Before my much needed Holiday, a colleague of mine asked for my input on a funny issue he was having. The root of the problem was that our production server is still running PHP 5.1.2, where as most of us run 5.2.x on our development and test machines. My problem was that what I was seeing didn't make sense. The following portion of code is a simple reproduction of the code my colleague was using, running fine on PHP 5.2.x, but causing a fatal error on the production server running 5.1.2, an attribute access violation.

<?php
class BankAccount
{
    protected $balance;

    public function __construct($balance)
    {
        $this->balance = $balance;
    }

    public function __toString()
    {
        return 'Balance: ' . $this->balance;
    }

    public function debit($debit)
    {
        $this->balance -= $credit;
    }

    public function credit($credit)
    {
        $this->balance += $credit;
    }
}

class SavingsAccount extends BankAccount
{
    public function __construct(BankAccount $parent)
    {
        $this->balance = $parent->balance;
    }
}

$first = new BankAccount(1.00);
$second = new SavingsAccount($first);

echo $second, PHP_EOL; // Balance: 1

It turns out that PHP's visibility restrictions are on a class level, rather than an instance level, and the fatal error was actually due to a bug in 5.1.x.

The visibility of a property or method can be defined by prefixing the declaration with the keywords: public, protected or private. Public declared items can be accessed everywhere. Protected limits access to inherited and parent classes (and to the class that defines the item). Private limits visibility only to the class that defines the item.

This bemused me, as it would appear to me there is no point having a protected operator at all. Suppose I am a lowly programmer given the BankAccount Class above as an API I can use but not change. I have a data access object that returns BankAccount objects too, which I also can't touch. For reasons unknown to me, but probably to try and create some encapsulation so they can log transactions via the credit and debit methods, the original developer decided that I shouldn't be able to directly access the balance attribute, but I want to.

<?php

//$myAccount = $dao->getAccount(123);
$myAccount = new BankAccount(1.00);
echo $myAccount, PHP_EOL; // Balance: 1

class WorkAround extends BankAccount
{
    public static function setBalance(BankAccount $acc, $balance)
    {
        $acc->balance = $balance;
    }
}

WorkAround::setBalance($myAccount, 1000000.00);
echo $myAccount, PHP_EOL; // Balance: 1000000

This just doesn't seem right to me. Don't get me wrong, I appreciate there needs to be some level of responsibility taken by developers to not do this kind of thing. My colleague writes a lot of Java, in which this is also the expected behaviour with the protected visibility, hence why he set out on this path, so it seemed right to him. Because of this I embarked on a little research to determine how other languages implement visibility.

A very quick and non-extensive bit of research led me to believe that Python doesn't have visibility as I know it, and C# has protected and internal, but neither work the way I'd like. Ruby has the closest to what I desire in the form of instance variables, but I'm sure there's plenty I've missed.

class BankAccount
    def initialize(bal)
        @balance = bal
    end

    def debit(debit)
        @balance -= debit
    end

    def credit(credit)
        @balance += credit
    end

    def to_s
        "Balance: %d" % @balance
    end
end

class SavingsAccount < BankAccount
    def setBalance(acc, bal)
        # This wont work - we cant access acc.balance
        # acc.balance = balance;
    end

    def bonusCredit(credit)
        # just to prove a sub class can access 
        # the instance variable
        @balance += credit + 1
    end
end

first = BankAccount.new(42);
second = SavingsAccount.new(1);

second.setBalance(first, 5000000);
second.bonusCredit(10);

print first  # Balance: 42
print second # Balance: 12 

It worries me sometimes when I come across things like this that I blatantly should know and understand properly. Cheers JC.