说明整数资料和浮点数资料之间的差异,以及如何在指令码中输入数值资料。
Describes the difference between integral and floating-point data and how to enter numeric data in a script.
恶意使用者能够取得要执行的程序码(指令码),方法是将其伪装成页面的使用者输入或连结。
A malicious user manages to get code (script) to execute by masking it as user input from a page or as a link.
显示使用者输入之前,必须先检查输入是否有恶意用户端指令码,例如可执行的指令码或SQL陈述式。
Before displaying user input, the input must be checked for malicious client script, such as executable script or SQL statements.
应用推荐