| 1 comments ]

<?php
$values = array();
$pass = "";
for($i=0;$i<10;$i++) i="65;$i<91;$i++)" i="97;$i<123;$i++)" i="0;$i<7;$i++)">>

| 1 comments ]

1 Which of the following will extract the TLD (top level domain) of ".net" from the string?

2 Which php.ini directive should be disabled to prevent the execution of a remote PHP script via an include or require construct?

3 Consider the following code:

<?php
header("Location: {$_GET['url']}");
?>

Which of the following values of $_GET['url'] would cause session fixation?

Session Fixation is not possible with this code snippet
http://http://phpqa.blogspot.com//?PHPSESSID=123
PHPSESSID%611243
Set-Cookie%3A+PHPSESSID%611234
http://phpqa.blogspot.com/%2F%0D%0ASet-Cookie%3A+PHPSESSID%611234

4 Which of the following are not true about streams?

They are always seekable
When used properly they significantly reduce memory consumption
They can be applied to any data source
They are always bi-directional
They can be filtered

5 When using a function such as strip_tags, are markup-based attacks still possible?
Answer...
No, HTML does not pose any security risks
Yes, even a <p> HTML tag is a security risk
Yes, attributes of allowed tags are ignored
No, strip_tags will prevent any markup-based attack


Please answer through the comments I will make it publish on blog..............

| 1 comments ]

1 When connecting to a database using PDO, what must be done to ensure that database credentials are not compromised if the connection were to fail?

2 How can one take advantage of the time waiting for a lock during a stream access, to do other tasks using the following locking code as the base:

$retval = flock($fr, LOCK_EX);

3 The Decorator pattern is used to__________

4 HTTP authentication, how can we retrieve the user name & pasword?

5 Type-hinting and the instanceof keyword can be used to check what types of things about variables?

6 The MVC pattern in Web development involves which of the following components?

7 Given the string:
$var = "john@php.net";

Please answer through the comments I will make it publish on blog..............

| 1 comments ]

1 Which functions would be needed to translate the following string:

I love PHP 5

to the following?

5 PHP EVOL I

mirror()
strtoupper()
toupper()
str_reverse()
strrev()

2 What is the output of the following code block?


<?php

$array = array(1 => 0, 2, 3, 4);

array_splice($array, 3, count($array), array_merge(array('x'), array_slice($array, 3)));

print_r($array);

?>

3 Given the following array:

$array = array(1,1,2,3,4,4,5,6,6,6,6,3,2,2,2);

4 The fastest way to determine the total number a particular value appears in the array is to use which function?

array_total_values
array_count_values
A foreach loop
count
a for loop


Please answer through the comments I will make it publish on blog..............

| 0 comments ]

1 Which PCRE regular expression will match the string PhP5-rocks?


Answer...
/^[hp1-5]*\-.*/i
/[hp1-5]*\-.?/
/[hp][1-5]*\-.*/
/[PhP]{3}[1-5]{2,3}\-.*$/
/[a-z1-5\-]*/

2 Which of the following are valid PHP variables?
@$foo
&$variable
${0x0}
$variable
$0x0

3 To destroy one variable within a PHP session you should use which method in PHP 5?

4 When comparing two strings, which of the following is acceptable?
$a === $b;
strcasecmp($a, $b);
strcmp($a, $b);
$a == $b;
str_compare($a,$b);


Please answer through the comments I will make it publish on blog..............

| 0 comments ]

1 What is the best approach for converting this string:

$string = "a=10&b[]=20&c=30&d=40+50";

Into this array?


array(4) {
["a"]=>
string(2) "10"
["b"]=>
array(1) {
[0]=>
string(2) "20"
}
["c"]=>
string(2) "30"
["d"]=>
string(5) "40 50"
}


Answer...
Write a parser completely by hand, it's the only way to make sure it's 100% accurate
Use the parse_str() function to translate it to an array()
Pass the variable to another PHP script via an HTTP GET request and return the array as a serialized variable
Just call unserialize() to translate it to an array()
Write a string parser using strtok() and unserialize() to convert it to an array


2 SQL Injections can be best prevented using which of the following database technologies?

Answers: (choose 1)
All of the above
Prepared Statements
Persistent Connections
Unbuffered Queries
Query escaping

3 Name three new extensions in PHP 5


Answers: (choose 3)
tidy
soap
java
curl
mysqli

4 Which of the following is not a valid fopen() access mode:


Answer...
b
x
a
w
r+


Please answer through the comments I will make it publish on blog..............

| 0 comments ]

1 In PHP5 objects are passed by reference to a function when (Select the answer that is the most correct):

Answer...
Always; objects are passed by reference in PHP5
When the calling code preceeds the variable name with a &
Never; objects are cloned when passed to a function
When the function paramater listing preceeds the variable name with a &

2 What three special methods can be used to perform special logic in the event a particular accessed method or member variable is not found?


