Don't Validate And Format In A Single Function

30th June 2018 - 7 minutes read time

I wanted to impart a piece of advice to do with validation and formatting of user input, although I've never seen anyone suggest it. I guess it would come under the single responsibility principle so it might seem obvious to some people. There can be reasons why this might at least seem like a good idea at the time.

Essentially, if you want to validate that something is correct, don't format it at the same time. These two actions should be done in separate functions or even classes. I hope to demonstrate that using a single function validate and format anything is a bad idea. I'll mainly be using PHP to demonstrate this, but the principle should be pretty much the same in any language.

Take the following function called isValid(). This is an arbitrary and simple example but shows validation and formatting in use in a single function.

function isValid(&$string) {
  $string = trim($string);
  if (strlen($string) < 8) {
    return false;
  }
  $string = strtoupper($string);
  return true;
}

The $string parameter passed to this function is passed by reference and as such anything we do to the string throughout the function changes the original string passed to it. If the string is less than 8 characters long then the function return false. Otherwise the string is uppercased and the function returns true. In either situation the string is trimmed so there is a good chance that the string will always be different when finished.

Using the above function we might implement something like this.

$string = 'abcdefghijk  ';
if (isValid($string) == true) {
  echo 'string is valid';
}
else {
  echo 'string is invalid';
}

After this function has completed our string is now trimmed and is in uppercase, but there is no indication that this has actually happened. This can be confusing.

I can understand why this sort of thing appears to be the right way to do this. At face value it seems to make sense that if we have validated our string then it should be formatted as well. In fact, validation code will naturally contain much of the same fine detail that formatting code does, so it can feel the right thing to do.

Unfortunately, with a single function that validates and formats the string we can get ourselves into situations where the validation function is used to format the string and not actually perform any validation. This is where confusing code like this starts to happen.

$string = getEnteredString();

isValid($string);

saveStringToDatabase($string);

In this example a function called getEnteredString() is used to get some pre-validated user entered string before saving it to the database. Before that happens there is a call to isValid(), which is only used to format the string. This looks incorrect, and you would need to look closely at isValid() to figure out why it was being used in this context. People not familiar with the codebase will see this as a mistake and start to fix a non-existent bug. I appreciate that the function probably won't be called isValid(), but it is still confusing as to what this function should be doing in this context.

The best way to approach this is to remove all formatting code from the isValid() function and only use it for validation.

function isValid($string) {
  if (strlen(trim($string)) < 8) {
    return false;
  }
  return true;
}

Then, in a separate function we can format the string.

function formatString($string) {
  return strtoupper(trim($string));
}

The two functions can then be used like this.

if (isValid($string) == true) {
  echo 'string is valid';
  $string = formatString($string);
}
else {
  echo 'string is invalid';
}

In this example, if the validation passes then the string can be formatted separately.

Although it might look like we have written more code the separation of concerns here makes both testing and maintenance much easier. Being able to accurately predict the exact output of the function based on known inputs means testing can be simpler to perform.

If everything is placed into the same function then tweaking the validation becomes a lot more complex as the formatting part also needs to be taken into account and verified. I have come across this situation a few times and attempting to change a validation and formatting function becomes quite sticky. You can find yourself in the situation where you have a large single function trying to do everything and the complexity can be very difficult to understand.

PHP
best practice
validate
format

Add new comment

The content of this field is kept private and will not be shown publicly.
CAPTCHA
5 + 4 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

Related Content

Recreating Spotify Wrapped In PHP

17th March 2024

I quite like the end of the year report from Spotify that they call "Wrapped". This is a little application in which they tell you what your favorite artist was and what sort of genres you listened to the most during the year.

Read more

Should A Constructor Throw An Exception?

18th February 2024

Let's say you had a class that you wanted to use, but there was some sort of error in creating the object. This might be that the wrong parameters were passed, or the third party service (eg. a database) wasn't available at the time of creation.

Read more

PHP Question: Variable Reference

10th December 2023

Question

What does the following code print out?

function arrayPrint($array)
{
   echo implode(' ', $array);
}

$arrayA = [1, 2, 3];
$arrayB = $arrayA;
$arrayB[1] = 0;
arrayPrint($arrayA);

Read more

Creating An Authentication System With PHP and MariaDB

15th October 2023

Using frameworks to handle the authentication of your PHP application is perfectly fine to do, and normally encouraged. They abstract away all of the complexity of managing users and sessions that need to work in order to allow your application to function.

Read more

Creating Sparklines In PHP

17th September 2023

A sparkline is a very small line graph that is intended to convey some simple information, usually in terms of a numeric value over time. They tend to lack axes or other labels and are added to information readouts in order to expand on numbers in order to give them more context.

Read more