OdedCoster.com/blog

One day I will think of something clever to put here

Browsing Posts published by Oded Coster

So I decided to take a design course.

Graphic design, that is. Not design patterns, not architecture. Graphic design.

Why would I, a programmer for well over a decade, decide to do that?

Because design by developers:

Design by developers

(image taken from You Sank my Battleship on infovark)


I have always been one of those developers that said – I can build it, but I can’t make it pretty.

Not that a design course would magically make my software pretty – but at least I will have the basis to identify whether the design is bad and to talk to designers in their language, without making a fool of myself. I mean – think about how non-programmers talk to you about programming, right?

The course I have taken is design for developers, offered by DesignLab. This is a four week course, where one is expected to put in 5-10 hours a week.

I know this sounds like a lot, in particular considering this is done outside of “office hours” (I work remotely and make my own hours – but my study for this course is strictly off the clock). However, having taken Open University courses in the past, while in full time employment, I cam confident this is easily achievable in particular given that weekends are off the clock.


I intend to document my progress here as I go through the course.

Stay tuned.

Here is another intersting tweet from What Developers Need to Know About SQL Server:

What Aaron is talking about here is that SQL is a Query Language – that is what SQL and relational databases are optimized for – getting result sets.

SQL is not a data manipulation language – yes, you can do quite a lot of manipulation of string, dates and such, but the language does not lend itself to such operations.

It is far more efficient to move such operations to the client/UI code – whatever language you use to interact with the database will almost certainly have better facilities for manipulating strings and dates.

Here is one stand alone tweet from What Developers Need to Know About SQL Server, which is rather information dense and worth expanding on:

Stuart Miller compares the mental shift required for someone who is used to OOP do develop in SQL to the mental shift those used to imperative programming (c, COBOL, Basic and more) need to go through in order to truly understand and use OOP correctly.

This different programming paradigm is set based programming, taking its name from set theory, a mathematical framework from which the relational model of databases was derived by Edgar F. Codd, which in turn gave relational databases their name.

One of the major differences between set based programming and object oriented programming has to do with how they deal with groups of related items. Where in object oriented programming, one would iterate over a collection of objects, dealing with each item at a time, set based programming deals with the group as a whole – there are no iteration constructs. That’s right – there are no loops in set based programming.

As result, the way to think about and apply operators is in groups of related items (sets, or relations, in Codds’ relational model), not individual items. Operators allow filtering, aggregating, projection, joining and more – always resulting in groups of related items (where a group can be empty or consist of a single item).

Relational theory is the basis from which relational databases have been built and the relational engines that power them are optimized for this kind of thinking – set based thinking. Most relational database do offer looping constructs – but these are most often than not best avoided as they go against the grain and can be the cause of performance issues. This is not because relational databases are slow – it is because using loops instead of operating on sets goes against how they were built and what they are optimized to do.

I will be starting a series of blogs, inspired by a twitter conversion Brent Ozar had with other database folks and the highlights of which he collated as a blog post, titled What Developers Need to Know About SQL Server.

Since these started life on twitter, they are quite short and though Brent briefly expands on some of the tweets, I believe there is value is expanding on them even further, explaining the rationale and thinking behind them.

Though Brent and the conversation are ostensibly SQL Server oriented, many of the points raised are applicable to any relational database – Oracle, MySql, PostgreSQL etc. I plan to mostly deal with these shared points.

Let me know in a comment if there is anything specific you are interested in.

Stack Overflow has had a mobile version of the site for quite a while now, and to make life easy for our users, we have a switcher in the footer – allowing one to toggle between the mobile and the full versions of the site.

Recently, an XSS vulnerability on this link was disclosed via our meta site.

The link markup was looking like the following:

<a onclick='StackExchange.switchMobile("on", "/some/path")'>mobile</a>

Where, "/some/path" is the current request path – this ensures that when switching between mobile and full, one remains on the same page.

As it turns out, this path was rendered to the page using HTML encoding only, meaning that when accessing the site with the URL http://stackoverflow.com/%22,alert%281%29,%22 (which would throw up a “404 page not found” that contains the footer), clicking the link would execute a JavaScript alert.

How does it work?

When rendering the path %22,alert%281%29,%22, the link ended up looking like this:

<a onclick='StackExchange.switchMobile("on", "",alert(1),"")'>mobile</a>

Since %22 encodes ", %28 is ( and %29 is ).

The initial fix was to ensure " was correctly encoded. It was a quick fix – done to minimize damage from this particular form of attack. It was followed by a change to the StackExchange.switchMobile function where no path parameter exists anymore and which precludes this attack – the path is no longer in a string and URL checking was moved to the server side.

In the Microsoft.VisualBasic.FileIO (Microsoft.VisualBasic.dll) namespace lives the TextFieldParser class.

This useful little class can be used to parse structured text files – either delimited or fixed length. You can iterate over the lines in the file and extract the data through the ReadFields method.

