参数验证最佳实践 [英] Parameter Validation Best Practices
问题描述
假设您有一个应用程序,它是您所有业务逻辑的某种前端.这个前端有很多它所依赖的 DLL,并且这些 DLL 中的方法可能会在前端的给定方法的单次执行时重复调用彼此.如果您的应用程序的用户不直接访问这些 DLL,您应该...
Imagine you have an application which is some kind of front-end to all your business logic. This front-end has a lot of DLLs upon which it depends, and the methods in those DLLs may call each other repeatedly upon a single execution of a given method in the front-end. If the users of your application do not directly access those DLLs, should you...
1) 冒着(小)性能损失的风险,并在每个方法中验证参数,即使您最终可以验证相同的参数大约 5 次;或
1) Risk a (small) performance hit and validate parameters in each of those methods, even if you can end up validating the same parameters some 5 times; or
2) 冒意外行为的风险,并假设在您验证输入参数时,传入和传出内部代码的所有其他可能参数都是有效的(例如,既不为 null 也不为空)?
2) Risk unexpected behaviour and assume that, as you validate input parameters, all the other possible parameters passed to and from your internal code are valid (for example, neither null nor empty)?
举个例子,假设你有一个正则表达式 RegexA 和一个方法
Just to give an example, suppose you have a Regex RegexA and a method
internal bool Matches(string expression)
{
return RegexA.IsMatch(expression);
}
IsMatch 将对空参数抛出异常,但不会对空字符串抛出异常.如果您事先知道空字符串永远不会与该正则表达式匹配,那么您是否应该使用 if (String.IsNullOrEmpty(expression)) 之前,即使知道它可能在 IsMatch 框架方法?在这种情况下,您显然是在重复验证,但是重复还是冒险更好?
IsMatch will throw an exception on a null parameter, but not on the empty string. If you know beforehand that an empty string will never be a match to that Regex, should you use if (String.IsNullOrEmpty(expression)) before, even knowing that it may be validated for nullity inside the IsMatch framework method? In this case you are clearly repeating a validation, but is it better to repeat it or to risk?
推荐答案
通常参数检查非常便宜,即使调用数千次.例如测试一个值是否为空,一个字符串或集合是否为空,一个数字是否在给定范围内.
Usually parameter checks are very cheap, even if called thousands of times. For example test if a value is null, a string or Collection is emtpy a number is in a given range.
但要注意检查可能昂贵,所以请三思:评估大字符串上的正则表达式,检查文件是否存在,检查集合中的所有元素符合一定条件.
But beware that checks may be expensive, so think twice: Evaluating a regex on a large string, checking if a file exists, checking that all elements in a collection meets a certain criteria.
我还建议仅在公共或受保护方法中进行检查.请注意,所有带有未检查参数的公共方法都是潜在风险!
I would also only recommend checking only in public or protected methods. Note that all public methods with unchecked parameters are potential risks!
编辑/另一个想法:如果一个方法不使用参数,而是只是将其传递给另一个方法,那么您也可以省略检查.只有实际使用这些参数的方法才应该进行检查.
EDIT/another thought: If a method does not use the parameters but is just passing it to another method then you may also omit the checking. Only the method which is actually using these parameters for itself should do the checking.
这是因为如果参数的要求发生变化,您需要在多个地方更改验证,存在不一致的风险.
This is because if the requirements of the parameters change you need to change the validations in multiple places, risking inconsistency.
这篇关于参数验证最佳实践的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
