[pipeline_tux]

From a security perspective, this is also a bad idea. One of the golden rules of security is to validate all input. Anything which the programmers didn't expect and check for can potentially be used as part of an exploit.

[unshift]

the idea is to validate all input only once, when it's transformed from raw user-input data into structs/objects/etc used by your program. after that, assume it's valid.

[lucisferre]

Yeah I've seen a lot of people misunderstand defensive programming and validate the input to every method. Defensive programming style can create disastrously verbose code, particular in OO languages with people who don't really get OO design.