Quick question, quick answer, about a string function...

R

robplatt

Freshman
Joined
Jul 14, 2006
Messages
39
In VB6 you could use this string function

x = string("*", 10)

that would return

x="**********"

Whats the equivelent in VB.net?


Heres an example of how im using it, perhaps theres a better way...
Visual Basic: 
strUser = "Rob"
strPassword = "1234"
x = "http://www.domain.com/?userid=" & strUser & "&password=" & strPassword  & "&etc&etc"

I'll use x as necessary but when I log the fact that I used x I dont want to display the password. I dont know the password, I know the length. I would like to do
x = x.replace(strPassword, "*****") but with the correct number of *'s.

Thanks.
 
To be honest, I would use obfuscation on the password. By giving a set number of asterisks instead of the length of the password string you're adding an extra level of guess work to the process.

You should really use a string builder if you're going to do it properly...
Visual Basic: 
Dim sb As New System.Text.StringBuilder(20)
sb.Append(Convert.ToChar("*"), 20)


Hope this helps,
Paul.
 
If you really want to do it properly, I recommend the System.String constructor...
Visual Basic: 
'Lets say twelve chars, just for example
Dim AsterixCount As Integer = 12
Dim Asterixeses As New String("*"c, AsterixCount)
'Asterixeses = "************"
 
'Or do it all in one line
Dim StringWithAsterixeses As String = "This is a string with some " & New String("*"c, 7) & " asterixeses."
'StringWithAsterixeses = "This is a string with some ******* asterixeses."
 
You know, Rob, there's a bit irony there - I did actually read on this forum that, if you were going to be manipulating strings you should, in fact, use the String Builder class to do it. Now we seem to find out that this isn't the case via poorly hidden sarcasm...

Use marble's method to define your string of asterisks, Rob, but I would still bear in mind what I said about obfuscation. One other point of note would be to say that assigning 20 asterisks to a constant value would be faster still...
Visual Basic: 
Const hidePassword As System.String = "********************"  '20 asterisks!
And though some may say that this is less structured and less readable, I would say "Pish-posh! Read the bloody comments!". Structure is still retained as is readability via the comment on the end of the line.


Paul
 
The best way to get something done always depends on the details. When manipulating strings, it is very oftem more efficient to use a StringBuilder because it does not require a new string to be created for every single step of the process. For very simple operations, though, it may be best to not bother. Using the System.String constructor in this case involves the creation of only one object, whereas the use of the string builder always involves the creation of the string builder, an underlying char array, and finally the resulting string, and more often than not, multiple char arrays need to be allocated as the size of the string increases.

Knowing the details of the classes you are using (and, almost as important, knowing what is going on under the hood) allows you to make decisions like this simply and with confidence, letting you do what you decide makes the most sense instead of what others have recommended (not that there is every anything wrong with listening to the recommendation of an advanced programmer, but rather this is the distinction between a programmer and an advanced programmer).

As for my so-percieved blunt sarcasm, I seldom hand out sarcastic comments and when I do, I do so with good humor. If you took it the wrong way, sorry, but unless one gives me good reason beforehand, I'd never say something with the intent to disparage or harass another.

Also, mandelbrot is right about obfuscating the password. The less that is known about it, the better. But, for that matter, why bother passing the asterices in the URL at all? If you aren't going to pass the data then why pass anything?

And, one last thing, the 'c' after the text between the quotes indicates that the text is a System.Char instead of a System.String.
 
I finally got around to following up on this thread and I really appreciate the comments and advice. While I agree with the obfucation, this particualar example wont need it. as the person reading the logs is the person knowing the password before hand. However, if someone happened to be reading it over their shoulder I wouldnt want it immediately obvious.

Last thing. I can use c instead of cchar("") as a shortcut correct? I started using option strict on when I found out about it, and anytime i do a replace function I have to use cchar("") but it would be faster to use ""c if thats ok.
 
The ""c notation actually represents a character constant, whereas cchar is a conversion expression. I am pretty sure that, when possible, cchar will be simplified to a character constant, just as the Char() function is often simplified to strings at compile time. The functions are available at runtime, too, for dynamic conversions, but the ""c notation is actually simpler and a more accurate and reliable representation of a character for the compiler.
Visual Basic: 
'The compiler is smart enough to know when certain expressions can be simplified
' to a constant.
 
Dim SomeChar As Char = CChar("B")
' Compiles to the same as
Dim SomeChar As Char = "B"c
 
' There are situations where cChar can't be simplified to a character constant.
Public Function AsChar(string letter) As Char
    ' CChar, at face-value, is a conversion function. When the expression
    ' being converted can vary, like a parameter to a function...
    return CChar(letter)
    ' it can't be simplified.
End Function
 
Back
Top