Beruflich Dokumente
Kultur Dokumente
Introduction to the Certification
WHY BECOME A ZEND CERTIFIED ENGINEER? BECOMING A ZEND CERTIFIED ENGINEER ASSURES
YOUR COMPETITIVENESS IN AN INCREASINGLY COMPETITIVE ENVIRONMENT, ENABLING YOU TO
DIFFERENTIATE YOURSELF IN THE MARKETPLACE. WHETHER YOU ARE LOOKING FOR A NEW JOB,
MAKING YOUR CASE AT YOUR ANNUAL SALARY REVIEW, OR LOOKING FOR WAYS TO INCREASE
YOUR PROFILE, AS A ZEND CERTIFIED ENGINEER YOU HAVE A CLEAR ADVANTAGE. THE ZCE
CREDENTIAL OFFERS THESE BENEFITS:
GET YOUR RESUME NOTICED AND DIFFERENTIATE YOURSELF WHEN COMPETING FOR A NEW JOB
GET FEATURED IN ZEND'S CERTIFIED ENGINEERS DIRECTORY FOR PHP PROFESSIONALS, USED BY
RECRUITERS TO FIND TOP PHP DEVELOPERS WORLDWIDE
GET RECOGNIZED BY THE PHP COMMUNITY AS A PROUD AND DEDICATED SUPPORTER OF PHP
ABOUT
ZEND
ZEND IS THE PHP COMPANY. BUSINESSES UTILIZING PHP KNOW ZEND AS THE PLACE TO GO FOR
PHP EXPERTISE AND SOUND TECHNOLOGY SOLUTIONS. ZEND DELIVERS PREMIER WEB APPLICATION
PLATFORM PRODUCTS AND SERVICES FOR PHP APPLICATIONS. WITH COMMERCIAL PRODUCTS AND
SERVICES THAT ENABLE DEVELOPERS AND IT PERSONNEL TO DELIVER BUSINESS-CRITICAL PHP
APPLICATIONS, ZEND IS TAKING THE POWER OF PHP TO THE ENTERPRISE.
IF YOU HAVE ANY QUESTIONS ABOUT THE CERTIFICATION, OR WOULD LIKE TO PROVIDE FEEDBACK
TO US ON THIS GUIDE, PLEASE CONTACT US AT: certification@zend.com.
THE
EXAM
~ 70 RANDOMLY-GENERATED QUESTIONS
COMPOSED OF
1.
PHP BASICS
2.
3.
STRINGS
4.
ARRAYS
5.
INPUT / OUTPUT
6.
FUNCTIONS
7.
OBJECT-ORIENTED PROGRAMMING
8.
DATABASES
9.
SECURITY
10.
WEB FEATURES
/ OUTPUT
OPTIONS VARY BY COUNTRY... PLEASE CHECK THE PEARSON VUE WEB SITE
THE TESTING CENTER WILL SUPPLY YOU WITH EITHER "SCRATCH" PAPER OR AN
ERASABLE BOARD FOR ANY CALCULATIONS YOU MIGHT NEED TO MAKE...
YOU ARE NOT ALLOWED TO BRING ANYTHING INTO THE EXAM WITH YOU
(NOTES, SMARTPHONE, ETC.)
GUESS!
THERE IS NO PENALTY FOR GETTING AN ANSWER WRONG... YOU ONLY GET CREDIT
FOR CORRECT ANSWERS
HOWEVER, YOU WILL NEED TO KNOW COMMONLY USED CODE ELEMENTS, SUCH
AS COMMON FUNCTIONS, CONSTANTS, CLASSES, ...
ASSUMED ENVIRONMENT
TEST RESULTS
IF YOU DO NOT PASS, YOU ARE GIVEN PRINTED FEEDBACK ON EACH TOPIC TO
IDENTIFY AREAS REQUIRING ADDITIONAL STUDY... NO DETAILED SCORE GIVEN
SYNTAX
PUNCTUATION
TAGS
OPENING ...
CLOSING ...
<?php
?>
<script language='php'>
</script>
COMMENTS
// USED FOR A SINGLE COMMENT LINE
// MUST BE REPEATED FOR MULTIPLE LINES...
/* AND */
*/
OPERATORS
ARITHMETIC OPERATORS
BASIC CALCULATIONS
(ADDING)
(SUBSTRACTING)
(MULTIPLYING)
(DIVIDING)
$m = 5 % 2; // $m == 1
BITWISE
OPERATORS
E X:
LOGICAL
SYMBOL
AND
&
OR
EITHER-OR
SHIFT BITS
<< X
EX: 4 >> 2 == 1
NEGATE BITS
[LIKE DIVIDING BY 4]
CONVERT 0S INTO 1S; 1S INTO 0S
OPERATORS
ASSIGNMENT
OPERATORS
ASSIGN ( = )
EX: $a += 1;
IS SHORT-HAND FOR
&
>>
<<
$a = $a + 1;
COMBINED/CONCATENATING ASSIGNMENT ( . = )
EX:
$a = "Hello,";
$a .= "World !"; ... RESULTS IN "HELLO, WORLD !"
INCREASE / DECREASE ( ++
--
COMPARISON OPERATORS
EQUALITY ( == )
INEQUALITY ( != )
( === )
(!== )
!== 123
OPERATORS
ARRAY
OPERATORS
+
UNION
==
EQUAL
===
IDENTICAL
!=
NOT EQUAL
<>
NOT EQUAL
!==
NOT IDENTICAL
LOGICAL
OPERATORS
EXAMPLE
OPERATOR
EVALUATES
$a and $b
and
BOTH
$a or $b
or
EITHER
$a
$a xor $b
xor
EITHER
$a,$b
! $a
not
$a
$a && $b
and
BOTH
$a || $b
or
EITHER $a
$a
AS
AND
TRUE WHEN...
