Wednesday, September 08, 2004 3:49 AM
for (int i = 0; i < table.Count; i ++)
{
string s;
s = Convert.ToString(table[i, "fsectcd"]);
if(s[0] != '*')
condition += " or " + sectionCondField + " = '" + s.Trim() + "'";
s = Convert.ToString(table[i, "fsite"]);
if (s[0] != '*' && condition.IndexOf("'" + s.Trim() + "'") < 0)
condition += " or " + sectionCondField + " = '" + s.Trim() + "'";
}
I just found this code in our base class. What this code does is to create a where condition for our sql statement (for checking some security??? have no idea, really). This is only one part of the original code. The process was to retrieve records from the database and build a where condition. This is what the where condition will look like:
(fieldname = 'some value' or fieldname = 'another value' or ...)
Now, what do you think is the mistake here? When I saw this code I smiled. :-) Just imagine creating tons of String instances when executing this code. For a thousand records retrieved, how many instances do you think will be created? hehehe :-)