Answers: (choose 3)
__get($variable)
__call($method, $params)
__get($method)
__set($variable, $value)
__call($method)

3 When running PHP in a shared host environment, what is the major security concern when it comes to session data?

Answer...
Sessions on shared hosts are easily hijacked by outside malicious users
All of the above
You cannot use a custom data store in shared hosts
Session data stored in the file system can be read by other scripts on the same shared host
Users outside the shared host can access any site which created a session for them

4 In PHP 5, the ________ method is automatically called when the object is created, while the _______ method is automatically called when the object is destroyed.


Answer...
__construct(), __destruct()
<Class Name>, __destroy()
<Class Name>, ~<Class Name>
__startup(), __shutdown()
__construct(), __destroy()

Please answer through the comments I will make it publish on blog..............

| 1 comments ]

1 What is the best way to ensure the distinction between filtered / trusted and unfiltered / untrusted data?

Answer...
None of the above
Never trust any data from the user
Enable built-in security features such as magic_quotes_gpc and safe_mode
Always filter all incoming data
Use PHP 5's tainted mode

2 SimpleXML objects can be created from what types of data sources?


Answers: (choose 3)
A String
An array
A DomDocument object
A URI
A Database resource

3 Which of the following functions could be used to break a string into an array?

Answers: (choose 3)
array_split()
split()
string_split()
preg_match_all()
explode()

4 If you would like to change the session ID generation function, which of the following is the best approach for PHP 5?


Answer...
Set the session.hash_function INI configuration directive
Use the session_set_id_generator() function
Set the session id by force using the session_id() function
Use the session_regenerate_id() function
Implement a custom session handler

Please answer through the comments I will make it publish on blog..............

| 3 comments ]

1 Unlike a database such as MySQL, SQLite columns are not explicitly typed. Instead, SQLite catagorizes data into which of the following catagories?

Answers: (choose 2)
textual
unicode
numeric
binary
constant

2 When working with a database, which of the following can be used to mitigate the possibility of exposing your database credientials to a malicious user?

Answers: (choose 3)
Moving all database credentials into a single file
Moving all database credentials outside of the document root
Restricting access to files not designed to be executed independently
Setting creditial information as system environment variables
Using PHP constants instead of variables to store credentials

3 Which from the following list is not an approrpiate use of an array?

Answers: (choose 1)
As a list
All of these uses are valid
As a Lookup Table
A Stack
As a hash table

4 In PHP 5 you can use the ______ operator to ensure that an object is of a particular type. You can also use _______ in the function declaration.

Answer...
instanceof, is_a
instanceof, type-hinting
type, instanceof
===, type-hinting
===, is_a

Please answer through the comments I will make it publish on blog..............

| 2 comments ]

1 Consider the following String:

$string = "John\tMark\nTed\tLarry";

2 Which of the following functions would best parse the string above by the tab (\t) and newline (\n) characters?

3 How can you modify the copy of an object during a clone operation?

Answer...
Put the logic in the object's constructor to alter the values
Implment your own function to do object copying
Implement the object's __clone() method
Implement __get() and __set() methods with the correct logic
Implement the __copy() method with the correct logic

4 Which function would you use to add an element to the beginning of an array?

Answer...
array_shift()
array_push();
$array[0] = "value";
array_unshift()
array_pop();

ans: array_unshift();

Please answer through the comments I will make it publish on blog..............

| 4 comments ]

1 You can determine if you can seek an arbitrary stream in PHP with the ___________ function

2 To ensure that a given object has a particular set of methods, you must provide a method list in the form of an ________ and then attach it as part of your class using the ________ keyword.

