168
votes
Accepted
If functions have to do null checks before doing the intended behaviour is this bad design?
The problem with your basic example isn't the null check, it's the silent fail.
Null pointer/reference errors, more often than not, are programmer errors. Programmer errors are often best dealt with ...
- 27.7k
68
votes
Accepted
Is it common practice to validate responses from 3rd party APIs?
Absolutely. For starters, you never know that somebody hasn't hacked into your connection and the reply you receive doesn't come from the API at all.
And some time in the last two weeks I think ...
- 49.4k
59
votes
Is it ok to have validation layer before access control layer
It depends on whether knowing the validity of some input for a task that you aren't permitted to do is a security leak. If it is, you really should to do it the other way round.
The only safe ...
- 12.4k
55
votes
If functions have to do null checks before doing the intended behaviour is this bad design?
Since _someEntity can be modified at any stage, then it makes sense to test it every time that SetName is called. After all, it could have changed since the last time that method was called. But be ...
- 39.6k
43
votes
Is it common practice to validate responses from 3rd party APIs?
Somebody else's API is your external interface. You shouldn't blindly trust anything that crosses that boundary. Your future debuggers will thank you for not propagating the other system's errors ...
- 10.5k
25
votes
Is it ok to have validation layer before access control layer
Well, there are multiple types of validation:
Cheap basic sanity-checking, which verifies that the request is not obviously malformed.
This is typically at least partially duplicated client-side, to ...
- 9,309
24
votes
Should setters silently sanitize input — or should they just throw?
It depends heavily on the surrounding architecture. Validation is absolutely necessary, correction sometimes an acceptable way of addressing data not passing validation.
But where are these ...
- 34.8k
23
votes
If functions have to do null checks before doing the intended behaviour is this bad design?
But should the method not have this check?
This is your choice.
By creating a public method, you are offering the public the opportunity to call it. This always comes along with an implicit contract ...
- 3,767
21
votes
Is it a bad idea to do validation in the constructor?
You should do validation in a constructor, to the extent that it is necessary to ensure that your constructor can stand up a viable object.
This is especially true of any dependencies or data you hand ...
- 201k
20
votes
How to ensure data consistency in system with multiple databases?
There are no easy solutions.
Distributed consistency is fundamentally difficult, with some hard limits to what is possible. See the CAP theorem and Fallacies of distributed computing. And doing ...
- 6,329
17
votes
Is it common practice to validate responses from 3rd party APIs?
Is your API-boundary also a trust-boundary?
As you are communicating with a remote system, that's nearly a certainty. Even if the remote system itself might be trusted, the medium might not be.
...
- 9,309
15
votes
Is it ok to have validation layer before access control layer
There must be some validation before access control. Let's say SO's API has an endpoint "edit answer", then whether the user can edit a particular answer can depend on the answer (below a certain ...
- 15.6k
14
votes
If functions have to do null checks before doing the intended behaviour is this bad design?
The other answers are good; I'd like to extend them by making some comments about accessibility modifiers. First, what to do if null is never valid:
public and protected methods are those where you ...
- 46.6k
11
votes
Accepted
Why is it bad to use exceptions for handling this type of validation? It seems like it makes the code so much cleaner
The first issue I have with using exceptions for validation is that I would typically expect the outcome of the validation to potentially churn up multiple errors with the same data.
Exceptions are ...
- 12.1k
9
votes
Centralize input validation across multiple Microservices
If the microservices are written in the same language (or languages which can use libraries in a common language) it makes most sense to define a validation library and import it in the various ...
- 18.6k
8
votes
If functions have to do null checks before doing the intended behaviour is this bad design?
The other answers point out that your code can be cleaned up to not need a null check where you have it, however, for a general answer on what a useful null check can be for consider the following ...
- 2,633
8
votes
Accepted
Formatting a string by converting to a number then back to a string
Personally I think the first one looks more readable. It make really clear what's the expected output. The second one may take some more effort.
By the way, what happens if the number does not fit ...
- 204
8
votes
DDD - How to do informative validation (specifically on entity creation)?
This is a question I have been asking myself and doing research for quite some time now.
Below are a couple of ways you could be telling the caller of your constructors/methods what went wrong during ...
- 124
8
votes
Why is it bad to use exceptions for handling this type of validation? It seems like it makes the code so much cleaner
It seems to me that in your example the two exceptions are exceptional. ie. you don't expect them to be thrown very often.
The problem with the overall pattern is usually you DO expect validation ...
- 84.4k
8
votes
Accepted
Should I cache database requests made in validation layer?
It sounds like you have a problem with the "API" first approach (not the design pattern, but the knowledge of the infrastructure).
If you forget that you have an API, how would you handle ...
- 478
8
votes
Should setters silently sanitize input — or should they just throw?
No. A setter is generally too low level to do the kind of business logic transformation you describe.
(let's ignore the fact that in some cultures, name elements may start with a lower-case letter)
...
- 84.4k
7
votes
Should I fix known bad domains in user emails?
If you have control over where you get your email addresses from, I think it would be better to check this on the client side and ask them to verify the email is correct when you detect one of these ...
- 837
7
votes
Accepted
Check if object exists before updating/deleting
I'm going to go with "no" because not only does that mean more round-trips to the DB, but also you can't guarantee that another call to the same API isn't happening at the same time, so you can't be ...
- 3,347
7
votes
Accepted
Should validation be inside or outside function?
Both can be useful, but neither is better.
Which way this is handled has to be determined by gathering data and making decisions. Making the decision is a complex process that depends on ...
- 20.5k
7
votes
How to ensure data consistency in system with multiple databases?
You don't! You don't ensure consistency across multiple databases.
If there are multiple technologies, and multiple databases in the conventional sense, then ensuring consistency means designing ...
- 12.6k
7
votes
How to ensure data consistency in system with multiple databases?
"I'm not asking for organizational measurements"
Don't get me wrong, but that sounds pretty ignorant. You are simply describing all kind of quality issues in data. Quality issues require a ...
- 220k
7
votes
Should setters silently sanitize input — or should they just throw?
The robustness principle speaks to this: be conservative in what you do, be liberal in what you accept from others.
In other words, programs that send messages to other machines (or to other programs ...
- 120k
6
votes
Accepted
Multi-level validation in C#
Here is my solution. It is not perfect, but it is a start.
First of all, I have created an enum called ErrorLevel:
enum ErrorLevel
{
Error,
Warning
}
Next, for every validation rule, I have ...
- 2,727
6
votes
Should I assert the preconditions of functions in a public API?
This is a common misconception:
To my understanding, asserting logic errors for debugging purposes is encouraged,...
In spite of the fact that a lot of developers use them for that purpose, ...
6
votes
The "scope" of knowledge about what the valid parameters are
I think there's some confusion here over whether you're trying to model a real-world domain, or implement an actual software program.
In reality, most parking lots don't "know" which car is in what ...
- 3,109
Only top scored, non community-wiki answers of a minimum length are eligible