Menu
normally, all sane developers are trying to secure input of all public methods (casting to proper types, validating, sanitizing etc.)
My question is: are you in your code validating also parameters passed to protected / private methods? In my opinion it is not necessary, if you securize properly parameters of public methods and return values from outside (other classes, db, user input etc...).
But I am constantly facing frameworks and apps (ie. prestashop to name one) where validation is often repeated in method call, in method body and once again for securize returned value - which, I think, is creating performace overhead and is also a sign of bad design.
743
For protected, I think you should validate them since the method could be overridden or called from another class later and you can't assume valid inputs to the method. This is especially true if this is a component that is going to be used by other applications.
For private, I think it's a waste because you are in control of what is being passed to the methods, so that data should be validated before you ever call the private method.
187
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
