Visibility - General

[random1]

Hi All,

 

I'd like some clarification about visibility in PHP code design. i.e. variables, functions and methods using the 'public', 'private' and 'protected' options.

 

When should 'private' and 'protected' be used? Are there any general rules of thumb about this for PHP?

 

Seeya

[KevinM1]

Hi All,

 

I'd like some clarification about visibility in PHP code design. i.e. variables, functions and methods using the 'public', 'private' and 'protected' options.

 

When should 'private' and 'protected' be used? Are there any general rules of thumb about this for PHP?

 

Seeya

 

Private properties and methods should be used when you don't want the public to have direct access to them.  It's easier to illustrate with properties, so here's an example:

<?php
   class BadExample
   {
      public $password;
      public $SSN;
   }
?>

 

In this example, someone's password and Social Security Number are public.  This means two things:

 

1. All other code in the system can read this info directly:

<?php
   $be = new BadExample();

   $stolenPass = $be->password;
   $stolenSSN = $be->SSN;
?>

 

2. More common, and perhaps even more dangerous, all other code in the system can set this info directly:

<?php
   $be = new BadExample();

   $be->password = "It's peanut butter jelly time!";
   $be->SSN = 007;
?>

 

Our BadExample object is now more or less useless, as well as any other participant in the system that uses it.

 

In well-designed systems, objects should vigarously protect their information, allowing the outside world to read/alter it only when necessary:

<?php
   class GoodExample
   {
      private $password;
      private $SSN;

      public function getPass()
      {
         return $this->password;
      }

      public function setPass($pass)
      {
         $this->password = $pass;
      }

      public function getSSN()
      {
         return $this->SSN;
      }

      public function setSSN($newSSN)
      {
         $this->SSN = $newSSN;
      }
   }
?>

 

Now, it doesn't look like much has been done.  Afterall, the password and SSN can still be obtained and changed.  The difference, though, is that direct access has been removed.  This code forces the other system participants to go through an explicit process in order to do anything useful with its data.  In other words, these methods (especially the set methods) can protect that data from tampering because they act as a secure gateway to that data:

<?php
   class GoodExample
   {
   .
   .
   .
   public function setPass($pass)
   {
      if(!preg_match("/^[a-zA-Z0-9_]{16}$/", $pass))
      {
         echo "Password must have letters, digits, or underscores and must be 16 characters long!";
      }
      else
      {
         $this->password = $pass;
      }
   }
?>

 

Private methods are a bit more rare, but the concept is the same.  These methods tend to be utility functions that help with processing object data, but don't need to be available to the rest of the world.

 

Protected properties and methods are simple as well.  If you have data/methods that should be private, but want inheriting child classes to have them as well, make them protected in the parent class:

<?php
   class GoodExample
   {
      protected $password;
      protected $SSN;

      public function getPass(){/* same code as above */}
      public function setPass($pass){/* same code as above */}
      public function getSSN(){/* same code as above */}
      public function setSSN($newSSN){/* same code as above */}
   }

   class GoodChild extends GoodExample{}

   $gc = new GoodChild();

   $gc->setPass("1234567890123456");
   $gc->setSSN("000-00-0000");

   $pass = $gc->getPass();
   $SSN = $gc->getSSN();

   echo "Password: $pass -- SSN: $SSN";
?>

 

$password and $SSN are still private to the outside world, but the child class has access to them.

 

Hope this helps!

[random1]

Hi Nightslyr,

 

Thanks for the really detailed, easy to read examples

 

You da man!