some PHP questions

@homer_j_simpsonOct 01.2008

Hi all,
I’m preparing for zend exam which I’ll be taking soon with some mock test from the zend. Some questions are easy and some are twisted. But, for some, I can’t find related information over the net. I posted those questions for you guys to see. I hope you guys can help me on this.

~~[Quote]~~

1. Name three new extensions in PHP5
choose 3
a)tidy
b)soap
c)java
d)curl
e)mysqli
My Guess : soap,java,tidy

2.Identify the best appraoch to compare to variables in a binary-safe fashion
a)Both strcmp() and $a===$b
b)$a==$b
c)$a===$b
d)str_compare()
e)strstr
my guess : e

3.When running PHP in a shared host environment, what is the major security concern when it comes to session data?
a)Sessions on shared hosts are easily hijacked by outside malicious users
b)All of the above
c)You cannot use a custom data store in shared hosts
d)Session data stored in the file system can be read by other scripts on the same shared host
e)Users outside the shared host can access any site which created a session for them
my guess : c

Which PCRE regular expression will match the string PhP5-rocks?
a)/^{^[hp1-5]*–.*/}
b)/[hp1-5]*–.?/
c)/[hp][1-5]*–.*/
d)/[Php]{3}[1-5]{2,3}–.*$/
e)/[a-z1-5–]*/
my guess: No correct answer

Which of the following are examples of the new engine executor models available in PHP 5?
(choose 3)
a)Switch
b)Conditional
c)Goto
d)Call
e)Dynamic
my guess : cde

The ______ constant in a CLI script is an automatically provided file resource representing standard input of the terminal.
a)STDIN
b)__STDIN__
c)STDIO
d)PHP::STDIO
e)STD_IN
my guess : a

Event-based XML parsing is an example of which parsing model?
a)SAX
b)DOM
c)XML Object Mapping
d)XPath
e)XQuery
my guess : d

[/quote]

to post a comment

PHP

9 Comments(s) _↴

@tjmcdOct 06.2008 — #Ok Homer,

Here's what I've got.
[LIST=1]

[*][B]Name three new extensions in PHP5[/B]

I believe the correct answer is [B]a, b, e[/B], tidy, soap and mysqli

[*][B]Identify the best appraoch to compare to variables in a binary-safe fashion[/B]

Like so many, this is one of those really poorly worded questions on the practice tests... however seeing as there is no mention of strings, or the nature of the comparison, I would have to guess "[B]c[/B]" here.

[*][B]When running PHP in a shared host environment, what is the major security concern when it comes to session data? [/B]

Actually this is THE VERY QUESTION I was investigating when I came upon your post here. Now, I don't know what "custom data store" even means, but I'm pretty darned sure it's NOT the answer to this question. In fact it is the ONE answer that renders me pretty certain that the answer is also NOT b."All of the above." (if MySQL or SQLite don't qualify as custom data stores then....????) currently my best guess would have to be.... [B]d?[/B]

[*][B]Which PCRE regular expression will match the string PhP5-rocks?[/B]

Your's is the second post I have encountered on this question, which posits the theory that there is NO correct answer.

One of two things here, either you both copied it wrong, or there is more than one version of this question being included in the practice tests.

Why? you ask... well, shortly after encountering the first such post on another forum, I did occasion to take a practice test, and found what appears to be the very same question included therein. As such, I did trouble myself to copy it for review and clarification. It turns out that my copy of the answers differs in one tiny but all important regard, specifically the character "[B]i[/B]" following the closing delimiter in answer-option "[B]a[/B]" as follows:

[B]Mine[/B] a)/^{^[hp1-5]*-.*/i}

[B]Yours[/B] a)/^{^[hp1-5]}*-.*/

The Correct answer -- not surprisingly --- is "[B]a[/B]"

[*][B]Which of the following are examples of the new engine executor models available in PHP 5?(choose 3)[/B]

The correct answers are a, c, d (SWITCH, GOTO, AND CALL)

[*][B]The ______ constant in a CLI script is an automatically provided file resource representing standard input of the terminal.[/B]

Yes, the [B]a[/B] is the correct answer.

