Why should exec() and eval() be avoided?

后端 未结 11 1991
Happy的楠姐
Happy的楠姐 2020-11-22 00:16

I\'ve seen this multiple times in multiple places, but never have found a satisfying explanation as to why this should be the case.

So, hopefully, one will be prese

11条回答
  •  醉酒成梦
    2020-11-22 00:59

    Allowing these function in a context where they might run user input is a security issue, and sanitizers that actually work are hard to write.

提交回复
热议问题