thilakan Posted August 17, 2014 Share Posted August 17, 2014 Where should I validate the return value? In the function should I validate the value before returning it. Or once the value has been returned, should I check it? Is it really necessary to validate the return value? Thank you. Quote Link to comment https://forums.phpfreaks.com/topic/290502-where-should-i-validate-the-return-value/ Share on other sites More sharing options...
CroNiX Posted August 17, 2014 Share Posted August 17, 2014 What do you mean by validate? This is a very broad question. Quote Link to comment https://forums.phpfreaks.com/topic/290502-where-should-i-validate-the-return-value/#findComment-1488055 Share on other sites More sharing options...
thilakan Posted August 17, 2014 Author Share Posted August 17, 2014 (edited) In a function; I am expecting a return value. I cannot assume that it will always run successfully. So I want to check the return value is the one I expected. Edited August 17, 2014 by thilakan Quote Link to comment https://forums.phpfreaks.com/topic/290502-where-should-i-validate-the-return-value/#findComment-1488060 Share on other sites More sharing options...
CroNiX Posted August 17, 2014 Share Posted August 17, 2014 if (your check) { return value; } return false; //this will only be returned if the above isn't true I usually use something like above so I can test if the returned value === false to know if it failed. Quote Link to comment https://forums.phpfreaks.com/topic/290502-where-should-i-validate-the-return-value/#findComment-1488064 Share on other sites More sharing options...
mogosselin Posted August 17, 2014 Share Posted August 17, 2014 (edited) So, what kind of return value are you talking about? A return value that you manage, something coming from a native function or an external library? Anyway, if it's a function you control and the returned value is something unexpected, you should kill your app as soon as possible. For example: <?php function getUserInfo($userId) { $rows = getUserFromDatabase($userId); if (sizeof($rows) < 0 or sizeof($rows) >1) { // Here we try to get the logged in user information, but we get more than 1 results from the DB or we get 0, which is not normal trigger_error('Got 0 or more than 1 row for user info!', E_USER_ERROR); } return $rows[0]; } ?> That way, you don't need to check if the value is valid at every points where you call this function. Also, you could raise an Exception and try/catch it if you can gracefully recover from it. Edited August 17, 2014 by mogosselin Quote Link to comment https://forums.phpfreaks.com/topic/290502-where-should-i-validate-the-return-value/#findComment-1488065 Share on other sites More sharing options...
thilakan Posted August 17, 2014 Author Share Posted August 17, 2014 Thank you for your answers. 1. mogosselin, As you said that “returned value is something unexpected, you should kill your app” Are you telling me that I need to check the return value? 2. Before we return the value we are checking it then returning it. How is it secure? Quote Link to comment https://forums.phpfreaks.com/topic/290502-where-should-i-validate-the-return-value/#findComment-1488078 Share on other sites More sharing options...
ginerjm Posted August 18, 2014 Share Posted August 18, 2014 The security that 'we' as developers are concerned about is 'hacking of input from the client'. Not from our own processes! So the whole question of yours is pretty well moot. IMHO - Any output from a function should be validated during the process of that function and that function should return the proper result so the caller doesn't have to handle it. A simple check on the result of the function call s/b totally sufficient to handle the continuation of your main stream process. if ( !GetSomeInfo($arg1,$arg2,$msg) if ($showerrors) { echo "Error occurred - cannot continue - message is $msg"; exit(); } where $showerrors is only true during development. Quote Link to comment https://forums.phpfreaks.com/topic/290502-where-should-i-validate-the-return-value/#findComment-1488086 Share on other sites More sharing options...
thilakan Posted August 18, 2014 Author Share Posted August 18, 2014 Thank you for your answer. In the learning process of PHP, if I have question it is good to ask and have clear answer. THANK YOU ALL! Quote Link to comment https://forums.phpfreaks.com/topic/290502-where-should-i-validate-the-return-value/#findComment-1488094 Share on other sites More sharing options...
mogosselin Posted August 18, 2014 Share Posted August 18, 2014 Thank you for your answers. 1. mogosselin, As you said that “returned value is something unexpected, you should kill your app” Are you telling me that I need to check the return value? 2. Before we return the value we are checking it then returning it. How is it secure? Well, you would need to check the value before you return it if you think it could have a value that it shouldn't return. For example, if you return the column ID from a database, you probably don't need to check if it's a valid number. But, if you want to return a value of a PHP function directly that could, in some situation, return something unexpected (like NULL, or false, or whatever)... Then yes, I would check the value before returning it. If it's something unexpected, I would then kill my app (with throw new Exception() or trigger_error()) and display a friendly error message to the user (or display an error message in dev mode). Quote Link to comment https://forums.phpfreaks.com/topic/290502-where-should-i-validate-the-return-value/#findComment-1488211 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.