Your SlideShare is downloading. ×
0
Zend PHP5 Certification          Presented by – Rakesh Kumar,                         Rajul Gupta, and                    ...
Who we are?• Rakesh Kumar  – Senior project manager – PHP and related    frameworks/Products, Senior consultant and traine...
Why certification?• Industry-wide standard and a measure of distinction• Certification is recognition of a set of capabili...
Preparation tools• Instructor lead Online training   – Register via website http://www.zend.com/   – Includes certificatio...
About the exam•   Composed of ~70 randomly generated questions•   Allowed 90 minutes to answer the questions•   Questions ...
Taking the exam• Exam administered at a Pearson VUE training center (  http://www.pearsonvue.com/)• Register for the exam ...
Questions & Strategies• There are several different types of questions,  which we will discuss:• Multiple choice, only one...
Questions & Strategies• Multiple choice, several answers may be  correct  – Most of the time you are told the number of   ...
Questions & StrategiesFreetext• Most of the time, questions are of this type:   – What is the output of the following code...
Testing software• You can mark questions for review   – Be sure to check whether there are any questions marked     for re...
At the end• You’ll immediately get your test result from  the testing center; usually printed out  – Passed/Failed• No det...
Basic exam information• You do not have to code large portions for the exam• You do have to answer freetext questions whic...
System information• The certification is independent of the operating  system and a specific database• A general understan...
About this session• We will give overview of all 12 topic areas• Major session focus is on some complex  questions and how...
The topic areas• PHP Basics                         •    Web Features• Functions                          •    PHP 4/5 Dif...
Embedding PHPThere are several options to embed PHP code in anHTML document<?php<?<%<script language="php"><?=Do all of th...
QuizWhat is the output for the following code?<?php $a=10; ?><?php=$a?>a)Fatal errorb)Parser errorc)Warningd)Noticee)10   ...
Basic PHP ElementsVariable (case-sensitive)${‘foo’}Variable Variables$bar = “My Value”;$foo = “bar”;$$foo;Constantsdefine(...
QuizWhat is the output of the following code?echo strlen(‘anb’) * strlen(“anb”);Is the following statement correct?${"func...
Bitwise OperatorsLeft shift: <<o Multiply by 2, x times (x is the operand after <<)o 3 << 4 == 48 (3 * 2^4 = 3 * 16)Right ...
QuizWhat is the output of the following code?<?php$a = 12;Echo ++$a + $a++ +$a;?>                    Zend PHP5 Certificati...
Quizclass test{        public function abc() {                 global $x;                 $x = 15;                 echo "I...
Quizclass test{        global $x;        public function abc() {                 $this->x = 15;                 echo "In A...
QuizWhat is the output of the following code?<?php$a = 6;echo ($a % 2) ? ($a%3) : ($a % 4);?>                    Zend PHP5...
Declare FunctionsWith (optional) parameters and (optional) return valuefunction myFunction($p) {// do somethingreturn $p;}...
Function ParametersAccessing parametersfunc_num_args(): Number of parametersfunc_get_arg(nr): Parameter number nrfunc_get_...
Variable functionsVariable functions work just like variable variablesfunction xyz() {echo "XYZ";}$d = "abc";$abc = "xyz";...
ArraysZend PHP5 Certification, OSIdays 2010             Chennai
QuizWhat is the output of the following code?<?php$a = array(“1” => 10, 1=> ‘B’, “C”, 2=>’D’);echo count($a);?>           ...
QuizWhat is the output of the following code?<?php$a = array();For ($i = 0; $i < 20; $i++) {  $a[$i/10] = $i;}echo count($...
QuizWhat is the output of the following code?<?phpecho count ( range( 5.0, 3.0, 0.25));?>                   Zend PHP5 Cert...
Built-in function• Remember names and arguments  – Commonly used array function (e.g. array_shift,    in_array,is_array)  ...
OOP•   Class declaration•   Inheritance•   Interface•   Abstract classes•   Autoloading•   Magic methods•   Cloning       ...
QuizWhich of these may be declared as final?1.Class2.Method,3.Variable                  Zend PHP5 Certification, OSIdays 2...
