All it takes is an application with some dynamically constructed SQL and untrusted user input.
它所利用的只是具有一些动态构造的SQL和不可信用户输入的应用程序。
Accepting user input or any other data from an untrusted source is one of the most common risks a PHP developer can take when developing applications.
接受用户输入或来自不受信任来源的任何其他数据是PHP开发人员在开发应用程序时可能承担的最常见风险之一。
One of the hardest things to do is to differentiate between untrusted input from an external source — such as a user, another Web site, or some other resource — and data that is validated already.
最棘手的一件事情是如何从外部源(如某个用户、别的Web站点或某些其他资源)和已经验证的数据中区分出不受信任的输入。
User input is actually harder to make safe because there is no stack frame to trace the presence of the potentially untrusted data.
用户输入实际上更难以保证安全性,因为没有堆栈帧来跟踪可能不受信任的代码的存在。
Treat all user input as untrusted.
将所有用户输入视为不受信任。
Treat all user input as untrusted.
将所有用户输入视为不受信任。
应用推荐