On Wednesday, 3 April 2013 at 21:44:36 UTC, Jonathan M Davis
wrote:
The main issue I have with the wrapper is the fact that you're
then forced to
overload your function if you want it to test the argument for
validity if
it's not wrapped and not test if it's wrapped. So, you're
creating an extra
overload with every function that's using the wrapper to
determine whether it
should test or not. And if you're not creating those overloads,
then there was
no point in creating the wrapper in the first place.
- Jonathan M Davis
Imagine typical web app. It does want all string data used with
db backend escaped to prevent any SQL injections. It does not
want to add checks if data is escaped in every single db-related
function because they aren't free and data is supposed to come in
already escaped by user input validator.
Consider using wrapper types here. db backend functions don't
need to accept raw data because they are supposed to get them
already escaped. User input validation works with raw strings and
can never receive wrapped ones from anyone.
It is like contract, but works in release and is verified by type
system instead of custom code. You may just omit wrapper, of
course, but you lose compile-time errors on attempt to send raw
string to db then. That is huge difference.