Converting Objects Into Strings - Quizclass myClass {function __toString() {       echo ABC;   }}$c = new myClass();echo $...
AutoloadingIf a non-existing class is instantiated, PHP executes the__autoload() function, if availableParameter: Name of ...
Copying Objects• Objects are always passed by reference• Cloning an object causes the object itself to be copiedinstead of...
Serializing Objects• Serializing objects and arrays with serialize()$s = serialize(array(1, 2, 3));// $s == a:3:{i:0;i:1;i...
STRINGZend PHP5 Certification, OSIdays 2010             Chennai
Looking For StringsThe strpos() function returns the position of the firstoccurrence – or false. strpos(haystack, needle) ...
QuizWhat is the output of the following code?<?php$url = ‘http://myDomain.com/script.php’;$pattern = ‘http://’If (strpos($...
Substringssubstr(string, start, length)Returns a substringNegative start value: Counting starts at the end of thestringWha...
Comparing Strings• Operator ==: Comparison including data type conversion• Operator ===: Comparison including data type ch...
Counting Strings• Number of characters strlen(string) Do not confuse with count() (array function)!• Number of words str_w...
Strings And Arrays• explode(split string, string) Converts a string into an array• implode(glue string, string) Converts a...
Formatted Output• printf(): Prints a formatted string• sprintf(): Returns a formatted string• vprintf(): Prints a formatte...
Regular Expressions• A regular expression describes a pattern• Looking for patterns is more powerful than looking for(stat...
Built-in character classesd (digit)D (no digit)s (whitespace)S (no whitespace)w (letter, digit, underscore)W (no letter or...
Quantifier* (any number of times) + (any number of times, at least once) ? (0 or 1) {n} (n times) {n,} (at least n times) ...
Pattern matching• preg_match(pattern, string)• Return value: Number of matches But: Search ends after the first match Ther...
Preg Functionspreg_match_all($pattern, $string, $matches): Returns allmatchespreg_replace(search pattern, replace pattern,...
Design and Theory   Zend PHP5 Certification, OSIdays 2010                Chennai
Problem 1Problem: Object access to a (relational) databaseSolution: Active Record• ORM: Object-Relational Mapping Use obje...
Problem 2• Problem: Create complex objects in a simple way• Solution: Factory• Old code:$db = new MySQLiConnection(); //se...
Problem 3• Problem: Architectural model for web applications• Solution: MVC• Model Encapsulates business logic and applica...
Problem 4• Problem: Indirect access to an object• Solution: Proxy• Used with many web services implementations$s = new SOA...
Problem 5• Problem: Only one instance of an object shall be used atany time• Solution: Singletonclass SingletonPattern {  ...
Web Features• Where is form data put with a GET HTTP request?  * Where is form data put with a POST HTTP request?• In the ...
File Uploads•* HTML element: <input type="file" />•* Required attribute in the <form> element: enctype="multipart/form-dat...
Quiz• When opening a file in writing mode using FTP  handler, what must be done so that file will  still be written to the...
Cookies•Cookies with PHP            Setcookie (Cookie value is encoded automatically)            Setrawcookie (Cookie va...
PHP 4/5 Differences•New Error Level E_STRICT•Object Oriented Programming          Public, private, protected          Co...
Quiz• To destroy one variable within PHP session,  you should use which method is PHP5  – Use session_destroy() function  ...
Files, Streams, Network    Two type of file functions                  Functions that works with file resource f* () (e....
FilesWhich PHP function is (more or less) emulated by this code?
Files  What is the name of the PHP function that reads one line out of a file?  File Operations              Copy     ...
XML and Web ServicesXML            eXtensible Markup Language            Simple rules: Must be well-formed and valid   ...
SimpleXML  "simple" access to XML data from PHP  OOP access for XML data            Elements become object properties  ...
Quiz• The method used to create a new node to be  added into an XML document using DOM is  the ____________ method.       ...
Web Services  Technology for machine-to-machine communication  Not a new idea, but standardization led to success in the...
Web Services    SOAP     Request and Response in XML        WSDL                Web Services Description Language     ...
