I am watching another dnrTV webcast, this time featuring Kathleen Dollard. The webcast is about the difference between VB.Net and C# for the .Net 3.5 framework.
An interesting point came up where Kathleen says that casting to lower with unicode can be a security risk, more so then casting to upper.
She was talking about an article in Visual Studio magazine by Bill McCarthy about this subject but I can’t find it.
Anyway, it is always better to use string.EqualsIgnoreCase(“test”) than it is to do string.ToLower.Equals(“test”). I’ll just take her word for it ;-).
EDIT: Apparently Remou has beter Google skills than me.
And here is his explanation from that page.
**It depends a lot on the locale. For example, in some locales é will uppercase to E, yet E will lowercase to e. If you compare the lowercase of E to é, it won’t be a match. Uppercase, on the other hand, will generally match. The use of ToUpper can be handy in circumstances like this one:
Select Case myString.ToUpper
Case “ABC”
Case “DEF”, “FGH”
Case “IJK”
‘ …
You can also specify the culture to use:
mystring.ToUpper
(Globalization.CultureInfo.InvariantCulture)
For the most part, using ToUpper won’t cause any problems, but the ToUpper call does cause a new string to be created, so it can get expensive if you use it repeatedly. With some locales, and with special characters such as the German letter ß, ToUpper won’t give the same results as the Compare or Equals methods. That’s why I said in the article to consider using String.Compare instead. Consider how things change if we write the ToUpper code sample using String.Compare or String.Equals:
If String.Equals(myString, “ABC”,
StringComparison.OrdinalIgnoreCase) Then
ElseIf String.Equals(myString, “DEF”,
StringComparison.OrdinalIgnoreCase) _
OrElse String.Equals(myString, “FGH”,
StringComparison.OrdinalIgnoreCase) _
Then
ElseIf String.Equals(myString, “IJK”,
StringComparison.OrdinalIgnoreCase) Then
‘ …
End If
I think I’d much rather suffer a little performance hit for the sake of readability.