$b
TRUE
$b
TRUE
OR
NOT TRUE
$a
AND
$b
OR
TRUE
$b
TRUE
10
STRING OPERATORS
OPERATORS
EXECUTION
OPERATORS
USE BACKTICKS `` TO EXECUTE THE CONTENTS ENCLOSED BY THEM AS A
SHELL COMMAND, EQUIVALENT TO shell_exec()
OPERATOR PRECEDENCE
11
VARIABLES
CASE-SENSITIVE
REFERENCING
INITIALIZING
isset()
INITIALIZED
12
NAMING
CONDITIONS
IF
EVALUATES FOR A CONDITION (BOOLEAN VALUE), TO DETERMINE WHETHER
TO EXECUTE CODE; CAN BE NESTED
ELSE
PROVIDES ALTERNATIVE EXECUTION, WHEN COMBINED WITH IF (=FALSE)
IF-ELSE (TERNARY
OPERATOR)
SWITCH
USE TO EVALUATE (BOOLEAN VALUE) AGAINST A SERIES OF CONDITIONS,
TO DETERMINE WHICH CODE TO EXECUTE FOR EACH CONDITION
13
CONTROL STRUCTURES
CONTROL
STRUCTURES
LOOPS
WHILE
EXECUTES STATEMENT UNTIL CONDITION IS NO LONGER EVALUATED AS
BOOLEAN TRUE; CONDITION EVALUATED AT BEGINNING
DO-WHILE
EXECUTES STATEMENT UNTIL CONDITION IS NO LONGER EVALUATED AS
BOOLEAN TRUE; CONDITION EVALUATED AT END
FOR
EXECUTES FIRST STATEMENT ONE TIME AS AN ASSIGNMENT, THE
SECOND STATEMENT AS A LOOPING CONDITION CHECKED AT THE
BEGINNING OF THE FIRST AND SUBSEQUENT ITERATIONS UNTIL
CONDITION IS NO LONGER
EVALUATED AS BOOLEAN TRUE, THEN EXECUTES THE THIRD AND FINAL
STATEMENT AT THE END OF EACH ITERATION
FOREACH
USED ONLY FOR ARRAYS; ASSIGNS VALUE OF CURRENT ELEMENT TO THE
VARIABLE AND ADVANCES THE ARRAY POINTER UNTIL IT REACHES THE
LAST ELEMENT
CONTINUE
WITHIN LOOPS, USED TO PASS OVER ANY REMAINING CODE WITHIN THE
ITERATION AND RETURN TO THE INITIAL CONDITION EVALUATION STEP
BREAK
HALTS EXECUTION OF LOOPS UTILIZING THE FOR, FOREACH, WHILE,
DO-WHILE, SWITCH CONTROL STRUCTURES
14
OUTPUT CONSTRUCTS
echo()
USED TO OUTPUT A RESULT (TEXT, STRINGS, VARIABLES)
IF USING STRINGS CONTAINING QUOTATIONS, MAKE SURE YOU HANDLE
THEM CORRECTLY (USE APOSTROPHE OR ESCAPE WITH \)
return()
USED TO HALT EXECUTION OF A FUNCTION (CALLED WITHIN FUNCTION)
OR OF A SCRIPT (CALLED WITHIN GLOBAL SCOPE)
print()
USED TO OUTPUT A STRING (IS AN OPERATOR)
EVALUATION CONSTRUCTS
empty()
USED TO ASSESS WHETHER A VARIABLE (ONLY) IS EMPTY (EMPTY
STRING, EMPTY ARRAY, 0, 0.0, 0, NULL, FALSE, A VARIABLE WITHOUT
AN ASSIGNED VALUE)
eval()
USED TO EVALUATE THE CONTENTS OF A STRING AS PHP CODE
include_once()
AND
include()
include()
GENERATES A WARNING
15
LANGUAGE CONSTRUCTS
LANGUAGE
CONSTRUCTS
OTHER
CONSTRUCTS
isset() AND unset()
isset():
unset(): USE
list()
USE TO ASSIGN A GROUP OF VARIABLES IN ONE STEP
16
CONSTANTS
NAMING:
ACCESS:
17
DEFINITION:
NAMESPACES
USE:
DECLARING NAMESPACES
<?PHP)
ONCE CODE ELEMENTS WITHIN A SINGLE NAMESPACE ARE DEFINED, THEY CAN
BE USED IN OTHER PHP FILES
18
DEFINITION:
NAMESPACES
IMPORTING
/
ALIASING
NAMESPACES
EX:
IF COMPLETE NAMESPACE NAME IS PATH1/PATH2/PATH3, SET =E THEN,
WHEN NEED TO CALL, CAN REFERENCE ALIAS AS E/PATH4
NOTE:
19
ADDED TO THE
NEED TO CONFIGURE
CONFIGURATION FILE
NOT ALL EXTENSIONS CAN BE DISCUSSED WITHIN THIS GUIDE... PLEASE REVIEW
THE COMPLETE LISTING AVAILABLE IN THE PHP MANUAL (REFERENCE CITED
BELOW)
CORE EXTENSIONS
USERLAND RULES
USERLAND REFERS TO THOSE APPLICATIONS THAT RUN IN THE USER SPACE (NOT
THE KERNEL)
20
EXTENSIONS
EXTENSIONS
FUNCTIONS
CLASSES
INTERFACES
INTERNAL NAMING:
camelCase RULE
21
CONFIGURATION
PHP.INI:
SEARCH ORDER:
sapi MODULE > phprc VARIABLE > Registry KEYS >
HKEY_LOCAL_MACHINE\software\php > Working DIRECTORY (NOT CLI) >
Directory (SERVER OR PHP) > WIN DIRECTORY
USER.INI:
CONTROLLED BY DIRECTIVES
user_ini.filename, user.cache_ttl
FILE NAMED BY
user.cache_ttl
SETTINGS
GENERALLY, USE ini_set() WITHIN THE PHP SCRIPT; SOME SETTINGS REQUIRE
php.ini OR httpd.conf
22
DEFINITION:
PERFORMANCE
RUN-TIME DELAYS
GARBAGE COLLECTION
OPCODE CACHE
23
A:
4
B:
3
C:
5
D:
0
E:
1
A: $_SERVER
B: $_ENV
C: $GLOBALS
D: $_POST
E: $_ARGV
24
A: 1,2,3,4,5,6,7,8,9
B: 1,2,3,4,5,6,7,8,9,10,
C: 1,2,3,5,8,13,21,34,55,89,
D: 1,1,1,1,1,1,1,1,1,1,
Which PHP functions may be used to find out which PHP extensions are
available in the system? (Choose 2)
A: extension_loaded()
B: get_extension_funcs()
C: get_loaded_extensions()
D: phpinfo()
What is the name of the error level constant that is used to designate
PHP code that will not work in future versions?
