默认情况下,它不会检测所有函数,而只是检测确实需要保护的函数(主要是使用字符数组的函数)。
By default, it doesn't instrument all functions, only those that it deems as being in need of protection (mainly functions with character arrays).
这段代码接受来自用户的受感染数据,检查要打印的字符只有字母和数字字符以及空格符,以此来提供安全保护。
This piece of code takes up tainted data from the user, ensuring protection as it checks that the characters to be printed are only alphanumeric characters and Spaces.
清除传入数据并通过转义传入的字符串保护数据库(参见清单3)。
"Clean up the incoming data and protect the database by escaping the incoming string (see Listing 3)."
应用推荐