c# - How often should I check the validity of the arguments? -

very encounter similar architectural problem. how should 1 check validity of entered arguments? let's check following example (don't care code correctness or compileability):

public void dosth() {     context.dbperform((sqliteconnection connection) =>         {             // *** 1 ***             if (connection == null)                 throw new argumentnullexception("connection");             if (!connection.isopen)                 connection.open();              try             {                 data.insert(data, connection);             }                         {                 connection.close();             }         }); }  // ----  public static void insert(data data, sqliteconnection connection) {     // *** 2 ***      if (data == null)         throw new argumentnullexception("data");     if (connection == null)         throw new argumentnullexception("connection");      if (!connection.isopen)         connection.open();      try     {         using (var cmd = connection.createcommand())         {             cmd.commandtext = sql.insertdata;              fillparameters(data, connection, cmd);              cmd.executenonquery();         }     }         {         connection.close();     } }  // ----  public static void fillparameters(data data,     sqliteconnection connection,     sqlitecommand cmd) {      // *** 3 ***      if (connection == null)          throw new argumentnullexception("connection");       // , on, idea } 

in previous snippet, connection has been checked being null or closed 3 times. seems little bit of overkill me - 50% of method's body security checks. don't feel security checks necessary, on other hand else have used these methods , cannot sure if passed valid parameters.

so questions are:

• how should 1 write security checks regarding passed parameters?
• what techniques may used retain level of security, without security checks?
• how paranoid should while checking invalid input? consider example:

class c {     private obj obj;      public c (obj newobj)     {         if (newobj == null)             throw new argumentnullexception("newobj");          obj = newobj;     }      public void dosth()     {         // should check, whether obj not null?     } } 

regarding first example, checks in insert() idea because insert() public. called context no checks done.

in general, validate @ public interface point. helps in making code loosely-coupled , reusable.

and every layer (tier, method) has own requirements. validate need task @ beginning of task.