????
25
Users complain that the script takes a long time to run. Which of the
following measures usually leads to the best results? (Choose 2)
A: One
B: Two
C: Syntax Error
26
A: 4
A: $_SERVER
C: use myapp\utils\hello
D: 1,1,1,1,1,1,1,1,1,1,
C: get_loaded_extensions()
D: phpinfo()
E_DEPRECATED
C: Syntax Error
27
XML
Basics
XML
Extension
XML
Extension
SimpleXML
SimpleXML
Web
Services
Basics
DOM
SOAP
SOAP
REST
JSON
&
AJAX
REST
Date
&
Time
JSON & AJAX
DOM
Date & Time
28
XML
BASICS
DEFINITION
o
XML EXTENSION
xml_parser_create()
...
xml_parser_create_ns()
AND
...
SUPPORT
xml_set_element_handler()
PHP
MANUAL
29
CHARACTER
ENCODINGS
SOURCE ENCODING :
TYPES:
UTF-8 (PHP USES THIS TYPE FOR INTERNAL
DOCUMENT REPRESENTATION; BYTES UP TO 21)
US-ASCII (SINGLE BYTE)
ISO-8859-1 (SINGLE BYTE; DEFAULT)
TARGET ENCODING :
(TO "?")
PARTIAL LIST
XML_ERROR_**
_SYNTAX
_INVALID TOKEN
_UNKNOWN_ENCODING
XML_OPTION_**
_OPTION_CASE FOLDIN
_SKIP_WHITE
30
SIMPLEXML
DEFINITION
o
FUNCTIONS:
$xml = simplexml_load_string('<?xml...');
$xml = simplexml_load_file('file.xml');
$xml = new SimpleXMLElement('<?xml...');
CLASS: (EXAMPLES)
CREATES A SIMPLEXMLELEMENT OBJECT
SimpleXMLElement::construct()
IDENTIFIES AN ELEMENT'S ATTRIBUTES
SimpleXMLElement::attributes()
RETRIEVES AN ELEMENT'S NAME
SimpleXMLElement::getName()
FINDS CHILDREN OF GIVEN NODE
SimpleXMLElement::children()
COUNTS THE NUMBER OF CHILDREN OF AN ELEMENT
SimpleXMLElement::count()
RETURNS A WELL-FORMED XML STRING BASED ON A SIMPLEXML ELEMENT
SimpleXMLElement::asXML()
RUNS AN XPATH QUERY ON THE CURRENT NODE
SimpleXMLElement::xpath()
31
DOM
DEFINITION
o
ENCODING:
o
simplexml_import_dom()
SIMPLEXML OBJECT
dom_import_simplexml()
XML_ELEMENT_NODE
XML_TEXT_NODE
32
DEFINITION
o
RUNTIME CONFIGURATION
o
php.ini SETTINGS
(soap.wsdl_cache_*)
SOAP_1_1
SOAP_1_2
SOAP_ENCODED
SOAP_LITERAL
SOAP_AUTHENTICATION_
SOAP_ENC_*
SOAP_CACHE_*
SOAP_PERSISTENCE_*
SOAP_RPC
1
2
1
2
0/1
300/301
0/1/2/3
1/2
1
SOAP FUNCTIONS
is_soap_fault
use_soap_error_handler
33
SOAP
REST
DEFINITION
o
!
!
!
!
o
ASCII STRINGS
INTEGERS
BOOLEANS
GET
GET
POST
CREATE
PUT
DELETE
34
REST
(CONTINUED)
REST AND REQUEST HEADERS
o
TWO CONCEPTS:
STATUS CODES:
201
400
401
204
500
o
=
=
=
=
=
CREATED
BAD REQUEST / FAILED VALIDATION
UNAUTHORIZED
NO CONTENT (USEFUL WITH DELETE)
APPLICATION ERROR
CONTEXT SWITCHING
o
XMLHttpRequest
!
35
DEFINITION
o
DATA-INTERCHANGE FORMAT
JSON_ERROR_NONE
JSON_ERROR_SYNTAX
JSON_ERROR_UTF8
JSON_FORCE_OBJECT
FUNCTIONS
o
json_last_error
where
$assoc:
$value:
$options:
$depth
36
DEFINITION
o
FUNCTIONS THAT RETRIEVE THE DATE AND TIME FROM THE PHP SERVER
FLEXIBLE DATE AND TIME FORMATTING DUE TO FACT THEY ARE STORED AS A
64-BIT NUMBER
RUNTIME CONFIGURATION
o
date.default_latitude; date.timezone
DATETIME CLASS
o
public
construct([[string $time = "now"
[, DateTimeZone $timezone = NULL ]])
public DateTime add(DateInterval $interval)
public DateTime setDate(int $year, int $month, int
$day)
37
$timezone:
WHEN SET TO
$format:
$modify:
DATE
38
Which of the following is a feature that does NOT exist in the DateTime
extension?
