Is it okay to check the same data ten times?

A

Alexey Nikolaev2016-04-13 23:24:22

Programming

Alexey Nikolaev, 2016-04-13 23:24:22

Goodnight.
When developing, when there is a dependency injection through the arguments of a function or method, I try to always check the passed data and, in which case, return false or null. However, sometimes the same object \ array \ collection is passed through several functions in turn, and, accordingly, is checked in each of them. In principle, I understand that this is redundant, but to check the data only once at the entry point, and in the rest of the code to rely on the fact that the check has already been made, conscience does not allow: what if someone (or I) then uses the method bypassing the entry point and catching some fatal error? A very crude and forced example of what I mean.

function a($array) {
    if(!is_array($array) OR !count($array)) return null;
    // code
}
function b($array) {
    if(!is_array($array) OR !count($array)) return null;
    // code
}
function main() {
    $array = get_array();
    // Проверили данные сразу после получения
    if(!is_array($array) OR !count($array)) return null;

    $result1 = a($array); // тут тоже проверка
    $result2 = b($array); // и тут - в принципе, можно бы и выкинуть, т.к. проверка есть выше
}

Is it worth it to continue to bother with checking the transmitted data in each function?
Thank you.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

I

index0h, 2016-04-13
@Heian

Validating the data in each method is a perfectly good practice, in essence it is respecting the interface of the method.
But at the same time returning null / false is a bad practice, if your input method requires an int, but received an array - you need to throw an exception. This way you will know that the external code that uses your method is not working correctly.
For objects, I strongly recommend using type hinting:

public function test(MyObject $object, $id)
{
    if (!is_int($id)) {
        throw new \InvalidArgumentException('Argument "id" must be int');
    } elseif ($id < 0) {
        throw new \InvalidArgumentException('Argument "id" must be positive');
    }
...

If you write on the seven, then both for scalars and for output - it is also worth specifying type hinting. True, it is not always possible to do this with the output, for example, returning null, or something else.
To reduce checks, you can use my package https://packagist.org/packages/ko-ko-ko/assert , it is designed for maximum performance and use in each method.
Yes. Due to this, you win in security, reliability and time to find bugs.

A

Andrey, 2016-04-13
@AndryG

Divide the code into groups:
- comes into contact with the dangerous world of input data (public method, which is fed $_POST['x'] etc.)
- is used only in a secure environment (private methods, classes of deep business logic internals that normal are never used from a "dirty" environment)
And it will become clear where a strict check is needed, and where it is enough to specify the typing of the parameter and otherwise trust the data that has already been 100% checked by another sanitary code.
And it would be more fun to use exceptions. In this case b($array) from your example would no longer be called.

D

Dmitry, 2016-04-14
@dimasmagadan

check many times - redundant code. the simpler the code, the cheaper it is to write and maintain.
I use this approach: I
check the data as late as possible, immediately before using this data to work with the database, or where it is necessary for the logic of my code.
that is, I treat all data received from the user as unverified and I do not need to remember whether I checked them somewhere before or not.