Defensive Programming?

[Liquid Fire]

Do you guys use defensive programming is high use code?

 

What i mean by that is take the following code:

if(is_array($data) && !empty($data))
{
foreach($data as $value)
{
	if(!empty($value)
	{
		//do something
	}
}
}

 

if you take on the defensive coding you are left with:

foreach($data as $value)
{
//do something
}

 

grant you this example is a no a real world example but you should get my point.  Now say if this is part of the code that loads data into a model object in a MVC framework, this could be called a lot of time and if you have a lot of defensive programming it can increase the time of execution but it also can help in debugging programming mistakes.  do you guys opt to do or not do defensive programming?

[Zane]

although I do get your example.

 

most of the time it's all about the output.

If I'm programming and I WANT....ALL the variables...whether they're in an array, or empty or what.  Then I would just use a simple foreach.

 

 

but more often then not....I'd rather use it.  Unless I can find a way to shorten my code with as few function calls as possible.

[dbo]

I really think it's situational. If a function is being called based on inputs provided by someone filling out a form, I program a lot more defensively. Although, I may do this more through rigorous input validation rather than at the function level.

 

If I'm programming functions that I'm going to be the only one using... or if I'm providing something to other developers I may not worry about it as much, because I don't have a lot of sympathy for folks who can't read/follow directions... if some sort of sensitive data was involved, I'd likely take it a little further and do the input validation on the front end... and then again at the function level.

 

Ultimately I guess what I'm saying is that it's certainly a good practice to always program this way. Security should certainly not be an afterthought when doing development, but it's overkill in a lot of situations IMO.