Web Service    Create a Web Service                  Create class with business logic                  Register with So...
Databases    Save Data                  efficient storage      efficient access         Querying using SQL  Exam is d...
Databases  Primary keys  Foreign keys              Primary key from another table             Enables relational datab...
Databases•tab1 contains the IDs 1 to 8. tab2 contains the IDs 5 to 10.•What is the output of the following SQL query?•SELE...
Security    All input (from the outside) is (potentially) evil                  Filter/validate input       Escape outpu...
Security•Is there a potential security vulnerability in this code?
Security    XSS                Cross-Site Scripting                Injection of HTML, CSS or script code into a page   ...
Security    CSRF                  Cross-Site Request Forgeries                                  Creates HTTP requests  ...
Security•Is there a potential security vulnerability in this                       code?
Security    SQL Injection                  SQL code is injected into the SQL query                  Countermeasures    ...
Security    Sessions Attacks                  Session Hijacking                                Session ID is stolen    ...
Security    Code Injection                  allow_url_fopen = Off in php.ini      Another type of code injection can be ...
Questions?
Thank you for your time and        Attention!!       Zend PHP5 Certification, OSIdays 2010                    Chennai
Upcoming SlideShare
Loading in...5
×

Zend PHP5 Certification

5,971

Published on

Published in: Technology, Education
1 Comment
5 Likes
Statistics
Notes
No Downloads
Views
Total Views
5,971
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
403
Comments
1
Likes
5
Embeds 0
No embeds

No notes for slide

Transcript of "Zend PHP5 Certification"

  1. 1. Zend PHP5 Certification Presented by – Rakesh Kumar, Rajul Gupta, and Ankur Aeran OSSCube
  2. 2. Who we are?• Rakesh Kumar – Senior project manager – PHP and related frameworks/Products, Senior consultant and trainer – MySQL, Started as PHP Developer• Rajul Gupta – Senior consultant – CRM – PHP evangelist and ZCE• Ankur Aeran – Tech Lead – Drupal – ZCE, First Zend Framework Certified (India) Zend PHP5 Certification, OSIdays 2010 Chennai
  3. 3. Why certification?• Industry-wide standard and a measure of distinction• Certification is recognition of a set of capabilities that the person taking the test has developed• ZCE certification helps other people (e.g., potential• employers) answer questions like: – “How predictably is the person likely to perform when applying PHP 5 technology to a business problem?” – “Has this applicant reached a pre-defined minimum standard of experience to undertake professional quality work?” Zend PHP5 Certification, OSIdays 2010 Chennai
  4. 4. Preparation tools• Instructor lead Online training – Register via website http://www.zend.com/ – Includes certification voucher• Instructor lead classroom training – Authorized training partners• Zend PHP5 Certification Study Guide• Zend PHP5 Certification online practice exam• http://www.zend.com/en/services/certification/php-5-ce Zend PHP5 Certification, OSIdays 2010 Chennai
  5. 5. About the exam• Composed of ~70 randomly generated questions• Allowed 90 minutes to answer the questions• Questions cover twelve different topic areas• Questions vary in their degree of difficulty• Encompasses curriculum specified by the Zend PHP Education Advisory Board – Completely neutral – Exam excludes references or questions related to Zend‘s products Zend PHP5 Certification, OSIdays 2010 Chennai
  6. 6. Taking the exam• Exam administered at a Pearson VUE training center ( http://www.pearsonvue.com/)• Register for the exam via telephone or email – May differ by country; please check online• Bring two IDs, one must have your photo (and both must have your signature)• You will receive “scratch“ paper or an eraseable board for calculations at the time you take the test• You are not permitted to bring any materials into the room with you Zend PHP5 Certification, OSIdays 2010 Chennai