39
A: <?xml version="1.0"?>
<root/>
B: <?xml version="1.0"?>
<root/>
<test>some value</test>
C: <?xml version="1.0"?>
<root><test>some value</test>
</root>
D: <?xml version="1.0"?>
<root test="some value"/>
40
41
A: SOAP
B: REST
C: XML-RPC
D: Corba
42
What is JSON?
43
D: Nothing
A: <?xml version="1.0"?>
<root/> **
D: xpath
A: SOAP and
C: XML-RPC
44
45
Matching
HEREDOC & NOWDOC
Extracting
Matching
Searching
Extracting
Replacing
Searching
Formatting
Replacing
PCRE
Formatting
HEREDOC
&
NOWDOC
PCRE
Encodings
Encoding
46
HEREDOC SYNTAX
NOWDOC SYNTAX
SAME <<< IDENTIFIER, BUT THE IDENTIFIER MUST BE ENCLOSED IN SINGLE QUOTES
SUBSTRINGS
substr(string,
start, length)
USE THE
FUNCTION
LOCATING STRINGS:
USE THE
SEARCHES THE STRING, STARTING AT THE BEGINNING (OR THE POSITION INDICATED),
AND RETURNS THE POSITION OF FIRST OCCURRENCE, OR RETURNS FALSE IF NOT
47
COMPARING
STRINGS
==
===
strcasecmp()
CASE-INSENSITIVE COMPARISON
strcmp()
CASE-SENSITIVE COMPARISON
similar_text()
1>
COUNTING
STRINGS:
strlen(string) FUNCTION
NUMBER OF CHARACTERS
USE THE
NUMBER OF WORDS
str_word_count(string);
str_word_count(strings,true) YIELDS
USE
AN
PHONETIC
FUNCTIONS
soundex()
metaphone()
48
CONVERSION
STRING
FORMATTING
OUTPUT
printf()
sprintf()
vprintf()
AS AN ARRAY
vsprintf()
fprintf()
%f (FLOAT)
%o (OCTAL)
%e (SCIENTIFIC
NOTATION)
%s (STRING)
49
REGULAR EXPRESSIONS
DESCRIBE A PATTERN
TWO KINDS IN PHP: POSIX-RegEx (NOT COVERED BY EXAM) AND PCRE (PERL
COMPATIBLE REGULAR EXPRESSION)
DELIMITER
BOUNDARIES (EXAMPLES)
START OF A LINE
END OF A LINE
\A
START OF A STRING
\Z
END OF A STRING
\d
\D
DIGIT
NO DIGIT
"GREEDINESS"
o
50
0 OR 1
COMBINATION
OF
? WITH * OR + MAKES
NON-GREEDY
PATTERN MATCHING
preg_match(pattern,
string) FUNCTION
USE THE
REPLACING
51
mb_strlen()
MBSTRING MODULE:
o
DEFAULT EXTENSION)
o
52
ENCODINGS
53
?????
?????
54
5.5
55
56
C: Use single quotes unless you have a ' in your string or you are doing
variable interpolation because it declares whether you want
variables to be interpolated
A: Replace all of the 'a' characters with 'z' characters and put the
replacement count in $var
B :
, because
57
Enumerated
Arrays
Associative
AArrays
rrays
Enumerated
Multi-dimensional
Arrays
Associative Arrays
Array
Iteration
Multi-dimensional
Arrays
Array
Iteration
Functions
Array
SPL
/
Objects
as
Arrays
Array Functions
SPL / Objects as Arrays
58
CREATING ARRAYS
EX:
$x
EX: $x
EX: $x
EX: $x
=
=
=
=
array('a',
['a', 'b',
array(0 =>
[0 => 'a',
'b', 'c');
'c'];
'a', 1 => 'b', 2 => 'c');
1 => 'b', 2 => 'c'];
$x = array(
'XML' => 'eXtensible Markup Language'
);
$x = [
'XML' => 'eXtensible Markup Language'
];
FILLING ARRAYS
EX:
59
ARRAY DEFINITION
NEGATIVE LENGTH EXCLUDE ELEMENTS x POSITIONS FROM THE END OF THE ARRAY
o
Ex:
$x = array(1,2,3,4,5)
$y = array_slice($x, -4, -1); //== array(2,3,4);
ADDING ELEMENTS
EX:
ALTERNATIVE:
$x = array(1,2,3);
$n = array_push($x,4,5); // $n == 5
$n[] = 4;$n[] = 5;
EX:
$x = array(3,4,5);
$n = array_unshift($x,1,2); // $n == 5
60
SPLITTING ARRAYS
REMOVING
ELEMENTS
array_pop()REMOVES 1 ELEMENT AT THE END OF AN ARRAY
o
EX:
$x = array(1,2,3);
$n = array_pop($x); // $n == 3
Ex:
$x = array(1,2,3);
$n = array_shift($x); // $n == 1
LOOPING ARRAYS
for
EX:
Ex:
Ex:
61
array_key_exists($key, $array)
DETERMINES WHETHER THERE IS AN INDEX $key IN THE ARRAY $array
in_array($element, $array)
DETERMINES WHETHER THERE IS AN ELEMENT $element IN THE ARRAY
$array
o
array_keys()
array_values()
SORTING ARRAYS
SORT_LOCALE_STRING
SORT_NUMERIC
NUMERIC SORTING
SORT_REGULAR
SORT_STRING
SORTING AS STRINGS
LIKE
sort(),
asort()
arsort()
LIKE
ksort()
SORTS BY KEYS
krsort()
LIKE
usort()
USER-DEFINED SORT
BUT IN REVERSE
asort(),
BUT IN REVERSE
62
NATURAL
SORTING
natsort()
vs.