Answer...
array, interface
interface, implements
interface, extends
instance, implements
access-list, instance

3 When executing system commands from PHP, what should one do to keep applications secure?

Answers: (choose 3)
Remove all quote characters from variables used in a shell execution
Avoid using shell commands when PHP equivlents are available
Hard code all shell commands
Escape all shell arguments
Escape all shell commands executed

4 When attempting to prevent a cross-site scripting attack, which of the following is most important?

Answer...
Not writing Javascript on the fly using PHP
Filtering Output used in form data
Filtering Output used in database transactions
Writing careful Javascript
Filtering all input



Please answer through the comments I will make it publish on blog..............

| 6 comments ]

1 When uploading a file using HTTP, which variable can be used to locate the file on PHP's local filesystem?


Answer...
None of the above
$_FILES['fieldname']['tmp_name']
$_FILES['fieldname']
$_FILES['fieldname'][0]['filename']
$_FILES['fieldname']['filename']

ans : $_FILES['fieldname']['tmp_name']


2 Which of the following SQL statements will improve SQLite write performance?


Answers: (choose 2)
PRAGMA locking_mode = "Row";
PRAGMA count_changes = Off;
PRAGMA default_synchronous = Off;
PRAGMA default_synchronous = On;
PRAGMA locking_mode = "Table";

Ans:

3 What is the best way to iterate and modify every element of an array using PHP 5?

Answer...
You cannot modify an array during iteration
for($i = 0; $i < count($array); $i++) { /* ... */ }
foreach($array as $key => &$val) { /* ... */ }
foreach($array as $key => $val) { /* ... */ }
while(list($key, $val) = each($array)) { /* ... */

4 What is the primary benefit of a SAX-based XML parser compared to DOM?




Please answer through the comments I will make it publish on blog..............

| 2 comments ]

What is the output of the following?


<?php

$a = 010;
$b = 0xA;
$c = 2;

print $a + $b + $c;

?7gt;
20
22
18
$a is an invalid value
2

Ans : 22


Please answer through the comments I will make it publish on blog..............

| 0 comments ]

What is the output of the following code?

class MyException extends Exception {}
class AnotherException extends MyException {}

class Foo {
public function something() {
throw new AnotherException();
}
public function somethingElse() {
throw new MyException();
}
}

$a = new Foo();

try {
try {
$a->something();
} catch(AnotherException $e) {
$a->somethingElse();
} catch(MyException $e) {
print "Caught Exception";
}
} catch(Exception $e) {
print "Didn't catch the Exception!";
}

?>


When using a function such as strip_tags, are markup-based attacks still possible?
Answer...
No, HTML does not pose any security risks
Yes, even a

HTML tag is a security risk
Yes, attributes of allowed tags are ignored
No, strip_tags will prevent any markup-based attack



Please answer through the comments I will make it publish on blog..............

| 0 comments ]

What is the output of the following?


<?php

$a = 20;

function myfunction($b) {
$a = 30;

global $a, $c;
return $c = ($b + $a);
}

print myfunction(40) + $c;

?>

ans: 120

Please answer through the comments I will make it publish on blog..............

| 0 comments ]

Consider the following script:


<?php
try {
$dbh = new PDO("sqlite::memory:");
} catch(PDOException $e) {
print $e->getMessage();
}

$dbh->query("CREATE TABLE foo(id INT)");
$stmt = $dbh->prepare("INSERT INTO foo VALUES(:value)");
$value = null;
$data = array(1,2,3,4,5);
$stmt->bindParam(":value", $value);

/* ?????? */
try {
foreach($data as $value) {
/* ????? */
}
} catch(PDOException $e) {
/* ??????? */
}

/* ?????? */
?>

What lines of code need to go into the missing places above in order for this script to function properly and insert the data into the database safely?

Please answer through the comments I will make it publish on blog..............

| 0 comments ]

Consider the following code block:

<?php
function &myFunction() {
$string = "MyString";
var_dump($string);

return ($undefined);
}

for($i = 0; $i < 10; $i++) {
$retval = myFunction();
}
?>

This code block's behavior has changed between PHP 4 and PHP 5. Why?


Answer...
None of the above
This could would cause an automatic segmentation fault in PHP 4
This code would throw a syntax error in PHP 4
Returning an undefined variable by reference in PHP 4 would cause eventual memory corruption
You could not return undefined variables by reference in PHP 4
Mark for Review?


Please answer through the comments I will make it publish on blog..............

| 0 comments ]

What is the output of the following script?