Since it is provided by Microsoft, you can use it in environments that do not allow “third-party” libraries and as it is a .NET libarary you can use it in any .NET language (yes, C# and F# included) – just import the library.

The examples on MSDN are all in VB.NET, but are easily translated to other .NET dialects.

- How to: Read From Comma-Delimited Text Files
- How to: Read From Fixed-width Text Files
- How to: Read From Text Files with Multiple Formats

Why is that?

If one takes the time to think about it, class libraries only ever execute in the context of an application – a web application, a console application, a unit test runner or some other executable.

A class library gets loaded into the memory space of the application and gets called and executed there.

It makes sense then that the executing application should be the one deciding on how to configure a class library it is using, rather than the other way around.

The .NET framework configuration subsystem subscribes to this idea – when using the System.Configuration namespace, the application configuration file will be the one queried, even if there is a configuration file matching the dll name.

I would add that configuration should be treated as a dependency – the values should be injected into any class or method that required them – read the excellent blog by Paul Hiles – Configuration Settings Are A Dependency That Should Be Injected.

Date and Time format strings come in two flavors – standard and custom.

Whenever these are used, the CultureInfo that is used with them comes into play. If an IFormatProvider is not specified, the CultureInfo assigned to the current thread is used.

Standard format strings

These are all single character format specifiers – they each can be thought of as representing longer, culture sensitive custom format strings.

Any format string that contains more than one character (including white space) is considered to be a custom format specifier.

A FormatException will be thrown if the format specifier is not one of the known ones (listed in the table below):

Format specifier Description
“d” Short date pattern
“D” Long date pattern
“f” Full date/time pattern (short time)
“F” Full date/time pattern (long time)
“g” General date/time pattern (short time)
“G” General date/time pattern (long time)
“M”, “m” Month/day pattern
“O”, “o” Round-trip date/time pattern
“R”, “r” RFC1123 pattern
“s” Sortable date/time pattern
“t” Short time pattern
“T” Long time pattern
“u” Universal sortable date/time pattern
“U” Universal full date/time pattern
“Y”, “y” Year month pattern

Take a look at the documentation for more detail.

Standard format strings are simple to use – when formatting a DateTime as a string or parsing a string into a DateTime (using ParseExact or TryParseExact).

Formatting examples:

DateTime.Now.ToString("f");
// 13 December 2011 19:35

DateTime.Now.ToString("f", CultureInfo.GetCultureInfo("he-IL"));
// יום שלישי 13 דצמבר 2011 19:35

DateTime.Now.ToString("D");
// 13 December 2011

DateTime.Now.ToString("D", CultureInfo.GetCultureInfo("ru-RU"));
// 13 декабря 2011 г.

Parsing examples (really just the opposite of the above):

DateTime.ParseExact("13 December 2011 19:35", "f", 
                    CultureInfo.GetCultureInfo("en-GB"))

DateTime.ParseExact("יום שלישי 13 דצמבר 2011 19:35", "f", 
                    CultureInfo.GetCultureInfo("he-IL"))

DateTime.ParseExact("13 December 2011", "D", 
                    CultureInfo.GetCultureInfo("en-GB"))

DateTime.ParseExact("13 декабря 2011 г.", "D", 
                    CultureInfo.GetCultureInfo("ru-RU"));

Custom format strings

Any string that contains more than one character will be considered to be a custom format string.

Custom format strings allow you to exactly match and parse any string representing a date and to convert a DateTime to any custom date string for display. They provide the most flexibility in parsing and outputting but are more complex to understand, construct and use than standard format strings.

All characters are allowed in the format string and each would be interpreted unchanged, unless it is one of the following format specifiers:

Format specifier Description
“d” The day of the month, from 1 through 31
“dd” The day of the month, from 01 through 31
“ddd” The abbreviated name of the day of the week
“dddd” The full name of the day of the week
“f” The tenths of a second in a date and time value
“ff” The hundredths of a second in a date and time value
“fff” The milliseconds in a date and time value
“ffff” The ten thousandths of a second in a date and time value
“fffff” The hundred thousandths of a second in a date and time value
“ffffff” The millionths of a second in a date and time value
“fffffff” The ten millionths of a second in a date and time value
“F” If non-zero, the tenths of a second in a date and time value
“FF” If non-zero, the hundredths of a second in a date and time value
“FFF” If non-zero, the milliseconds in a date and time value
“FFFF” If non-zero, the ten thousandths of a second in a date and time value
“FFFFF” If non-zero, the hundred thousandths of a second in a date and time value
“FFFFFF” If non-zero, the millionths of a second in a date and time value
“FFFFFFF” If non-zero, the ten millionths of a second in a date and time value
“g”, “gg” The period or era
“h” The hour, using a 12-hour clock from 1 to 12
“hh” The hour, using a 12-hour clock from 01 to 12
“H” The hour, using a 24-hour clock from 0 to 23
“HH” The hour, using a 24-hour clock from 00 to 23
“K” Time zone information
“m” The minute, from 0 through 59
“mm” The minute, from 00 through 59
“M” The month, from 1 through 12
“MM” The month, from 01 through 12
“MMM” The abbreviated name of the month
“MMMM” The full name of the month
“s” The second, from 0 through 59
“ss” The second, from 00 through 59
“t” The first character of the AM/PM designator
“tt” The AM/PM designator
“y” The year, from 0 to 99
“yy” The year, from 00 to 99
“yyy” The year, with a minimum of three digits
“yyyy” The year as a four-digit number
“yyyyy” The year as a five-digit number
“z” Hours offset from UTC, with no leading zeros
“zz” Hours offset from UTC, with a leading zero for a single-digit value
“zzz” Hours and minutes offset from UTC
“:” The time separator
“/” The date separator
“string”, ‘string’ Literal string delimiter
% Defines the following character as a custom format specifier
\ The escape character
Any other character The character is copied to the result string unchanged

