PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
It is currently Thu Jan 23, 2020 4:03 pm

All times are UTC - 5 hours

Post new topic Reply to topic  [ 3 posts ] 
Author Message
PostPosted: Mon Oct 29, 2012 6:36 pm 
Forum Contributor
User avatar

Joined: Tue Mar 30, 2004 5:24 am
Posts: 433
Location: London, UK
When writing functions in PHP how extensively should one check and validating the data in parameters?

For example if I expect a parameter to be a boolean, should I cast it as such?
Or check that the parameter type is boolean and if not return FALSE?

I don't particularly like the idea of returning FALSE from a function just because the parameter's invalid, unless the function of the function (urrg) is to validate some data. Because it can mask the actual result of the function if it is designed to return TRUE/FALSE anyway.

If the function generates a PHP error resulting from invalid data being supplied then in a way that's more useful to the developer than just returning FALSE or returning an empty string. That way they know their input data (and therefore possible usage of the function) is invalid/incorrect rather than the tests within the function just returning FALSE rather than TRUE.

I could always check the data coming in to the function and trigger_error() if the data is not the type that's expected. That might make a function act a bit more like PHP's internal functions when you provide invalid params. But to what extent is this necessary?

I'm aware of the loosely typed nature of PHP. In fact that's what makes it such an easy language to use. But I'm wondering if I should be testing the values and types of parameters when they come in to the function. At the moment I tend to just rely on the developer (me) being sensible and realising if there's an error with that function they need to make sure they're using it correctly. It's only ever me that uses these functions at the moment but what if I released code for others to use?

Cheers, B

PostPosted: Mon Oct 29, 2012 7:19 pm 
Site Administrator
User avatar

Joined: Wed Aug 25, 2004 7:54 pm
Posts: 13592
Location: New York, NY, US
I think it really depends on the situation. It is especially important that you carefully check variables from untrusted sources, such as any data that comes directly or indirectly from the browser. It may also be important to check data that is going into a database with specific field types or where the data needs to be a specific type to be operated upon -- such as mathematical operations.

Perhaps you need to think of this in a similar way to Premature Optimization. On a case by case basis, what does the type checking get you? Are you actually protecting against a problem that will occur? Or are you just adding overhead and code that must be maintained, but that provides no value?


PostPosted: Mon Dec 23, 2013 12:09 pm 
DevNet Master
User avatar

Joined: Wed Jun 27, 2007 9:44 am
Posts: 4313
Location: Sofia, Bulgaria
I would throw an Exception. That's the only clear way for error handling. Returning true/false is a result of a properly called function/method (which name implies it would return a boolean - like is*(), has*(),, etc.).

Cheers, Vlad

There are 10 types of people in this world, those who understand binary and those who don't

Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC - 5 hours

Who is online

Users browsing this forum: No registered users and 5 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group