PHP

The PHP header() function supplies raw HTTP headers to the browser and can be used to redirect it to another location. The redirection script should be at the very top of the page to prevent any other part of the page from loading. The target is specified by the Location: header as the argument to the header() function. After calling this function the exit() function can be used to halt parsing of rest of the code.

How will you redirect a page using PHP?

Answer2

Question2

session_start(). It either creates or resumes a session based on an identifier that is sent to the server via a GET or POST request or a cookie. The most common use case scenario on the web is when a website won't let you comment or post without first prompting a login. How does it know whether you're logged in? One way would be to place a cookie in the user's browser; on every request the cookie is sent server-side, where PHP can be used to determine which information is sent back and displayed to the client. While session_start() saves session data in files by default, it is also possible to store sessions directly in the database.

What are PHP sessions and how do they work?

Cross site scripting. Using non sanitized input to send javascript into server so that a another user who visits the site has cookie stolen by javascript. Solution is to sanitize

What is XSS and how to implement it

$stmt = $conn->prepare("INSERT INTO MyGuests (firstname, lastname, email) VALUES (?, ?, ?)");

What is a prepared statement

Singly quoted strings are treated almost literally, whereas doubly quoted strings replace variables with their values as well as specially interpreting certain character sequences. <?php $variable = "name"; $literally = 'My $variable will not print!\\n'; print($literally); print "<br />"; $literally = "My $variable will print!\\n"; print($literally); ?> This will produce following result − My $variable will not print!\n My name will print

What is the difference between single quoted string and double quoted string?

_COOKIE − An associative array of variables passed to the current script via HTTP cookies.

What is the purpose of $_COOKIE variable in PHP?

_SERVER − This is an array containing information such as headers, paths, and script locations. The entries in this array are created by the web server. There is no guarantee that every web server will provide any of these. See next section for a complete list of all the SERVER variables.

What is the purpose of $_SERVER variable in PHP?

$_SESSION − An associative array containing session variables available to the current script.

What is the purpose of $_SESSION variable in PHP?

The PHP configuration file, php.ini, is the final and most immediate way to affect PHP's functionality. The php.ini file is read each time PHP is initialized.in other words, whenever httpd is restarted for the module version or with each script execution for the CGI version. If your change isn.t showing up, remember to stop and restart httpd. If it still isn.t showing up, use phpinfo() to check the path to php.ini.

What is the purpose of php.ini file?

The PHP $_REQUEST variable contains the contents of both $_GET, $_POST, and $_COOKIE. We will discuss $_COOKIE variable when we will explain about cookies. The PHP $_REQUEST variable can be used to get the result from form data sent with both the GET and POST methods.

What is the purpse $_REQUEST variable?

The PHP $_REQUEST variable contains the contents of both $_GET, $_POST, and $_COOKIE. We will discuss $_COOKIE variable when we will explain about cookies. The PHP $_REQUEST variable can be used to get the result from form data sent with both the GET and POST methods.

What is the use of $_REQUEST variable?

PHP 5 introduces the final keyword, which prevents child classes from overriding a method by prefixing the definition with final. If the class itself is being defined final then it cannot be extended.

What is the use of final keyword?

Static methods don't have access to $this, because static methods can be executed without instantiating a class.

What is wrong with this code: class SomeClass { protected $_someMember; public function __construct() { $this->_someMember = 1; } public static function getSomethingStatic() { return $this->_someMember * 5; // here's the catch } }

strpos returns the index position of where it first found the $needle, which could be 0. Since 0 also resolves to false the solution is to use strict comparison: if( false !== strpos( $haystack, $needle )

What is wrong with this if statement: if( !strpos( $haystack, $needle )

It is vulnarable to SQL injection. Never use user input directly in queries. Sanitize it first. Preferebly use prepared statements (PDO)

What is wrong with this query: "SELECT * FROM table WHERE id = $_POST[ 'id' ]"?

https://stackoverflow.com/questions/2118755/questions-every-good-php-developer-should-be-able-to-answer

Where do I find common questions about PHP?

The first one transforms the entry in something less hostile. The second one check if the entry is correct and, if not refuse it.

about filtering user data: what is the difference between sanitizing and check-and-refuse ?

$a is 4 and $b is 3. The former because $arg is passed by reference, the latter because the return value of the function is a copy of (not a reference to) the initial value of the argument.

function doSomething( &$arg ) { $return = $arg; $arg += 1; return $return; } $a = 3; $b = doSomething( $a );

htmlentities()

how to deal XSS (Cross-Site Scripting) reflected and stored ?

Add a token on every important request to secure important operations (user must have seen the form before sending the crucial request).?

how to deal with CSRF (Cross-Site Request Forgery) ?

mysql_real_escape_string()

how to deal with SQL injection ?

Using $_FILES['file']['type'] − it provides the MIME type of the uploaded file.

How will you access the content type of the uploaded file in PHP?

Using $_FILES['file']['error'] − it provides the error code associated with this file upload.

How will you access the error code associated with file upload in PHP?

To concatenate two string variables together, use the dot (.) operator.

How will you concatenate two strings?

PHP provides a function getenv() to access the value of all the environment variables.

How will you get environment variables in PHP?

The PHP provides $_GET associative array to access all the sent information using GET method.

How will you get information sent via get method in PHP?

The PHP provides $_POST associative array to access all the sent information using POST method.

How will you get information sent via post method in PHP?

One of the environemnt variables set by PHP is HTTP_USER_AGENT which identifies the user's browser and operating system.

How will you get the browser's details using PHP?