[*][B]Event-based XML parsing is an example of which parsing model?[/B]

a) SAX

[/LIST]

@WDJFeb 24.2009 — #

# When running PHP in a shared host environment, what is the major security concern when it comes to session data?

The answer is (perhaps shockingly to some):

d)Session data stored in the file system can be read by other scripts on the same shared host

All session data is written to a common tmp directory which is accessible by any user on the virtual server, if usernames, passwords or any other sensitive info is stored then this data is at risk on a shared server.

Summary : dont store sensitive data in sessions on a shared server

Get a dedicated machine ! ?

@MindzaiFeb 24.2009 — #You definitely can define a custom session data store (a mysql table for example) and for the reason mentioned above is advisable on shared hosting!

@WDJFeb 24.2009 — #You definitely can define a custom session data store (a mysql table for example) and for the reason mentioned above is advisable on shared hosting![/QUOTE]

Yes this is true, but the answer to the zend question remains the issue about the shared tmp directory.

The following functions can be used to mitigate the security risk somewhat:

session_save_path()

and

session_set_save_handler

@MindzaiFeb 24.2009 — #Yes this is true, but the answer to the zend question remains the issue about the shared tmp directory.[/QUOTE]

Yes, I was just commenting ?

@helmisJun 07.2010 — #Hi

Which PCRE regular expression will match the string PhP5-rocks?

a)/^{^[hp1-5]*-.*/}

b)/[hp1-5]*-.?/

c)/[hp][1-5]*-.*/

d)/

[code=php]{3}[1-5]{2,3}-.*$/
 e)/[a-z1-5-]*/
 my guess: No correct answer
 
 the correct answer is B or E, i don't understand why u says A...
 
 [CODE]$str= "PhP5-rocks";
 echo preg_match("/^[hp1-5]*-.*/",$str); //0
 echo preg_match("/[hp1-5]*-.?/",$str);   //1
 echo preg_match("/[hp][1-5]*-.*/",$str); //0
 echo preg_match("/[code=php]{3}[1-5]{2,3}-.*$/",$str); //0
 echo preg_match("/[a-z1-5-]*/",$str); // 1 [/CODE]

Thanks

@NogDogJun 07.2010 — #Hi

Which PCRE regular expression will match the string PhP5-rocks?

a)/^{^[hp1-5]*-.*/}

b)/[hp1-5]*-.?/

c)/[hp][1-5]*-.*/

d)/

[code=php]{3}[1-5]{2,3}-.*$/
 e)/[a-z1-5-]*/
 my guess: No correct answer
 
 the correct answer is B or E, i don't understand why u says A...
 
 [CODE]$str= "PhP5-rocks";
 echo preg_match("/^[hp1-5]*-.*/",$str); //0
 echo preg_match("/[hp1-5]*-.?/",$str);   //1
 echo preg_match("/[hp][1-5]*-.*/",$str); //0
 echo preg_match("/[code=php]{3}[1-5]{2,3}-.*$/",$str); //0
 echo preg_match("/[a-z1-5-]*/",$str); // 1 [/CODE]

Thanks[/QUOTE]

A and C would match if you added the "i" modifier to make them case-insensitive. B and C currently match simply because the use of the "*" repetition character, which is zero or more occurrences, and therefore matches in these cases because it can ignore any preceding characters that do not match, since those patterns are not anchored to the start of the string with the "^{^"} character.

@MindzaiJun 07.2010 — #Same for E, it is essentially an empty expression that will match anything.

@NogDogJun 07.2010 — #Same for E, it is essentially an empty expression that will match anything.[/QUOTE]

Yeah, I think I meant "B and E" in my last reply instead of "B and C". ?

Also in #PHP _↴

[RESOLVED] Bokeh - Simple PHP image gallery AJAX POST data not being returned in FF Paypal

Success!

Help @homer_j_simpson spread the word by sharing this article on Twitter...

Tweet This

some PHP questions

9 Comments(s) _↴

# When running PHP in a shared host environment, what is the major security concern when it comes to session data?

Also in #PHP _↴

Success!

Social

Version

some PHP questions

9 Comments(s) ↴

# When running PHP in a shared host environment, what is the major security concern when it comes to session data?

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

9 Comments(s) _↴

Also in #PHP _↴