  7. 7. Questions & Strategies• There are several different types of questions, which we will discuss:• Multiple choice, only one answer is correct – Try to eliminate wrong answers – It makes no difference whether you incorrectly answer a question, or do not answer it at all, so... – Guess! Zend PHP5 Certification, OSIdays 2010 Chennai
  8. 8. Questions & Strategies• Multiple choice, several answers may be correct – Most of the time you are told the number of answers to select – Based on the number of correct answers, you may be able to eliminate some choices Zend PHP5 Certification, OSIdays 2010 Chennai
  9. 9. Questions & StrategiesFreetext• Most of the time, questions are of this type: – What is the output of the following code? – What is the name of the function/setting/constant/… that does X-Y-Z?• Be careful when entering the answer! – No whitespace, explanations, comments, ... – Use lowercase letters with functions Zend PHP5 Certification, OSIdays 2010 Chennai
  10. 10. Testing software• You can mark questions for review – Be sure to check whether there are any questions marked for review before you submit your test• You can mark questions for comment – If there is something you would like the committee to know about a particular question, please use the Comment option to communicate back with Zend• You can easily navigate back to questions you have marked, but not the others, so remember this feature Zend PHP5 Certification, OSIdays 2010 Chennai
  11. 11. At the end• You’ll immediately get your test result from the testing center; usually printed out – Passed/Failed• No detailed score – If you fail, you will receive feedback about how you did in each topic area (weak -> strong) Zend PHP5 Certification, OSIdays 2010 Chennai
  12. 12. Basic exam information• You do not have to code large portions for the exam• You do have to answer freetext questions which may contain variable names, small snippets of code, etc.• You do NOT have to memorize the PHP manual – Technically, there are some places where you do, such as remembering which order the parameters for a given function are• You must analyze PHP code• You must know important PHP functions Zend PHP5 Certification, OSIdays 2010 Chennai
  13. 13. System information• The certification is independent of the operating system and a specific database• A general understanding of related technologies like HTTP or SQL is required• Questions refer to a virtual PHP system with the recommended configuration: – register_globals is Off, magic quotes are off, error reporting is set to E_ALL – errors are displayed (unless otherwise noted) Zend PHP5 Certification, OSIdays 2010 Chennai
  14. 14. About this session• We will give overview of all 12 topic areas• Major session focus is on some complex questions and how to deal with them• Obviously there is not enough time to cover every detail• But there is enough time to give bird’s eye view and briefly describe what is required for passing the exam Zend PHP5 Certification, OSIdays 2010 Chennai
  15. 15. The topic areas• PHP Basics • Web Features• Functions • PHP 4/5 Differences• Arrays • Files, Streams, Network• OOP • XML and Web Services• Strings and Regular • Database Expressions • Security• Design and Theory Zend PHP5 Certification, OSIdays 2010 Chennai
  16. 16. Embedding PHPThere are several options to embed PHP code in anHTML document<?php<?<%<script language="php"><?=Do all of these work well in any of the environments? Zend PHP5 Certification, OSIdays 2010 Chennai
  17. 17. QuizWhat is the output for the following code?<?php $a=10; ?><?php=$a?>a)Fatal errorb)Parser errorc)Warningd)Noticee)10 Zend PHP5 Certification, OSIdays 2010 Chennai
  18. 18. Basic PHP ElementsVariable (case-sensitive)${‘foo’}Variable Variables$bar = “My Value”;$foo = “bar”;$$foo;Constantsdefine(myPHPVER2, 5.1.0, true); //case insensitiveCan we undefine a contstant? Zend PHP5 Certification, OSIdays 2010 Chennai
