ColdFusion评价真的很危险吗？ [英] Is ColdFusion evaluate() really dangerous?

问题描述

阅读 https://stackoverflow.com/review/first-posts/3429940 （是PHP eval（）真的很危险吗？）

Upon reading https://stackoverflow.com/review/first-posts/3429940 (is PHP eval() really dangerous?)

然后> http://dhorrigan.com/post/30395987906/is-eval-really-evil-yes-and-no

我想知道ColdFusion等效项是否也存在类似问题。

I am wondering if the ColdFusion equivalent has similar issues.

推荐答案

我认为PHP函数上的警告是带有历史性的&有点轻便，因为它们只关注结构的一种特定滥用，而不是结构的一般用途。

I think the warnings on the PHP function are histrionic & a bit facile, because they focus on one specific misuse of the construct, rather than its general purpose.

evaluate（）不太容易执行此操作，因为它无法执行任何数量的代码，它可以简单地计算单个表达式（尽管可以执行多个表达式，但分别执行和断开连接）。

evaluate() will be less prone to this because it cannot execute any amount of code, it can simply evaluate individual expressions (albeit more than one, separately and disconnectedly executed).

问题是-并且在PHP文章中也涉及到这一点-几乎不需要（如果有的话）。如果您发现自己在使用它，则可能是在做错什么。

The thing is - and this is touched on in the PHP articles too - it's just seldom, if ever, needed. If you find yourself using it... you're probably doing something wrong.

为进一步阅读，我在我的博客上进行了讨论： evalulate（）真的很慢。现在了吗？

For further reading, I discuss this on my blog: "evalulate() is really slow". Is it now?

这篇关于ColdFusion评价真的很危险吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！