MERGING ARRAYS
array_merge($x, $y)
COMPARING ARRAYS
RELATED FUNCTIONS:
array_diff_assoc()
array_diff_key()
array_diff_uassoc()
LIKE
array_diff_ukey()
LIKE
63
ArrayObject::STD_PROP_LIST
var_dump, foreach)
ArrayObject::ARRAY_AS_PROPS
ArrayObject::append
APPENDS A VALUE
ArrayObject::asort
ArrayObject::natsort
natsort()ABOVE
64
????
????
????
65
A: $array[] = 1;
B: echo $array[5][2];
C: echo $array[5][2] = 2;
D: isset($array[7][3][1]);
Given the following PHP code, which of these answers creates a valid
associative array in PHP?
A: array_combine($one, two)
B: array_merge($one, two)
C: array_values($two)
D: array_flip($one)
66
B: echo $array[5][2];
B: Iterator
A: array_combine($one, two)
and
D: array_flip($one)
67
Files
Files
Filesystem
Functions
Filesystem Functions
Streams
Streams
Contexts
Contexts
Reading
Writing
Reading
Writing
68
f*()
EX:
file*()
fopen()
file_get_contents()
fopen()
READ WITH
fread()
EX:
4096));
OR
echo htmlspecialchars(
fread($fp, filesize('file.txt'));
69
WRITE TO RESOURCES
$fp =
fopen('file.txt',
fwrite($fp,
'w');
'data...');
fclose($fp);
OTHER FUNCTIONS
fputcsv()
fprintf()
OUTPUT FILES
fpassthru()
fread()PLUS
70
DIRECTORY
chdir()
chroot()
readdir()
rmdir()
DELETES A DIRECTORY
FILE INFORMATION
finfo_open()
finfo_file()
FILESYSTEM
basename()
chmod()
copy()
COPIES A FILE
fputcsv()
fputs()
rename()
MOVES/RENAMES A FILE
unlink()
DELETES A FILE
71
FILE WRAPPERS
o
file://
php://
http://
compress.zlib://
https://
compress.bzip2://
ftp://
ftps://
CUSTOM WRAPPERS
stream_wrapper_register(protocol, classname)
REGISTERS A PROTOCOL; IMPLEMENTATION IS PART OF THE CLASS
php_user_filter
72
STREAMS
PIPELINES / TRANSPORT
o
stream_get_meta_data()
STREAM CONTEXTS
o
stream_context_create()
stream_context_set_params()
stream_context_get_options
STREAM FILTERS
o
stream_filter_append($fp, 'filtername');
o
stream_filter_register(filtername, classname);
o
function filter($in,
$out, &$consumed,
$closing);
73
offset
context
fopen('file.txt',
fwrite($fp,
'w');
'data...');
fclose($fp);
WRITE TO STREAMS
fprintf()
printf
FOR RESOURCES
74
Which function can be used to read and parse data from a CSV
file?
????
$output = file("foo.txt");
A: A file handle that can be used in subsequent
calls such as fread
B: True if the file could successfully be read,
false if not
C: A string containing the contents of foo.txt
D: An array where every entry is a line from
the file foo.txt
E.
75
$dh = opendir(""."");
while ($file =
($dh)) {
echo $file;
}
????
php://stdin
B.
php://stdout
C.
php://stderr
D. php://input
E.
php://output
F.
php://error
A: fopen
B: fgets
C:
file_get_contents
D:
file
76
fgetcsv
B: False is returned
readdir
F: php://error
B: fgets
77
Syntax
Syntax
Arguments
Arguments
Variables
Variables
References
References
Returns
Variable
Scope
Returns
Anonymous
Functions
(Closures)
Variable Scope
Anonymous Functions
(Closures)
78
FUNCTION
DEFINITION
PACKAGES OF CODE THAT SERVE AS INSTRUCTIONS TO EXECUTE AN ACTION
o
DECLARING FUNCTIONS
EX:
//$x == "ABC"
//warning!
EX:
// do something
return $p;
}
$x = myFunction("DEF");
//$x == "DEF"
$x = myFunction();
//$x == "ABC"
79
func_num_args()
NUMBER OF PARAMETERS
func_get_arg(nr)
func_get_args()
BY VALUE (DEFAULT)
!
BY REFERENCE
!
RETURN VALUES
VARIABLE SCOPE
FUNCTION USING
80
FUNCTION ARGUMENTS
VARIABLE FUNCTIONS
NEW CLOSURE
Closure CLASS
TYPE HINT
81
A:
B:
C:
A parser error
D:
A warning
A:
B:
C:
D:
82
A: 123
B: 246
C: 226
D: 126
????
83
A: Syntax error
B: 3 will be printed
C: 2 will be printed
D: Nothing will be printed
A: Syntax error
B: 3|2|1
C: 1|2|3
84
A:
B:
Use is_callable($param)
C:
D:
Use is_executable($param)
method?
A:
85
A: 5 and D: a warning
C: 226
C: 2 will be printed
A: Syntax error
B: Use is_callable($param)
86
87
OBJECTS
COPYING OBJECTS
o
KEYWORD: clone
SERIALIZING OBJECTS
serialize()
FUNCTIONS:
MAGIC METHOD
__sleep()
unserialize()
IS EXECUTED WITH SERIALIZATION, IF
AVAILABLE
o
88
class
KEYWORD:
STRUCTURE:
KEYWORD > CLASS NAME > { CONSTANTS, PROPERTIES & METHODS }
WHERE
PROPERTIES = CLASS VARIABLES AND METHODS = CLASS FUNCTIONS
EX:
class myClass {
// ...