<?php

class A {

public function bar() {
print "Hello";
}

}

class B extends A {

function bar() {
print "Goodbye";
}
}

$c = new B();
$c->bar();
?>

| 0 comments ]

What are the values of $a in $obj_one and $obj_two when this script is executed?


<?php
class myClass {
private $a;

public function __construct() {
$this->a = 10;
}

public function printValue() {
print "The Value is: {$this->a}\n";
}

public function changeValue($val, $obj = null) {
if(is_null($obj)) {
$this->a = $val;
} else {
$obj->a = $val;
}
}

public function getValue() {
return $this->a;
}
}

$obj_one = new myClass();
$obj_two = new myClass();

$obj_one->changeValue(20, $obj_two);
$obj_two->changeValue($obj_two->getValue(), $obj_one);

$obj_two->printValue();
$obj_one->printValue();

?>


Answer...
10,20
You cannot modify private member variables of a different class
20,20
10,10
20,10

MY ans: 20, 20

Please answer through the comments I will make it publish on blog..............

| 0 comments ]

When your error reporting level includes E_STRICT, what will the output of the following code be?


<?php
function optionalParam($x = 1, $y = 5, $z)
{
if ((!$z > 0))
{
$z = 1;
}
for($count = $x; $count < $y; $count+= $z)
{
echo "#";
}
}
optionalParam(2,4,2);
?>


Answer...
##
Notice
Warning
Syntax Error
#

my ans #

| 3 comments ]

Consider the following PHP script:


<?php
function get_socket($host, $port) {
$fr = fsockopen($host, $port);
stream_set_blocking($fr, false);
return $fr;
}

// Assume $host1, $host2, etc are defined properly
$write_map[] = array('fr' => get_socket($host1, $port1),
'data' => str_pad("", 500000, "A"));
$write_map[] = array('fr' => get_socket($host2, $port2),
'data' => str_pad("", 500000, "B"));
$write_map[] = array('fr' => get_socket($host3, $port3),
'data' => str_pad("", 500000, "C"));

do {
$write_sockets = array();

foreach($write_map as $data) {
$write_sockets[] = $data['fr'];
}

$num_returned = stream_select($r = null, $write_sockets, $e = null, 30);

if($num_returned) {
foreach($write_sockets as $fr) {
foreach($write_map as $index => $data) {
if($data['fr'] === $fr) {
$len = fwrite($fr, $data['buf']);

if($len) {
$data['buf'] = substr($data['buf'], $len);

if(empty($data['buf'])) {
fclose($data['fr']);
/* ????????? */
}
}
}
}
}
}
} while(count($write_map));
?>

What should go in the ??????? above for this script to function properly?

Please answer through the comments I will make it publish on blog..............

| 0 comments ]

What is the output of the following code?


<?php
function x10(&$number)
$number *= 10;

$count = 5;
x10($count);
echo $count;
?>

Please answer through the comments I will make it publish on blog..............

| 1 comments ]

Consider the following PHP script fragment:

&lt:?php
$title = $dom->createElement('title');
$node = ????????
$title->appendChild($node);
$head->appendChild($title);
?>>

What should ??????? be replaced with to add a <title> node with the value of Hello, World!

My ans : Hello, World

Please answer through the comments I will make it publish on blog..............

| 0 comments ]

What is the output of the following code?

<?php
function callbyReference(&$variable = 5)
{
echo ++$variable;
}
callbyReference();
?>>

answer : 6
Please answer through the comments I will make it publish on blog..............

| 0 comments ]

Another Question regarding XML .

$dom = new DomDocument();
$dom->load('test.xml');
$xpath = new DomXPath($dom);
$nodes = $xpath->query(???????, $dom->documentElement);
echo $nodes->item(0)->getAttributeNode('bgcolor')->value
. "\n";
?>

What XPath query should go in the ?????? above to display the "bgcolor" attribute of the first "body" node in the XML document?


Please answer through the comments I will make it publish on blog..............

| 0 comments ]

What is the output of the following code?

<?php

class MyException extends Exception {}
class AnotherException extends MyException {}

class Foo {
public function something() {
throw new AnotherException();
}
public function somethingElse() {
throw new MyException();
}
}

$a = new Foo();

try {
try {
$a->something();
} catch(AnotherException $e) {
$a->somethingElse();
} catch(MyException $e) {
print "Caught Exception";
}
} catch(Exception $e) {
print "Didn't catch the Exception!";
}

?>


Please answer through the comments I will make it publish on blog..............