  19. 19. QuizWhat is the output of the following code?echo strlen(‘anb’) * strlen(“anb”);Is the following statement correct?${"function(){ this is a truely awful name for a variable }"}Is there any difference between echo() and print()? Zend PHP5 Certification, OSIdays 2010 Chennai
  20. 20. Bitwise OperatorsLeft shift: <<o Multiply by 2, x times (x is the operand after <<)o 3 << 4 == 48 (3 * 2^4 = 3 * 16)Right shift: >>o Divide by 2, x times (x is the operand after <<)o 4 >> 2 == 1 (4 / 2^2 = 4 / 4)• Negate bits: ~ Turns 0s into 1s, 1s into 0s Zend PHP5 Certification, OSIdays 2010 Chennai
  21. 21. QuizWhat is the output of the following code?<?php$a = 12;Echo ++$a + $a++ +$a;?> Zend PHP5 Certification, OSIdays 2010 Chennai
  22. 22. Quizclass test{ public function abc() { global $x; $x = 15; echo "In ABC -".$x; } public function pqr() { echo " In PQR -".$x; //Notice x is undefined. }}$testObj = new test();$testObj->abc();$testObj->pqr();echo " Out ".$x;*/ Zend PHP5 Certification, OSIdays 2010 Chennai
  23. 23. Quizclass test{ global $x; public function abc() { $this->x = 15; echo "In ABC -".$this->x; } public function pqr() { echo " In PQR -".$this->x; }}$testObj = new test();$testObj->abc();$testObj->pqr();echo " Out ".$x;*/ Zend PHP5 Certification, OSIdays 2010 Chennai
  24. 24. QuizWhat is the output of the following code?<?php$a = 6;echo ($a % 2) ? ($a%3) : ($a % 4);?> Zend PHP5 Certification, OSIdays 2010 Chennai
  25. 25. Declare FunctionsWith (optional) parameters and (optional) return valuefunction myFunction($p) {// do somethingreturn $p;}$x = myFunction("ABC"); //$x == "ABC"$x = myFunction(); //warning!If warning then what is the solution? Zend PHP5 Certification, OSIdays 2010 Chennai
  26. 26. Function ParametersAccessing parametersfunc_num_args(): Number of parametersfunc_get_arg(nr): Parameter number nrfunc_get_args(): All parameters as an arrayfunction addValues() {$sum = 0;for ($i = 0; $i < func_num_args(); $i++) {$sum += func_get_arg($i);}return $sum;} Zend PHP5 Certification, OSIdays 2010 Chennai
  27. 27. Variable functionsVariable functions work just like variable variablesfunction xyz() {echo "XYZ";}$d = "abc";$abc = "xyz";$$d(); // $$d() ==${"abc"}() ==$abc() ==xyz() Zend PHP5 Certification, OSIdays 2010 Chennai
  28. 28. ArraysZend PHP5 Certification, OSIdays 2010 Chennai
  29. 29. QuizWhat is the output of the following code?<?php$a = array(“1” => 10, 1=> ‘B’, “C”, 2=>’D’);echo count($a);?> Zend PHP5 Certification, OSIdays 2010 Chennai
  30. 30. QuizWhat is the output of the following code?<?php$a = array();For ($i = 0; $i < 20; $i++) { $a[$i/10] = $i;}echo count($a);?> Zend PHP5 Certification, OSIdays 2010 Chennai
  31. 31. QuizWhat is the output of the following code?<?phpecho count ( range( 5.0, 3.0, 0.25));?> Zend PHP5 Certification, OSIdays 2010 Chennai
  32. 32. Built-in function• Remember names and arguments – Commonly used array function (e.g. array_shift, in_array,is_array) – Checking for value functions – Sorting functions Zend PHP5 Certification, OSIdays 2010 Chennai
  33. 33. OOP• Class declaration• Inheritance• Interface• Abstract classes• Autoloading• Magic methods• Cloning Zend PHP5 Certification, OSIdays 2010 Chennai
  34. 34. QuizWhich of these may be declared as final?1.Class2.Method,3.Variable Zend PHP5 Certification, OSIdays 2010 Chennai
  35. 35. Converting Objects Into Strings - Quizclass myClass {function __toString() { echo ABC; }}$c = new myClass();echo $c; // ABC• Only works when directly called using echo/print Zend PHP5 Certification, OSIdays 2010 Chennai
  36. 36. AutoloadingIf a non-existing class is instantiated, PHP executes the__autoload() function, if availableParameter: Name of the missing classfunction __autoload($c) {include_once "./classes/class_$c.php";}$c = new myClass();//loads ./classes/class_myClass.php Zend PHP5 Certification, OSIdays 2010 Chennai
  37. 37. Copying Objects• Objects are always passed by reference• Cloning an object causes the object itself to be copiedinstead of passing the reference• Keyword clone$c1 = new myClass();$c2 = clone $c1;• PHP executes the special method __clone() uponcloning (if available) Zend PHP5 Certification, OSIdays 2010 Chennai
