How do i make this a more secure method? As this relies upon an array to distribute the information that can be appended outside of an app update.
methods = [NSArray arrayWithObjects:#"martingale", #"reverse_martingale", nil];
methodString = [NSString stringWithFormat:methods[0]];
<- Format string is not a string literal (potentially insecure)
Simply dump the use of stringWithFormat given:
Those aren't format strings.
You aren't formatting anything.
Use this instead:
methodString = methods[0];
Do you realise what you are doing? methods [0] is used as format string, as they are used for printf or NSLog. If you change it from #"martingale" to #"martingale %s" then it will likely crash. If you didn't want to use a format string, don't call stringWithFormat.
Related
In my code I use a lot of localized strings and all works great, except with short strings.
Example
NSString* text = [NSString stringWithFormat:NSLocalizedString(#"%# at %#", nil), dateStart, timeStart];
In file localizable.string I have:
"%# at %#" = "<translation>"
"attending %#" = "<translation>"
In my opinion, compiler fails when try to get the right string.. how can I achieve this?
The left side is the key for the copy on the right side.
It's not the key that should have the placeholders in it, as the string is exchanged at runtime by the string from the locale.strings.
In other words: after localization you are missing the %#
To achieve what you want, you need the placeholders to be in the translated string:
"SOME_KEY" = "%# <localized> %#"
I am completely new to Objective-C and although i have some experience with java and C#, I just can't get this to work.
My code is:
- (IBAction)btnClickMe_Clicked:(id)sender {
Label_1.text = (#"some string" + _Label_2.text);
}
I am also curious as to why Label_1 does not need an underscore infront of it, like _Label_2 does?
To concatenate strings, you use
Label_1.text = [#"Some string" stringByAppendingString:_Label_2.text];
You can use %# to append your additionnals strings with stringWithFormat
Label_1.text = [NSString stringWithFormat: #"Some string %#", _Label_2.text];
More example : Apple - Formatting String Objects
NSString provides a vast variety of methods for string manipulations. Amongst them are several ways for conatination.
You should get familiar with the factory method stringWithFormat. It is one of the most powerful and especially good at a bit more complex requirements.
In your case:
Label_1.text = [NSString stringWithFormat:#"Some string%#", _Label_2.text);
or
Label_1.text = [NSString stringWithFormat:#"%#g%#", #"Some string", _Label_2.text);
The format string corresponds to the usual standard c printf format string plus the %# tag which is replaced by any objects description value. So you could have an NSNumber there or even an NSArray or so. However, the description of NSArray, NSDictionary, NSSet etc. may not really be useful for production but come quite handy for debugging. NSLog() uses the same format.
I have a #define hhh "uu" then I want to concat string using the following method:
NSString *str [NSString stringWithFormat#"%#%#",hhh,"ii"];
but I'm getting a compilation error.
First problem: you are missing the colon : after stringWithFormat. Second problem: you are missing the assignment operator between variable name str and initialization expression.
Third problem: the second argument to the format string #"%#%#" is a plain standard C string (a.k.a., char*), where the format string calls for an object (a.k.a., NSString). Prepend a # to the string literal:
NSString* str = [NSString stringWithFormat: #"%#%#",hhh,#"ii"];
(Edit Assumption wrong, I overlooked the define: I assume here, that hhh is an object reference, e.g., id, NSString* or something).
Since hhh is a plain string, too, you should specify %s as placeholder in the format string:
NSString* str = [NSString stringWithFormat: #"%s%#",hhh,#"ii"];
as was recommended by #sch.
How to get input from an NSString as scanf ("%#", &str); doesn't work?
scanf will read into a C string and not into a NSString (as far as I know). So, to do what you're trying to do you need to first read your input into a C string (i.e. str) and then make that into an NString as follows
myString = [NSString stringWithUTF8String:str];
By the way, you don't need to pass the address of str i.e. &str if str is an array. Simply do:
scanf("%s",str);
i need my application to send an HTTP request to my server, this is the link, but for some reason, when i create an NSString stringwithformat not all of the string is copied into the string,
this is my URL:
http://192.168.50.204:8080/webapi/originate?sofia/internal/408%25192.168.50.204%20'set:effective_caller_id_number=722772408,bridge:sofia/gateway/012smile/<PHONENUMBER>#212.199.220.21'%20inline%200545890183%200545890183
if i put it in my browser it is working fine.
and this is the code:
self.feedURLString = [NSString stringWithFormat:#"http://192.168.50.204:8080/webapi/originate?sofia/internal/%#%25192.168.50.204%20'set:effective_caller_id_number=722772%#,bridge:sofia/gateway/012smile/%##212.199.220.21'%20inline%20%#%20%#",extention,extention,PhoneNumber,PhoneNumber, PhoneNumber];
keep in mind that there are some %20 and %25 in the URL, maybe it causes the problem...
the string i get in the NSLog is:
feedURLString = http://192.168.50.204:8080/webapi/originate?sofia/internal/408220'set:effective_caller_id_number=722772408,bridge:sofia/gateway/012smile/0545890183#212.199.220.21' 93610576nline2#2#
remove the %20 and %25 from the string
then use the stringByAddingPercentEscapesUsingEncoding command from NSString
string = [sURL stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding];
You're right, the %20 are almost certainly causing a problem.
Any places in the string you want an actual % symbol in the result, you should be writing %%.
Another option that some people use is to leave the %s as they are, but use stringByReplacingOccurrencesOfString:withString: to do the substitiation.
eg:
NSString *str = #"http://{HOST}/{USER}/blah";
str = [str stringByReplacingOccurrencesOfString:"{HOST}" withString:hostname];
str = [str stringByReplacingOccurrencesOfString:"{USER}" withString:username];
Try writing the url with the normal characters instead of %20 and %25, then add in your variables, and when you have the complete url string use
[feedURLString stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEndocing];
Edit: sorry for double, I guess the anwser was obvious :)