Jump to content

How do you use denfensive programming  

4 members have voted

  1. 1. How do you use denfensive programming

    • Always
      1
    • Only is high called code
      1
    • Only in low called code
      2
    • Never
      0


Recommended Posts

Do you guys use defensive programming is high use code?

 

What i mean by that is take the following code:

if(is_array($data) && !empty($data))
{
foreach($data as $value)
{
	if(!empty($value)
	{
		//do something
	}
}
}

 

if you take on the defensive coding you are left with:

foreach($data as $value)
{
//do something
}

 

grant you this example is a no a real world example but you should get my point.  Now say if this is part of the code that loads data into a model object in a MVC framework, this could be called a lot of time and if you have a lot of defensive programming it can increase the time of execution but it also can help in debugging programming mistakes.  do you guys opt to do or not do defensive programming?

Link to comment
https://forums.phpfreaks.com/topic/125125-defensive-programming/
Share on other sites

although I do get your example.

 

most of the time it's all about the output.

If I'm programming and I WANT....ALL the variables...whether they're in an array, or empty or what.  Then I would just use a simple foreach.

 

 

but more often then not....I'd rather use it.  Unless I can find a way to shorten my code with as few function calls as possible.

I really think it's situational. If a function is being called based on inputs provided by someone filling out a form, I program a lot more defensively. Although, I may do this more through rigorous input validation rather than at the function level.

 

If I'm programming functions that I'm going to be the only one using... or if I'm providing something to other developers I may not worry about it as much, because I don't have a lot of sympathy for folks who can't read/follow directions... if some sort of sensitive data was involved, I'd likely take it a little further and do the input validation on the front end... and then again at the function level.

 

Ultimately I guess what I'm saying is that it's certainly a good practice to always program this way. Security should certainly not be an afterthought when doing development, but it's overkill in a lot of situations IMO.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.