)
$c = new myClass();
89
FOR EXAMPLE, IF
CALLED
ABSTRACT
CLASSES
abstract
KEYWORD:
90
INHERITANCE: CLASS
INTERFACES
KEYWORDS:
extends
KEYWORD
ALL METHODS ARE ASSUMED TO BE PUBLIC IN THE INTERFACE DEFINITION CAN BE DEFINED EXPLICITLY AS PUBLIC, OR IMPLICITLY
EXCEPTIONS
throw ... TO LAUNCH AN EXCEPTION
KEYWORD:
TRY/CATCH/FINALLY STRUCTURE:
try{...} catch(...){...}
finally {...}
catch BLOCK MAY USE TYPE-HINTING TO EXPECT SPECIFIC EXCEPTIONS
Exception CLASS
91
interface, implements
function __construct
o
92
CONSTRUCTORS / DESTRUCTORS
PROPERTIES (VARIABLES)
EX:
class myClass {
public $member = "ABC";
// ...
}
$c = new myClass();
echo $c->member;
METHODS
(FUNCTIONS)
EX:
class myClass {
public $member = "ABC";
function showMember() {
echo $this->member;
}
}
$c = new myClass();
$c->showMember();
93
(::)
NO OBJECT INSTANCES
YOU CAN ACCESS A STATIC CLASS METHOD USING A VARIABLE REFERENCE (EX:
ClassName::$varMethod)
94
static
AUTOLOAD
EXCEPTIONS THROWN IN
__autoload()
IMPLEMENTATION
REFLECTION
OBJECTS
CLASSES
METHODS
PROPERTIES
FUNCTIONS
PARAMETERS
EXCEPTIONS
EXTENSIONS
ReflectionXXX
...)
95
TYPE HINTING
CLASSES
ARRAYS
INTERFACES
CLASS CONSTANTS
define()
<classname>::CONSTANT
96
RUN TIME
o
FUNCTION BELONGS
MAGIC
METHODS
EX:
__get()
READS A PROPERTY
__set()
WRITES A PROPERTY
__isset()
__unset()
97
EXAMPLES:
SPL
ArrayIterator
!
ALLOWS
foreach
ACCESS
ArrayObject
!
GENERATORS
EX:
function myGenerator() {
for ($i = 1; $i <= 10; i++) {
yield $i;
}
}
98
TRAITS
CLASS
99
A:
A:
B: Parser error
B: Parser error
C: Fatal error
C: Fatal error
D: None of the above
D: None of the above
Copyright 2006 2014, Zend Technologies, Inc.
100
<?php
abstract class myBaseClass {
abstract protected function doSomething();
function threeDots() {
return '';
}
}
class myBaseA extends myBaseClass {
protected function doSomething(); {
echo $this->threeDots();
}
}
$a = new myClassA();
$a->doSomething();
?>
A:
B: Parser error
C: Fatal error
D: None of the above
111
101
112
102
113
103
114
104
C: Fatal Error
C: Fatal Error
D: Interface
115
105
C: const NAME="value";
B: b, c, A, B, C, c: CC, b, c, A, B, C
106
SQzi
ng
SQL
Quer
ies
JOINS
Prepared
Statements
ANALYZING QUERIES
Transactions
PREPARED STATEMENTS
PDO
TRANSACTIONS
PDO
107
DEFINITION
WAY OF STORING AND RETRIEVING DATA EFFICIENTLY
KEYS
SQL
CREATE A TABLE:
NOTE:
READ DATA:
INSERT DATA:
108
SQL (CONTINUED)
UPDATE DATA:
UPDATE tbl
SET field1 = 'value1', field2 = 'value2'
WHERE field3 = 'value3'
DELETE DATA:
AGGREGATION
AVG()
AVERAGE VALUE
COUNT()
NUMBER OF ELEMENTS
DISTINCT COUNT()
MIN()
MINIMAL VALUE
MAX()
MAXIMUM VALUE
SUM()
SUM OF VALUES
109
JOINS
INNER JOIN
EX: RETURNS ALL ENTRIES IN TAB1 AND TAB2 LINKED USING THE
PRIMARY/FOREIGN KEY, AND THAT FULFILL THE WHERE CLAUSE IN TAB1
LEFT JOIN
EX: ALL DATA FROM THE "LEFT" TABLE IS USED, EVEN IF THERE IS NO MATCH
IN THE "RIGHT" TABLE
RIGHT JOIN
EX: ALL DATA FROM THE "RIGHT" TABLE IS USED, EVEN IF THERE IS NO
MATCH IN THE "LEFT" TABLE
110
PREPARED STATEMENTS
ADVANTAGES:
(PERFORMANCE
CONSIDERATION)
ONLY FEATURE PDO WILL EMULATE FOR ADAPTERS THAT DO NOT SUPPORT
PREPARED STATEMENTS
TRANSACTIONS
111
DATABASE ADAPTERS IMPLEMENTING PDO INTERFACES EXPOSE DATABASESPECIFIC FEATURES AS REGULAR EXTENSION FUNCTIONS
pdo.dsn.*
PDO::setAttribute()
IN
php.ini
CONNECTIONS
o
PDOStatement OR PDOException
<?php
$dbh = new
PDO('mysql:host=localhost;
dbname=test', $user, $pass);
?>
112
PDO::query()
EXECUTES A SQL STATEMENT, IN A SINGLE FUNCTION CALL, AND
RETURNS THE RESULTING VALUES AS A
PDOStatement OBJECT
NEED TO RETRIEVE ALL DATA IN THE RESULT SET BEFORE CALLING QUERY
FUNCTION AGAIN
FETCH
PDOStatement->setFetchMode
SETS THE DEFAULT FETCH MODE
(EX: FETCH_COLUMN)
TRANSACTIONS
PDO::beginTransaction()
TURNS OFF AUTOCOMMIT MODE FOR CHANGES MADE TO THE DATABASE
PDO::commit()
CALL TO END TRANSACTION AND COMMIT CHANGES
PDO::rollBack()
CALL TO REVERSE ALL CHANGES MADE TO THE DATABASE AND
REACTIVATE AUTOCOMMIT MODE
113
QUERIES
PDOSTATEMENT
ONLY VALUES CAN BE BOUND
(*NOT* ENTITIES,
WHILE
PDOStatement::execute() IS USED
PDOStatement::bindParam()
BINDS THE VARIABLE AS A REFERENCE TO THE CORRESPONDING
PARAMETER PLACEHOLDER IN THE SQL STATEMENT; EVALUATED
ONLY WHEN PDOStatement::execute() IS CALLED
PDOStatement::bindValue()
BINDS A LITERAL VALUE, OR THE CURRENT VALUE OF A VARIABLE,
TO THE CORRESPONDING PARAMETER PLACEHOLDER IN THE SQL
STATEMENT
PDOStatement::closeCursor()
FREES ANY RESOURCES TIED TO THE
PDOStatement
OBJECT
PDO::exec()
EXECUTES A SQL STATEMENT IN A SINGLE FUNCTION CALL, AND
RETURNS THE NUMBER OF ROWS (NOT THE DATA) AFFECTED BY THE
STATEMENT
APPROPRIATE FOR MULTIPLE CALLS TO A SELECT STATEMENT
114
|
|
|
|
|
|
|
|
name
------anna
betty
clara
demi
emma
gabi
|
|
|
|
|
|
|
|
email
------------------anna@example.com
betty@example.com
clara@example.com
demi@example.com
emma@example.com
gabi@example.com
... how many rows will be returned from the following query?