  38. 38. Serializing Objects• Serializing objects and arrays with serialize()$s = serialize(array(1, 2, 3));// $s == a:3:{i:0;i:1;i:1;i:2;i:2;i:3;}‘• De-serializing strings with unserialize()$a = unserialize(a:3:{i:0;i:1;i:1;i:2;i:2;i:3;});// $a == array(1, 2, 3)• Upon serialization, the special method __sleep() isexecuted (if available)• Upon de-serialization, the special method __wakeup() isexecuted (if available) Zend PHP5 Certification, OSIdays 2010 Chennai
  39. 39. STRINGZend PHP5 Certification, OSIdays 2010 Chennai
  40. 40. Looking For StringsThe strpos() function returns the position of the firstoccurrence – or false. strpos(haystack, needle) strpos(haystack, needle, starting offset)Pay attention to the data type of the return value!0 means that there was a match at position zeroFalse means no match was made Zend PHP5 Certification, OSIdays 2010 Chennai
  41. 41. QuizWhat is the output of the following code?<?php$url = ‘http://myDomain.com/script.php’;$pattern = ‘http://’If (strpos($url, $pattern)) { echo ‘URL Found’;} Else { echo ‘URL not found’;}?> Zend PHP5 Certification, OSIdays 2010 Chennai
  42. 42. Substringssubstr(string, start, length)Returns a substringNegative start value: Counting starts at the end of thestringWhat is the output of the following code?<?phpEcho substr(‘123456’,-4,-2);?> Zend PHP5 Certification, OSIdays 2010 Chennai
  43. 43. Comparing Strings• Operator ==: Comparison including data type conversion• Operator ===: Comparison including data type check• strcmp(): Case-sensitive comparison• strcasecmp(): Case-insensitive comparison• Return value of str*cmp(): 0 if equal Not 0 if inequal($a == $b) * strcmp($a, $a) is equal to ??? Zend PHP5 Certification, OSIdays 2010 Chennai
  44. 44. Counting Strings• Number of characters strlen(string) Do not confuse with count() (array function)!• Number of words str_word_count(string) str_word_count(strings, true) yields array with allsingle words Zend PHP5 Certification, OSIdays 2010 Chennai
  45. 45. Strings And Arrays• explode(split string, string) Converts a string into an array• implode(glue string, string) Converts an array into a stringWhat is the return value of the following code?<?phpEcho count(implode(‘.’,’3 … 2 … 1 … stillthinking!’);?> Zend PHP5 Certification, OSIdays 2010 Chennai
  46. 46. Formatted Output• printf(): Prints a formatted string• sprintf(): Returns a formatted string• vprintf(): Prints a formatted string, placeholder valuessupplied as an array• vsprintf():Returns a formatted string, placeholder valuessupplied as an array• fprintf(): Sends a formatted string to a resource Zend PHP5 Certification, OSIdays 2010 Chennai
  47. 47. Regular Expressions• A regular expression describes a pattern• Looking for patterns is more powerful than looking for(static) strings, though it comes at a cost to performance• Boundaries ^ (start of a line, though not necessarily start of the string) $ (end of a line , though not necessarily end of the string) A (start of the string) Z (end of the string) b (start or end of a word) B (not start or end of a word) Zend PHP5 Certification, OSIdays 2010 Chennai
  48. 48. Built-in character classesd (digit)D (no digit)s (whitespace)S (no whitespace)w (letter, digit, underscore)W (no letter or digit or underscore). (any character) Zend PHP5 Certification, OSIdays 2010 Chennai
  49. 49. Quantifier* (any number of times) + (any number of times, at least once) ? (0 or 1) {n} (n times) {n,} (at least n times) {,m} (at max m times) {n,m} (at least n times, at max m times) Zend PHP5 Certification, OSIdays 2010 Chennai
  50. 50. Pattern matching• preg_match(pattern, string)• Return value: Number of matches But: Search ends after the first match Therefore return value 0 or 1• Match details: third parameterpreg_match($pattern, $string, &$matches)o $matches[0]: Complete matcho $matches[1]: First submatch and so on Zend PHP5 Certification, OSIdays 2010 Chennai
  51. 51. Preg Functionspreg_match_all($pattern, $string, $matches): Returns allmatchespreg_replace(search pattern, replace pattern,string) Zend PHP5 Certification, OSIdays 2010 Chennai
