ShowUsYour<Blog>

Irregular expressions regularly

Defensive coding practices - check inputs

Something which, although I knew a bit about through my scant knowledge of using the Command line, had never really dawned up me. I created 2 files called "File.txt" and put them into the following locations:

  • C:\SafeScripts\File.txt
  • C:\File.txt

The contents of the first file was the text "I am good" and the contents of the second file were "I am evil"; have a guess what gets displayed when I run the following code:

        Private Const SAFE_PATH As String = "C:\SafeScripts\"
    Private Sub MyForm_Load( ... )
        ' supplied from user 
        Dim niceFile As String = TextBox1.Text  ' user enters "..\File.txt"
        Label1.Text = ReadFromFile( niceFile )
    End Sub
    Private Function ReadFromFile( ByVal niceFile As String ) As String
        Dim fullPath As String = IO.Path.Combine( SAFE_PATH, niceFile )
        Dim fs As FileStream = File.OpenRead( fullpath )
        Dim sr As StreamReader = New StreamReader( fs )
        ReadFromFile = sr.ReadToEnd
        sr.Close()
        fs.Close()
    End Function

Yep, you guessed it: "I am evil". Nothing really earth shattering here, but a useful reminder to practice defensive coding practices :-)

Posted: Jan 20 2004, 12:33 PM by digory | with 3 comment(s)
Filed under: , ,

Comments

TrackBack said:

# January 19, 2004 6:57 AM

stefan demetz said:

Excellent
# January 25, 2004 6:55 PM

Atirus said:

What is wrong with this code?
I get error in line 6 (conn.open source)

<%
Dim conn, source

Source = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.Mappath("DATABASE.MDB") & ";Persist Security Info=False"
Set conn = Server.CreateObject("ADODB.Connection")
conn.open source
%>
# April 8, 2004 7:13 PM
Leave a Comment

(required) 

(required) 

(optional)

(required)