Several of these merit special discussion:

“:” – the time separator

When “:” appears in a custom format string, is gets replaced with the time separator defined in the CultureInfo being used. For example, in the “it-IT” culture, the time separator is a “.”.

“/” – the date separator

When “/” appears in a custom format string, is gets replaced with the date separator defined in the CultureInfo being used. For example, in the “ar-DZ” culture, the date separator is a “-”.

“string”, ‘string’ – the literal string delimiter

You can use single and double quotes as literal string delimiters within a format string – any such delimited string within a format string would appear verbatim in the string being parsed or output.

“\” – the escape character

When “\” appears in a custom format string, it simply escapes the next character so it does not get interpreted as a format specifier. For example, if the letter s appears in the string to be parsed, “\s” would represent it for parsing to ensure it does not get interpreted as the single character seconds custom format specifier.

“%” – precedes a single character custom format specifier

If you wish to use a single character custom format specifier you have several choices – prepend or append a space to it to ensure that it is not interpreted as a standard format string (otherwise it will be and if it is not a valid one a FormatException will be thrown). A downside to using a space in this manner is that one will be expected in the string to parse or will be output when converting to a string.

The alternative is to prepend “%” – this avoids the issue with spaces and serves as a special escape to allow for single character custom format specifiers.


Take a look at the documentation for more detail.

I will not give examples for these, as the documentation contains plenty.

If you have specific questions about the contents of this post, please post them in the comments and I will answer to the best of my ability.

If you wish to have a deterministic format, but do not want to use a specific culture, you can use InvariantCulture.

InvariantCulture represents no culture at all – it is associated with the English language, though no specific country/region.

See Using the InvariantCulture Property on MSDN.

Here is an example of its use:

DateTime dt = new DateTime(2011, 11, 21, 12, 34, 56);
Console.WriteLine(dt.ToString(CultureInfo.InvariantCulture));

As mentioned in my last post, the IFormatProvider interface in the context of DateTime is mostly used for formatting a DateTime to a specific representation and for parsing a string into a DateTime instance.

Overloads that do not specify IFormatProvider

So, what happens when overloads of ToString and the different Parse methods (Parse, TryParse, ParseExact and TryParseExact) that don’t take an IFormatProvider instance are used?

To answer this, I will ask this question: what would the console output of the following lines of code?

DateTime dt = new DateTime(2011, 11, 21, 12, 34, 56);
Console.WriteLine(dt);

The answer is – it depends. It depends on the configured locale of the account that the application is executing under (see the Regional Settings and what the different Date and Time formats are configured as). The locale will determine what culture is used in.

So, if the user is in England, the result could be:

21/11/2011 12:34:56

If, however, the user is in the United States, the result could be:

11/21/2011 12:34:56 PM

As I have demonstrated, the CultureInfo instance associated with the current thread is the one used. Depending on the application context, either the Thread.CurrentCulture or Thread.CurrentUICulture culture would be used.

For this reason, both Thread.CurrentCulture and Thread.CurrentUICulture should usually be changed at the same time to the same CultureInfo.

Specifying an IFormatProvider

By specifying an IFormatProvider you can be explicit about over how DateTime instances get formatted and how strings get parsed into DateTime instances.

For example, here is how you would explicitly format a DateTime with a US culture:

DateTime dt = new DateTime(2011, 11, 21, 12, 34, 56);
Console.WriteLine(dt.ToString(CultureInfo.GetCultureInfo("en-US")));

And for the British version:

DateTime dt = new DateTime(2011, 11, 21, 12, 34, 56);
Console.WriteLine(dt.ToString(CultureInfo.GetCultureInfo("en-GB")));

The most amount of control would come with format strings, these do however interact with the culture – this will be covered in a future post.

Some asides

You can create your own cultures using … See How to: Create Custom Cultures on MSDN and the CultureAndRegionInfoBuilder class.

Some locale settings can be changed – I will discuss some of that in a future post.

Here is good Microsoft FAQ about locales and languages – http://msdn.microsoft.com/en-us/goglobal/bb688174.