  52. 52. Design and Theory Zend PHP5 Certification, OSIdays 2010 Chennai
  53. 53. Problem 1Problem: Object access to a (relational) databaseSolution: Active Record• ORM: Object-Relational Mapping Use objects during development The system in the background takes care of thecommunication with the database Typically, a row in the database would be mapped to anObjectExample in the PHP world: Doctrine, Propel Zend PHP5 Certification, OSIdays 2010 Chennai
  54. 54. Problem 2• Problem: Create complex objects in a simple way• Solution: Factory• Old code:$db = new MySQLiConnection(); //several times• Hard to migrate to another DBMS!New code:• static function factoryDB() {return new DBConnection(MySQLi);}• factoryDB() is the factory Zend PHP5 Certification, OSIdays 2010 Chennai
  55. 55. Problem 3• Problem: Architectural model for web applications• Solution: MVC• Model Encapsulates business logic and application data• View Outputs model data• Controller Controls the application flow Zend PHP5 Certification, OSIdays 2010 Chennai
  56. 56. Problem 4• Problem: Indirect access to an object• Solution: Proxy• Used with many web services implementations$s = new SOAPClient(http://example.com/xy.wsdl);$s->method();• The local object behaves like the remote object• The background implementation takes care ofcommunication, etc. Zend PHP5 Certification, OSIdays 2010 Chennai
  57. 57. Problem 5• Problem: Only one instance of an object shall be used atany time• Solution: Singletonclass SingletonPattern { static $conn = null; static function getConnection() { if ($conn == null) { SingletonPattern::$conn = factoryDB(MySQLi); } return SingletonPattern::$conn; } Zend PHP5 Certification, OSIdays 2010} Chennai
  58. 58. Web Features• Where is form data put with a GET HTTP request? * Where is form data put with a POST HTTP request?• In the following list, the elements "one" and "three" get selected.•• When submitting the form, which values will be found in $_GET or $_POST? Zend PHP5 Certification, OSIdays 2010 Chennai
  59. 59. File Uploads•* HTML element: <input type="file" />•* Required attribute in the <form> element: enctype="multipart/form-data"•* $_FILES ( Array keys are name, type, size, tmp_name, error)•* Uploads will be deleted after script execution  Copy away using copy_uploaded_file()  Move away using move_uploaded_file()  Check using is_uploaded_file()
  60. 60. Quiz• When opening a file in writing mode using FTP handler, what must be done so that file will still be written to the server in the event it previously exists? – Provide contest for fopen() using stream_context_create() – You must delete the file first before uploading a new file – Configure this behavior in php.ini using ftp.overwrite directive – Open the file using w+ mode Zend PHP5 Certification, OSIdays 2010 Chennai
  61. 61. Cookies•Cookies with PHP  Setcookie (Cookie value is encoded automatically)  Setrawcookie (Cookie value is not encoded)How many HTTP requests are required to determine, without JavaScript, whether aclient supports cookies or not?
  62. 62. PHP 4/5 Differences•New Error Level E_STRICT•Object Oriented Programming  Public, private, protected  Constructor (__construct)  Destructor (__destruct)  No assignments to $this within a class!  Clone (copy of object  $new = $old (Create reference)  == (Compare all object properties  === (Compare whether two objects are same object)
  63. 63. Quiz• To destroy one variable within PHP session, you should use which method is PHP5 – Use session_destroy() function – Use session_unset() function – Unset the variables in $_SESSION using unset – Any of the above are applicable in PHP5 Zend PHP5 Certification, OSIdays 2010 Chennai
  64. 64. Files, Streams, Network Two type of file functions  Functions that works with file resource f* () (e.g. Fopen, fclose) Functions that works file name file* () (e.g. file_get_contents)  Which of file function does not exists?  file_get_contents  file_put_contents  file_appends_contents  filesize
  65. 65. FilesWhich PHP function is (more or less) emulated by this code?
