-2

In an application I load strings from configuration of this format stackoverflow.com?questionId={0}. Obviously they're populated at run-time and used in query strings.

I want to log these strings at startup using a method:

void log(string message, params object[] vars)
        {
            string s = String.Format(message, vars);
            Console.WriteLine(s);
        }

However as you would expect String.Format throws an exception because calling: log(String.Format("Adding new feed '{0}'", "stackoverflow.com?questionId={0}")) - String.Format tries to substitute {0} inside 'log()'.

Is there an easy way I can escape the { characters so substitution isn't attempted?

Mr. Boy
  • 60,845
  • 93
  • 320
  • 589
  • 1
    just double: `{0}`: `{{0}}` – Dmitry Bychenko Jul 07 '16 at 12:09
  • 1
    But @DmitryBychenko then that breaks the actual _usage_... these are supposed to be substituted it's only the logging of them that is the problem. – Mr. Boy Jul 07 '16 at 12:10
  • 1
    ah, I see the dilemma. You can't have it both ways. You might need an overload to your log method that takes no `params` and doesn't call `string.format`. Voted to re-open since you're not asking "how to I quote placeholders", but "how do I sometimes pretend they're not placeholders" – hometoast Jul 07 '16 at 12:11
  • Try: `log(@"stackoverflow.com?questionId={0}")` I'm not sure it will work but you can try. – DIEGO CARRASCAL Jul 07 '16 at 12:12
  • @Mr.Boy I think the idea is to know when to do the escaping. – juharr Jul 07 '16 at 12:13
  • I think the nominated duplicate is the exact opposite of my question – Mr. Boy Jul 07 '16 at 12:16
  • 1
    Don't use `string.format()` then rather use string concatenation like `string str = "Adding new feed {0}" + string.format("stackoverflow.com?questionId={0}", value)` – Rahul Jul 07 '16 at 12:21
  • Could you give us an example of calling your log function with parameters that cause the issue? – Martin Brown Jul 07 '16 at 12:23
  • Could you leave the String.Format out of your call to log like this: log("Adding new feed '{0}'", "stackoverflow.com?questionId={0}"); – Martin Brown Jul 07 '16 at 12:28
  • You should always make it perfectly clear whether there's going to be a substitution or not. If you try to do anything smart, you're potentially opening yourself to security issues (and yes, lots of security issues are related to improper encoding/substitution). Only use `string.Format` if it is necessary, and always on data you have under control. Note how e.g. `Debug.WriteLine` has separate overloads for "just a string" and "a format string with values" - that's what you want. – Luaan Jul 07 '16 at 12:30
  • @MartinBrown I think that would work, hadn't thought of that! – Mr. Boy Jul 07 '16 at 12:46

1 Answers1

0

I have found two answers to this.

Firstly, I escaped the braces by doing the following:

log(String.Format("Adding new feed '{0}'", feedStr.Replace("{", "{{").Replace("}", "}}")));

This works fine.

Secondly as suggested by MartinBrown I realised I could just do:

log("Adding new feed '{0}'", feedStr);
Mr. Boy
  • 60,845
  • 93
  • 320
  • 589