Home/ Questions/Q 794427
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-14T22:18:40+00:00

normally, all sane developers are trying to secure input of all public methods (casting

  • 0

normally, all sane developers are trying to secure input of all public methods (casting to proper types, validating, sanitizing etc.)

My question is: are you in your code validating also parameters passed to protected / private methods? In my opinion it is not necessary, if you securize properly parameters of public methods and return values from outside (other classes, db, user input etc…).

But I am constantly facing frameworks and apps (ie. prestashop to name one) where validation is often repeated in method call, in method body and once again for securize returned value – which, I think, is creating performace overhead and is also a sign of bad design.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If you adhere to the opinion that public APIs should have implementations that defend themselves against bad parameters, you criterion should not be the visibility of the methods, but whether the user of the API is going to directly call that method (or indirectly call it through another one which defers the validation).

    Examples of methods that ought to do validation:

    class A {
    protected final function myMethodDefaultImplementation(...) {
        /* subclasses can just call this method in their myMethod implementations */
        /* should do validation */
        ...
    }
    protected abstract myMethod(...);

    public function orderByDate() {
        return $this->orderBy(ORDER_BY_DATE)
    }

    private function orderBy($crit) {
        /* should do validation */
        ...
    }
}
    • 0