Jump to content

Recommended Posts

So, what kind of return value are you talking about? A return value that you manage, something coming from a native function or an external library?

 

Anyway, if it's a function you control and the returned value is something unexpected, you should kill your app as soon as possible.

For example:

<?php
function getUserInfo($userId) {
  $rows = getUserFromDatabase($userId);
  if (sizeof($rows) < 0 or sizeof($rows) >1) {
    // Here we try to get the logged in user information, but we get more than 1 results from the DB or we get 0, which is not normal
    trigger_error('Got 0 or more than 1 row for user info!', E_USER_ERROR);
  }

  return $rows[0];
}
?>

That way, you don't need to check if the value is valid at every points where you call this function.

 

Also, you could raise an Exception and try/catch it if you can gracefully recover from it.

Edited by mogosselin

Thank you for your answers.

1.

mogosselin, As you said that “returned value is something unexpected, you should kill your app”

Are you telling me that I need to check the return value?

2.

Before we return the value we are checking it then returning it.

How is it secure?

The security that 'we' as developers are concerned about is 'hacking of input from the client'.  Not from our own processes!  So the whole question of yours is pretty well moot. IMHO - Any output from a function should be validated during the process of that function and that function should return the proper result so the caller doesn't have to handle it.  A simple check on the result of the function call s/b totally sufficient to handle the continuation of your main stream process.

 

if ( !GetSomeInfo($arg1,$arg2,$msg)
  if ($showerrors)
  {
      echo "Error occurred - cannot continue - message is $msg";
      exit();
  }

 

where $showerrors is only true during development.

Thank you for your answers.

1.

mogosselin, As you said that “returned value is something unexpected, you should kill your app”

Are you telling me that I need to check the return value?

2.

Before we return the value we are checking it then returning it.

How is it secure?

 

Well, you would need to check the value before you return it if you think it could have a value that it shouldn't return. 

 

For example, if you return the column ID from a database, you probably don't need to check if it's a valid number.

 

But, if you want to return a value of a PHP function directly that could, in some situation, return something unexpected (like NULL, or false, or whatever)... Then yes, I would check the value before returning it.

 

If it's something unexpected, I would then kill my app (with throw new Exception() or trigger_error()) and display a friendly error message to the user (or display an error message in dev mode).

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.