Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Use of classes and security issue 1

Status
Not open for further replies.

southbeach

Programmer
Jan 22, 2008
879
US
So, I read an article that says that one should "never" directly invoke the value of a class object/variable like so

Code:
echo $object->variable;

but rather have a method in the class and use the method to invoke the variable

Code:
function getValue($varName) {
   return(this->$varName);
}

and you will then call it like so
Code:
echo $object->getValue('variable');

Frankly, this looks like a big waste and seems like bloated coding. I love using classes to retrieve MySQL data from tables and fill forms/values and I have gotten my own approach that works for me ...

Now, security is something I take seriously and if using classes and invoking its variables ($object->variable) is risky, I will change my ways but hell, I really want to know if this is as bad as the guy in the article made it sound.

NOTE: I tried to dig up the article again to provide you guys the link but I just cannot find it.



--
SouthBeach
The good thing about not knowing is the opportunity to learn - Yours truly, 2008.
 
Generally speaking, unless you expect someone else to be using your code, it really does not matter all that much.

Private and Public variable distinction only comes into play if more than one person is modifying the code and will be using your classes to make other classes and you want to prevent modification of certain variable values directly from children classes. It also depends largely on what the variable will be used for within the class.

You may want to make some variables private and require a function to change from outside the class, since private variables cannot be directly modified from outside their containing object. If you need to control their value very tightly for some reason, like configuration variables for your application. Others may be left to be changed easily and directly if their purpose demands they are changed this way.

As an example, you may read some configuration file for your app settings, and want to keep certain variables from being modified later down the code so as to not alter those loaded settings directly. i.e Prevent Settings from being changed programmatically and only by editing the config file.

Otherwise, determining what you will allow to be accessed directly and what may not be accessed directly comes down to what you are doing with the variables. And if anything may be done with the classes further down the inheritance line.




----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Web & Tech
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top