方法属性输入验证
我应该如何处理方法的输入验证?
这两种方式,哪一种更正确呢?或者有更好的方法
该方法由构造函数调用,$prodID 可以是用户输入或来自数据库。
private function fill_data1($prodID)
{
//Way 1
filter_var($prodID, FILTER_VALIDATE_INT, array('options'=>array('min_range'=>1, 'max_range'=>1000000)));
if (is_null($prodID)) {
return FALSE;
} elseif ($prodID === FALSE) {
return FALSE;
}
$prod = getArtData($prodID);
$this->set_id($prod['artID']);
$this->set_name($prod['artName']);
$this->set_price($prod['precio']);
}
private function fill_data(2$prodID)
{
//Way 2
filter_var($prodID, FILTER_VALIDATE_INT, array('options'=>array('min_range'=>1, 'max_range'=>1000000)));
if (is_null($prodID) || $prodID === FALSE)
{
die('invalid input for prodID (' . $prodID . '). It has to be an integer > 0');
}
$prod = getArtData($prodID);
$this->set_id($prod['artID']);
$this->set_name($prod['artName']);
$this->set_price($prod['precio']);
}
How should I handle the input validation of a method?
Of these two, which one is the more correct way? or there is a better way
This method is called by the constructor and $prodID can be user input or come from the db.
private function fill_data1($prodID)
{
//Way 1
filter_var($prodID, FILTER_VALIDATE_INT, array('options'=>array('min_range'=>1, 'max_range'=>1000000)));
if (is_null($prodID)) {
return FALSE;
} elseif ($prodID === FALSE) {
return FALSE;
}
$prod = getArtData($prodID);
$this->set_id($prod['artID']);
$this->set_name($prod['artName']);
$this->set_price($prod['precio']);
}
private function fill_data(2$prodID)
{
//Way 2
filter_var($prodID, FILTER_VALIDATE_INT, array('options'=>array('min_range'=>1, 'max_range'=>1000000)));
if (is_null($prodID) || $prodID === FALSE)
{
die('invalid input for prodID (' . $prodID . '). It has to be an integer > 0');
}
$prod = getArtData($prodID);
$this->set_id($prod['artID']);
$this->set_name($prod['artName']);
$this->set_price($prod['precio']);
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
选项 3:使用异常并将 ID 验证尽可能靠近数据。
返回
false的问题是您必须检查返回值来处理并跳过它。如果处理它的位置(表示层)是从验证位置(数据层)删除的多个函数调用,则必须在每个级别检查false。异常将传播到捕获它的第一个函数,并绕过每个函数中的剩余代码。调用 die() 会导致其自身的困难。单元测试更加困难,并且它迫使您将错误显示代码放在故障点。当您想使用网络服务中的代码时会发生什么?
Option 3: Use exceptions and put the ID validation as close to the data as possible.
The problem with returning
falseis that you must check for the return value to handle and skip it. If where you handle it (the presentation layer) is several function calls removed from where it's validated (the data layer), you have to check forfalseat each level. An exception will propagate up to the first function that catches it, bypassing the remaining code in each function along the way.Calling
die()causes its own difficulties. It is harder to unit test and it forces you to put the error-display code at the point of failure. What happens when you want to use your code from a web-service?验证输入时不应使用
die()。您的用户应该看到正确的错误消息以及如何提供正确输入的提示。
所以我建议你使用第一种方式。
根据您的架构,抛出异常而不是返回 false 可能更有意义。
You should not use
die()when validating your input.Your user should see a proper error message and hints on how to give a correct input.
Therefore I suggest you to use the first way.
Depending on your architecture it might make more sense to throw an exception instead of returning false.