PHP – Best Methods for Function Parameter Validation

Methods with many parameters are often unavoidable.

Since when?

I mean it might be unavoidable to have a couple of methods like this in a non-trivial codebase, but the vast majority of your methods will have one or two parameters.

Having a boatload of parameters is a sign that: 1. Your function is doing too much. 2. Your boatload of separate parameters are really more cohesive than you thought.

How you solve the problem depends on which sign is applicable. If your function is doing too much, then splitting it up will naturally lead to fewer parameters - even if one orchestration function has too many. The more isolated code also makes it easier to see what's going on to simplify further.

If your parameters are more cohesive, then aggregating them (or at least some of them) into a useful bundle/class/structure is better since that would be used outside of just this one function.

But at least personally, I find parameter objects to be vile. If the parameters are cohesive, then they should've been in a class from the start. If you're making them into a class "to make that function prettier" then you're missing the point. Fix the problem, not the symptom.

Depending on your environment and problem context, the need to go the database can be mitigated, and as a result (IMO) the argument for using id's only is lost.

For example, PHP's Doctrine2 ORM has EntityManager::getReference which produces a lazily loaded proxy to an entity using the provided id; I don't know how many other ORM's do that, but it matches roughly the notion of a "mini-class" you mention. For most intents and purposes, this is a fully hydrated entity, so you can pass it around and use it like any other.

The only case in which it's not is when it's given an invalid id, and in that case you'd want to go to the database anyway to validate; plus, to reduce the cost of getting entities, most ORM's have (first & second level) caching functionality available in some form.

Once we reduce the need and cost of going to database, we're left largely with pro's of using the entity as a parameter:

1. Type safety.
2. Less knowledge required by the caller. A developer 6 months down the line can't mistakenly pass in the id of the wrong entity.
3. Reduced refactoring cost. If a method were to change to require 2 pieces of information from the entity, there's no cost in changing the caller to provide it, presuming the caller got the fully hydrated entity to begin with.
4. Less validation required per method. Many methods can assume that the entity they're given exists in the database (because it came from the ORM), and so no longer have to validate the id.
5. (Potentially) fewer database calls. If you're passing id's to 3 methods, and each one has to validate it or fetch more data on the entity, that's 3 times as many database calls as 1 method fetching the entity and 2 operating on it.

Of course, there are cases where one might want to pass an id only: for example when crossing a bounded context boundary (in domain driven design speak). If we consider two bounded contexts with differing notions of what makes up an account (eg finance vs customer relations), then we can't pass context A's account to context B. Instead, an account id (in the language of the domain) can be passed across.