什么是“贪婪令牌解析"? [英] What is "Greedy Token Parsing"?

问题描述

什么是PHP中的贪婪令牌解析?我正在阅读PHP编码指南，内容如下:

What is Greedy Token Parsing in PHP? I was reading a PHP coding guide which said the following...

除非需要解析变量，否则始终使用单引号字符串，并且在确实需要解析变量的情况下，使用花括号防止贪婪的令牌解析.如果字符串包含单引号，因此您不必使用转义符."

"Always use single quoted strings unless you need variables parsed, and in cases where you do need variables parsed, use braces to prevent greedy token parsing. You may also use double-quoted strings if the string contains single quotes, so you do not have to use escape characters."

这是在变量周围使用花括号吗?某种安全过程可以排除黑客入侵? (例如{$ var})是否为贪婪的令牌解析了黑客可以使用的某种攻击，例如SQL注入或XSS(跨站脚本，

Is this using curly braces around my variables some sort of security process to rule out hacking? (E.g. {$var}) Is greedy token parsing some sort of attack that hackers can use, like SQL injection or XSS (Cross Site Scriptiong

推荐答案

假设您希望字符"a"立即跟随变量$var中包含的值.如果您写"$ vara"，那将不会起作用，因为您没有变量$vara.解析器是贪婪的-假定$之后的所有内容(如果包含该内容的合法语法)都应包含在内. "$ {var} a"可以防止这种情况.

Suppose you want the character "a" to immediately follow the value contained in variable $var. If you write "$vara", that's not going to work because you don't have a variable $vara. The parser is greedy--it assumes that everything following $ should be included if it's legal syntax to include it. "${var}a" prevents that.

这篇关于什么是“贪婪令牌解析"?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！