code

   public static class MyExtensions
    {
        public static string GetFullName(this Customer cust)
        {
            string custName = cust.FirstName + " " + cust.LastName;
            return custName.Trim();
        }
    }

Notice the parameter with the "this" keyword. That parameter format tells the compiler that this is an extension method and that it should extend the Customer class. As long as MyExtensions is in the same namespace or in a namespace available to our code (via the "using" statement), we can call this new extension method with the following code

Customer cust 
    = new Customer 
         { FirstName = "David", 
           LastName = "Giard" 
         };
string fName = cust.GetFullName();
Console.WriteLine(fName);

The code above outputs:

   David Giard

As you can see in the above code, it looks as if the GetFullName method is part of the Customer class.

We can add parameters to our extension methods as we would to any other method. The first parameter (with the “this” keyword) is always used to specify the class we are extending. All other parameters act just like normal parameters. The following extension method accepts a parameter “salutation”.

public static string GetGreeting(this Customer cust, string salutation)
{
    string custName = cust.FirstName + " " + cust.LastName;
    custName = custName.Trim();
    return salutation + “ “ + custName + ":"; 
}

Although the extension method has two parameters, we only need to pass the second parameter when calling it, as shown

Customer cust = new Customer { FirstName = "David", LastName = "Giard" };
string greeting = cust.GetGreeting("Dear");
Console.WriteLine(greeting);

The code above outputs:

   Dear David Giard:

In our examples, we were adding extension methods to a class that we just created. Of course, in this case, it would have been simpler to just modify the original class.  But extension methods are more useful if you are working with someone else’s class and modifying the source code is not an option. Extension methods often offer a simpler solution than inheriting from an existing class.

The real power of extension methods comes from the fact that you can even add methods to sealed classes. It is difficult to add functionality to a sealed class because we cannot inherit from it. Change the Customer class to sealed and re-run the code to prove that it still works.

public sealed class Customer

Here is the all code in the above sample

using System;

namespace TestExtensionMethods
{
    class Program
    {
        static void Main(string[] args)
        {
            Customer cust = new Customer { FirstName = "David", LastName = "Giard" };

            string fn = cust.GetFullName();
            Console.WriteLine(fn);

            string greeting = cust.GetGreeting("Dear");
            Console.WriteLine(greeting);

            Console.ReadLine();

        }
    }


    public sealed class Customer
    {
        public string FirstName { get; set; }
        public string LastName { get; set; }
    }


    public static class MyExtensions
    {
        public static string GetFullName(this Customer cust)
        {
            string n = cust.FirstName + " " + cust.LastName;
            return n.Trim();
        }

        public static string GetGreeting(this Customer cust, string salutation)
        {
            string custName = cust.FirstName + " " + cust.LastName;
            custName = custName.Trim();
            return salutation + " " + custName + ":"; 
        }
    }

}

You can download the sample code at TestExtensionMethods.zip (24.26 KB)

 

Saturday, September 5, 2009 2:52:43 AM (GMT Daylight Time, UTC+01:00)