注意,程序的名字只是命令行值的第0个参数——不要相信程序名,因为攻击者会改变它。
Note that the name of the program is just argument number 0 in the command line values — don't trust the program name, since an attacker can change it.
在很多类unix系统上,命令行值和环境可以被其他用户看到,所以不是在进程间保密地发送数据的好办法。
On many UNIX-like systems, the command-line values and environment variable values can be viewed by other users, so they aren't a good way to privately send data between processes.
为了查看使用命令行调试的值,让我们从下面所示的非常非常糟糕的PHP文件开始。
To see the value of debugging using the command line, let's start with the really, really bad PHP file shown below.
应用推荐