On 01/01/2013 10:43 AM, Scotto Alberto wrote: > Don't know what is the best. I think using preconditions is a strong > practice that gives you freedom and lets you avoid duplicate checks. > Actually, the preconditions must be documented... > > So I think that I may go for documenting the precondition in the wiki > page (also for simplicity). > > What do you think?
Relying on the input being validated before handed to the function is asking for trouble as soon as the function starts being used in multiple places, some of which may not validate the input. The function should be a black box, and you shouldn't need to know that it's going to pass provided arguments to shell_exec(). Fix problems at the source, not at some more distant location. You'll end up playing whack a mole otherwise. Thomas
