ColdFusion评价真的很危险吗? [英] Is ColdFusion evaluate() really dangerous?
问题描述
阅读 https://stackoverflow.com/review/first-posts/3429940 (是PHP eval()
真的很危险吗?)
Upon reading https://stackoverflow.com/review/first-posts/3429940 (is PHP eval()
really dangerous?)
然后> http://dhorrigan.com/post/30395987906/is-eval-really-evil-yes-and-no
我想知道ColdFusion等效项是否也存在类似问题。
I am wondering if the ColdFusion equivalent has similar issues.
推荐答案
我认为PHP函数上的警告是带有历史性的&有点轻便,因为它们只关注结构的一种特定滥用,而不是结构的一般用途。
I think the warnings on the PHP function are histrionic & a bit facile, because they focus on one specific misuse of the construct, rather than its general purpose.
evaluate()
不太容易执行此操作,因为它无法执行任何数量的代码,它可以简单地计算单个表达式(尽管可以执行多个表达式,但分别执行和断开连接)。
evaluate()
will be less prone to this because it cannot execute any amount of code, it can simply evaluate individual expressions (albeit more than one, separately and disconnectedly executed).
问题是-并且在PHP文章中也涉及到这一点-几乎不需要(如果有的话)。如果您发现自己在使用它,则可能是在做错什么。
The thing is - and this is touched on in the PHP articles too - it's just seldom, if ever, needed. If you find yourself using it... you're probably doing something wrong.
为进一步阅读,我在我的博客上进行了讨论: evalulate()
真的很慢。现在了吗?
For further reading, I discuss this on my blog: "evalulate()
is really slow". Is it now?
这篇关于ColdFusion评价真的很危险吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!