SELECT * FROM names WHERE pos < 10
|
|
|
|
|
|
|
name
------anna
betty
clara
demi
emma
A: 3
B: 5
C: 9
D: 10
|
|
|
|
|
|
|
email
-----------------anna@example.com
clara@example.com
emma@example.com
gabi@example.com
julia@example.com
... how many rows will be returned from the following query?
SELECT names.name, emails.email
FROM names
JOIN emails ON emails.id = names.id
115
name
------anna
betty
clara
anna
betty
clara
|
|
|
|
|
|
|
|
email
------------------anna@example.com
betty@example.com
clara@example.com
anna@example.com
betty@example.com
clara@example.com
B: 4
id
--1
2
3
4
5
6
C: 6
D: None the
prepared
statement is
invalid
.
.. what will the COUNT() value be when the following PHP code runs?
(Assume PDO connection is valid)
$pdo = new PDO(...);
$sql = "SELECT :cols FROM names WHERE name = :name";
$stmt = $pdo->prepare($sql);
$stmt->bindValue(':cols', 'COUNT(id)');
$stmt->bindValue(':name', 'anna');
$stmt->execute();
name
------anna
betty
clara
|
|
|
|
|
email
------------------anna@example.com
betty@example.com
clara@example.com
A: 2
B: 3
C: 4
D: Invalid the
transaction has
been rolled back
... and the following PDO code (assume PDO connection is valid)...
$pdo = new PDO(...);
$pdo->begin();
$pdo->query("INSERT INTO NAMES (name, email) VALUES
('demi', 'demi@example.com')");
$stmt = $pdo->query('SELECT COUNT(*) FROM names');
$count1 = $stmt->fetchColumn();
$pdo->rollBack();
$stmt = $pdo->query('SELECT COUNT(*) FROM names');
$count2 = $stmt->fetchColumn();
... what is the value of $count2 ?
116
|
|
|
|
|
email
------------------anna@example.com
betty@example.com
clara@example.com
B: betty
id |
-- |
1 |
2 |
3 |
C: clara
D: NULL
... what is the value of $name at the end of the following PHP code?
(Assume PDO connection is valid)
$pdo = new PDO(...);
$name = null;
$stmt = $pdo->prepare('SELECT * FROM names WHERE name =
:name');
$stmt->bindValue(':name', 'anna');
$stmt->execute();
while ($row = $stmt->fetch()) {
var_dump($name);
}
117
is invalid
NULL
118
Configuration
Configuration
Session
ecurity
Session
SSecurity
Cross-Site Scripting
Cross-Site
Scripting
Cross-Site Request Forgeries
SQL Injection
Remote Code Injection
Remote
Code
Injection
Email
Injection
Input
Filtering
Email
Injection
Escape Output
Password Hashing API
File Uploads
Data Storage
SSL
119
cgi.force_redirect, doc_root,
PARSER: (OPTIONAL) PLACE PHP PARSER BINARY OUTSIDE OF THE WEB TREE
Copyright 2006 2014, Zend Technologies, Inc.
120
CONFIGURATION
DO NOT GRANT THE WEB SERVER USER ROOT PERMISSION (PERMIT SUDO'ING,
CHROOT'ING); INSTEAD, USE open_basedir TO CONTROL DIRECTORY USE
FILESYSTEM SECURITY
ERROR HANDLING
display_errors = off
and
log_errors = on
error_reporting = E_ALL
121
OCCURS WHEN USER GETS A "FIXED" SESSION ID (USUALLY VIA A SPECIALLYCRAFTED URL)
COUNTER-MEASURES
o
USE SSL ENCRYPTION FOR THE LOGIN, OR ASSIGN A HIDDEN KEY (NOT AS
GOOD)
CHECK THAT THE IP ADDRESS REMAINS THE SAME (ALTHOUGH NOT ALWAYS
RELIABLE)
session_regenerate_id()
o
session_regenerate_id(true)
o
session.use_only_cookies = 1
122
SESSION
SECURITY
CROSS-SITE SCRIPTING
DESCRIPTION
o
COUNTER-MEASURES
o
htmlspecialchars()
htmlentities()
strip_tags()
123
DESCRIPTION
o
SUCH AS:
<form name="myForm">
<input type="hidden" name="item_id" value="123" />
<input type="hidden" name="quantity" value="1" />
</form>
<script>document.forms['myForm'].submit();</script>
COUNTER-MEASURES
o
124
SQL INJECTION
DESCRIPTION
o
EXAMPLE SQL STATEMENT WILL RETURN ALL THE DATA FROM THE 'USERS'
TABLE:
COUNTER-MEASURES
o
mysqli_real_escape_string()
125
THE
eval(), exec(),
AND
COUNTER-MEASURES
o
SET
!
basename()
COUNTER-MEASURES
o
TICK()
o
126
EMAIL INJECTION
EMAIL / SMTP
o
127
INPUT FILTERING
CHARACTER SET
o
Risk:
!
