Welcome Guest, Not a member yet? Register   Sign In
Why should i use Private Funtions instead of Public Functions?
#1

[eluser]Slowcheetah[/eluser]
What is exactly the advantage of using (where possible) private functions?

How important is this for security issues? Can someone give me an example of a (security) problem that can occure when using public functions where private are preferred.
#2

[eluser]Dam1an[/eluser]
The whole private/protected/public thing comes from OOP
It makes no difference when executing the site, only when you're developing, the idea is to make as little public as possible, so you can rewrite as much as possible with it not impacting other part of the code

I always declare my methods/vars as public/private cause thats what I'm used to, but you don't need to
#3

[eluser]kgill[/eluser]
It isn't a security issue it's an organization issue and to understand it, you need to delve into the concepts behind OO programming. By declaring a method as public you are saying to anyone else writing code that uses your object: you can use this function to manipulate this object. Private functions are off limits to code that extend or instantiate your object, this ensures that the only way to manipulate your object is in the manner you've specifically allowed. Now as to why you'd want to do this, to prevent you or someone else from doing something stupid is the most common reason.

Lets go with a completely absurd hypothetical example, suppose you're writing a program to keep track of company payroll and you've got a function that uses a class level variable $this->user_hours, now a user can't work less than 0 hours so in your set_hours function you have a check for if $this->user_hours < 0 then gracefully fail with the message you can't do that. Now you finish writing your payroll program and hand it over to some other coder to do his part that builds the front end and uses your object. When he coded the front end he saw that $this->user_hours was declared as public so he used it in his code and passed the users hours directly into it. Fast forward a bit and some clueless user is now using the program and puts their hours in as -40 because hey they took a week off. That -40 gets put into your user_hours variable and the code you wrote to handle that never gets executed because it was accessed directly, had it been declared private he would have been forced to use your setter method and your code would have prevented problems.

Make sense now?
#4

[eluser]Dam1an[/eluser]
@kgill: Much better then my miserable failure of an explanation Smile
#5

[eluser]Slowcheetah[/eluser]
Thanks, i'm now getting an idea..

I desperatly need to read some more basics of OOP.
#6

[eluser]Dam1an[/eluser]
@slowcheetah: you probably know (as you said where possible) but private/protected/public declerations are only available in PHP5

You can read more about visibility in PHP here
#7

[eluser]ggoforth[/eluser]
Will code igniter load / run private functions found in controllers? EX: A callback function within a class for form validation. I only want that class to be able to run the call back, but I don't want the world to have access to it. If I make it private and someone goes to the url (domain.com/controller/call_back) and call_back is a private function, what happens?

Time to go test for myself.

Greg
#8

[eluser]Dam1an[/eluser]
To prevent a function ina controller being called by a URL, prefix it with an underscore (eg _cant_load_this_page())
Not sure if declaring one as private would cause problems, as CI is PHP4, and private is PHP5, so it may cause problems somewhere
#9

[eluser]jdfwarrior[/eluser]
I didn't read all the comments above because, well, I'm being lazy, but I saw someone say that difference in public and private has nothing to do with security (or something along those lines). What about if you have a method/function that is there to be able to delete a large group of objects from the database. You may not want that to be publicly accessible. So there is somewhat of a security risk associated with it. May not be the main thing behind it, but it's there as well.
#10

[eluser]Dam1an[/eluser]
From what I gathered, this was does declaring something private make it more secure from the end user
Seeing as you would only use private in models and libraries, the user can't call these directly, if you let the user delete a larg group of objects that they shouldn't, then thats largely the developers fault




Theme © iAndrew 2016 - Forum software by © MyBB