I am using Trivadis PL/SQL & SQL Coding Guidelines to check against my code, and one particular rule — G-8310: Always validate input parameter size by assigning the parameter to a size limited variable in the declaration section of program unit. — I keep stumble upon.
The rationale given:
This technique raises an error (value_error) which may not be handled in the called program unit. This is the right way to do it, as the error is not within this unit but when calling it, so the caller should handle the error.
Quoting the SEI CERT C Coding Standard just to clarify a different perspective:
Requiring the caller to validate arguments can result in faster code because the caller may understand certain invariants that prevent invalid values from being passed. Requiring the callee to validate arguments allows the validation code to be encapsulated in one location, reducing the size of the code and making it more likely that these checks are performed in a consistent and correct fashion.
For safety and security reasons, this standard recommends that the called function validate its parameters.
I would like the opinion of others here about it and if they feel declaring another variable for every input parameter is too much.
Anyway, there is another reason why one should follow the guideline. When you declare a formal parameter with %TYPE, the length/range constraint is NOT considered, when you declare a variable with %TYPE, it is (not the nullable part however).
And second, if a error is raised in the declarative section of the subprogram, it's exception section will NOT catch it, ever. I admit I didn't know about that and I was surprised by it. It seems to me a easy thing to overlook.