Counter:
!
USE THE SAME CHAR SET FOR FILTERING AS THE TARGET PROCEDURE
128
ESCAPE OUTPUT
ONE OF TWO FUNDAMENTAL SECURITY RULES: (1) FILTER AND VALIDATE ALL
INPUT; (2) ESCAPE OUTPUT
htmlspecialchars()
htmlentities()
strip_tags()
129
PASSWORD SECURITY
o
md5()
32 CHARACTERS, HEXADECIMAL
sha1()
40 CHARACTERS, HEXADECIMAL
USE
password_get_info($hash)
RETRIEVES INFORMATION ABOUT A HASH (ALGORITHM, OPTIONS USED)
password_verify($password, $hash)
VERIFIES WHETHER A HASH MATCHES A PASSWORD
salt
SALT TO USE WHEN HASHING THE PASSWORD; BETTER TO LET THE API
AUTOMATICALLY CALCULATE A SALT
cost
ALGORITHMIC COST OF THE HASHING; DEFAULTS TO 10; LIMIT THIS VALUE
AS IT CAN BE CPU INTENSIVE
130
$_FILES
COUNTER: IGNORE
COUNTER: USE
basename()
131
FILE UPLOADS
DATA STORAGE
DATABASE CONNECTIONS
o
DATABASE DESIGN
o
132
SSL
MCRYPT
AND
MHASH FUNCTIONS
133
How can you make it harder for JavaScript code to read out session
IDs? (Choose 2)
134
following code?
135
using PHP's mail() function. How can an attacker inject a custom BCC
header to that email?
A: Adding "\rBcc: email@example.com" to the
subject
B: Adding "\nBcc: email@example.com" to the mail
body
C: Adding "\r\nBcc: email@example.com" to the
sender's address
D: None of the above
Which of the following data may be altered by the user and should be
filtered
???
136
Your PHP application sends an email with data provided by the user,
vulnerabilities? (Choose 2)
A: Clickjacking
B: Cross-Site Scripting
C: Cross-Ste Request Forgery
D: SQL Injection
137
to the server?
A: Use JavaScript to hash the value, then send it to
the server
B: Use JavaScript to encrypt the value, then send
it to the server
C: Use an HTTPS connection to the server
D: Use HTTP-only cookies
138
D: ext/sqlite
D: strip_tags()
139
20
140
Sessions
Sessions
Forms
Forms
GET
and
POST
Data
Cookies
GET and
POST Data
HTTP
FILE
Headers
and
Codes
Uploads
uthentication
HTTP
ACookies
141
SESSIONS
DEFINITION
o
SESSION ID
o
session.auto_start = 1
AUTOMATICALLY ... IF
session_start()
VARIABLES:
o
SECURITY MEASURES
o
ENABLE
session_destroy()
session_id()
session_start()
142
DEFINITION
o
FORM ELEMENTS
o
$_GET["foo_x"]
OR
$_POST["foo_x"]
FORM DATA CAN BE MADE INTO AN ARRAY USING THE FOLLOWING SYNTAX
SUPERGLOBAL ARRAYS
o
143
HTML INTERPRETATION:
FILE
UPLOADS
!
POST METHOD ALLOWS FOR BOTH TEXT AND BINARY FILE UPLOAD
o
enctype='multipart/form-data FOR
UPLOADS TO WORK
!
GLOBAL
$_FILES ['filename'][.......]
WHERE
['name']
['type']
MIME TYPE
['size']
FILE SIZE
['error']
['tmp_name']
144
ENCODING
/
DECODING
COOKIES
DEFINITION
o
!
USING COOKIES
o
setcookie() OR setrawcookie()
FUNCTION
STRING
$value=VALUE
STRING
$expire=DATE
$path=PATH
$domain=DOMAIN_NAME
$secure
$httponly
ACCESS WITH
serialize() OR
145
header()
header('Location
http://www.zend.com/',false, 200);
headers_list()
headers_sent()
header_remove()
isErrorBOOLEAN;
isSuccessfulBOOLEAN;
setHeaderBOOLEAN;
INFORMATIONAL
3XX
REDIRECTION
146
CAN USE
ARRAY
PHP_AUTH_USER
PHP_AUTH_PW
AUTH_TYPE
!
$_SERVER
USER
PASSWORD
AUTHENTICATION TYPE
PRESCRIPTS:
USERNAME APPENDED WITH COLON
" :"
BEFORE TRANSMISSION
147
HTTP AUTHENTICATION
A: /
B: the current URI
C: index.php
D: the default page of the current directory
A: CONNECT
B: GET
C: OPTIONS
D: POST
148
A: 0
B: 1
C: 2
D: Impossible to achieve without JavaScript
A: 1XX
B: 3XX
C: 5XX
A: None
B: Hashing
C: Asymmetric-key encryption
D: Symmetric-key encryption
149
D: POST
C: 2
C: 5XX
A: None
150
NEXT
STEPS:
1) READY
TO
BECOME
CERTIFIED?
PURCHASE YOUR EXAM VOUCHER
http://www.zend.com/storeapi/index/redirect/?uri=zend-phpcertification-guide-pdf.html
itraining@zend.com
151
152