Secure coding guidelines/42/zh-tw: Difference between revisions

Latest revision as of 07:50, 14 January 2021

Information about message (contribute)

This message has no documentation. If you know where or how this message is used, you can help other translators by adding documentation to this message.

Message definition (Secure coding guidelines)

// For SQL data types: FLOAT, DOUBLE
$query = 'SELECT * FROM #__table WHERE `id`=' . (float) $id;
</source>
It's a good idea to get into the habit of always typecasting integers like this even if the variable was previously obtained using JInput->getInt. Further information on SQL injection attacks can be found here: http://php.net/manual/en/security.database.sql-injection.php and here: [[Retrieving_request_data_using_JInput#Getting_Values]].

// For SQL data types: FLOAT, DOUBLE $query = 'SELECT * FROM #__table WHERE `id`=' . (float) $id; </source> 總是對使用 <cdoe> JInput->getInt獲得的變數進行整數型別轉換，絕對是個好習慣。關於 SQL 注入攻擊更進一步的資訊，可以在 http://php.net/manual/en/security.database.sql-injection.php 以及 Retrieving_request_data_using_JInput#Getting_Values 找到。

Translations

Secure coding guidelines/42/zh-tw: Difference between revisions

From Joomla! Documentation

Latest revision as of 07:50, 14 January 2021

@@ Line 2: / Line 2: @@
 $query = 'SELECT * FROM #__table WHERE `id`=' . (float) $id;
 </source>
-It's a good idea to get into the habit of always typecasting integers like this even if the variable was previously obtained using JInput->getInt. Further information on SQL injection attacks can be found here: http://php.net/manual/en/security.database.sql-injection.php and here: [[Retrieving_request_data_using_JInput#Getting_Values]].
+總是對使用 <cdoe> JInput->getInt</code>獲得的變數進行整數型別轉換，絕對是個好習慣。關於 SQL 注入攻擊更進一步的資訊，可以在 http://php.net/manual/en/security.database.sql-injection.php 以及 [[Retrieving_request_data_using_JInput#Getting_Values]] 找到。