what is the use of public, private, protected class where it can be access via reflection class?

Question

Something which is made for security purpose and encapsulation that we have the Public,Private, Protected classes but one question is still struck in the mind that what is the mean of that if we still can access or know those all the members of class whatever it is Public, Private or Protected??

For Example :

<?php

 class GrandPas   // The Grandfather's class
  {
   public     $name1 = 'Mark Henry';  // This grandpa is mapped to a public modifier
   protected  $name2 = 'John Clash';  // This grandpa is mapped to a protected  modifier
   private    $name3 = 'Will Jones';  // This grandpa is mapped to a private modifier
  }
#Scenario: Using reflection

$granpa = new ReflectionClass('GrandPas'); // Pass the Grandpas class as the input for the Reflection class
$granpaNames=$granpa->getDefaultProperties(); // Gets all the properties of the Grandpas class (Even though it is a protected or private)



 echo "Printing members the 'reflect' way..<br>";

 foreach($granpaNames as $k=>$v)
  {
    echo "The name of grandpa is $v and he resides in the variable $k<br>";
  }

the output will be:

#Scenario Using reflection
Printing members the 'reflect' way..
The name of grandpa is Mark Henry and he resides in the variable name1
The name of grandpa is John Clash and he resides in the variable name2
The name of grandpa is Will Jones and he resides in the variable name3

As we can see the all members of the class whether its Private, Protected or Public. So what is the concept of OOP here?

PS: Example take from Shankar Damodaran.

Answer 1

TL;DR;

If you can do something - that does not mean you should do it

Reflection

That's the thing which is intended to provide meta-information about entities, but real use-case for it is debatable and almost always it can be replaced with something. The point is not to tell that it's bad, but to tell - if you want to use that in your architecture, then probably, you have a flaw in it.

A way to "go"..

Actually, you can access protected/private properties in PHP without using Reflection. For instance, Closure::bindTo() like:

class Test
{
   private $x = 'foo';
}

$z = new Test();

$y = function()
{
   return $this->x;
};
$y = $y->bindTo($z, $z);

echo $y(); //foo

And.. so what? Each language feature may be used for good or bad. That we're calling "good practices" and "bad practices" (well, to be honest, it's hard for me to remember "good practices" for such things as global in PHP, but that's out of this question). More, in PHP there are so many thins which you can use in wrong way - that it makes it difficult language - in the sense, that it's not hard to learn the language, but it's hard to use all it's features properly, because that requires solid architecture & good practices knowledge.

You may imagine a way to access hidden properties with even such thins as var_dump() + ob_ functions - but that will only illustrate how horrible may be using of some decent feature.

And how to deal with it

Do not use Reflection in such way. And certainly don't count on this when building your architecture. It's not the thing for which it should be used. And if you want to access your properties from outside - then - fine, declare them as public.

Just use things properly. It's the only way to go. And if you don't know what is the proper usage - then learn. It's the thing we're always doing. Each day.

Answer 2

The public, protected and private tokens are meant to define visibility for properties, it's not meant to provide security in any way.

Visibility is used to distinguish between:

1. your public interface,
2. the interface exposed to class extensions, or,
3. internal state.

Reflection is primarily meant as an aid to provide goodies such as AOP, DIC, proxies, etc.; specifically, it's not meant as a hacker's tool. Someone using your code can simply read it to get what they want, nay, edit it for their own "evil" purposes.