  66. 66. Files What is the name of the PHP function that reads one line out of a file? File Operations  Copy  Rename  Unlink  Rmdir Sockets  Create sockets with fsockopen
  67. 67. XML and Web ServicesXML  eXtensible Markup Language  Simple rules: Must be well-formed and valid  Universal file format  Usually a special dialect is used in the real world
  68. 68. SimpleXML "simple" access to XML data from PHP OOP access for XML data  Elements become object properties  Attributes can be accessed via associative arrays  $xml = simplexml_load_string(<?xml...);  $xml = simplexml_load_file(file.xml);  $xml = new SimpleXMLElement(<?xml...);  simplexml_import_dom() converts a DOM node into a simpleXML object
  69. 69. Quiz• The method used to create a new node to be added into an XML document using DOM is the ____________ method. Zend PHP5 Certification, OSIdays 2010 Chennai
  70. 70. Web Services Technology for machine-to-machine communication Not a new idea, but standardization led to success in the real world Based on XML Some special formats and protocols exist
  71. 71. Web Services SOAP Request and Response in XML  WSDL  Web Services Description Language  XML format that contains all information about a web service  Where  Which methods  Data Types  Return values
  72. 72. Web Service Create a Web Service  Create class with business logic  Register with Soap Server  $soap = new SoapServer(file.wsdl);  $soap->setClass({class_name});  Consume web service  $soap = new SoapClient(file.wsdl);  Call methods by $soap->{method_name} or  $soap->__soapCall(myMethod, array(Hello!));
  73. 73. Databases Save Data  efficient storage efficient access  Querying using SQL Exam is database independent!  No special SQL dialect  No special SQL functions
  74. 74. Databases Primary keys Foreign keys  Primary key from another table  Enables relational databases Create Database Insert/Updat/Delete data Sorting/Grouping Aggregation Joins
  75. 75. Databases•tab1 contains the IDs 1 to 8. tab2 contains the IDs 5 to 10.•What is the output of the following SQL query?•SELECT COUNT(*) FROM tab1 INNER JOIN tab2 ON tab1.ID <>•tab2.ID
  76. 76. Security All input (from the outside) is (potentially) evil  Filter/validate input Escape output  Trust no data from the outside!  GET/POST data  Cookies  HTTP Headers
  77. 77. Security•Is there a potential security vulnerability in this code?
  78. 78. Security XSS  Cross-Site Scripting  Injection of HTML, CSS or script code into a page  Especially dangerous: JavaScript
  79. 79. Security CSRF  Cross-Site Request Forgeries  Creates HTTP requests  Website trusts logged-in users  Attacks are usually executed via iframes or via XMLHttpRequest requests or <script>, <object>, <embed>, <img>, ...  Attacker employs user‘s browser to execute requests on the attacker‘s behalf  <img src="http://shop.xy/buy.php?item_id=123&quantity=1" />  Countermeasures  Use unique token in the form  Require re-login before "dangerous" operations
  80. 80. Security•Is there a potential security vulnerability in this code?
  81. 81. Security SQL Injection  SQL code is injected into the SQL query  Countermeasures  Prepared statements  Database specific escape functions (mysqli_real_escape_string)
  82. 82. Security Sessions Attacks  Session Hijacking  Session ID is stolen  Session Fixation User gets a "fixed" session ID (usually via an specially crafted URL)  Countermeasures  Change session ID prior to "critical" operations using session_regenerate_id()  Short session timeout  Use PHP configuration setting session.use_only_cookies
  83. 83. Security Code Injection  allow_url_fopen = Off in php.ini Another type of code injection can be done when using dynamic data in calls to  system() et al. Secure Configuration  display_errors = Off  log_errors = On  error_reporting = E_ALL error_reporting = E_ALL | E_STRICT  Secure Password  Use md5 or sha1
  84. 84. Questions?
  85. 85. Thank you for your time and Attention!! Zend PHP5 Certification, OSIdays 2010 Chennai
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×