ZEND PHP 5 Certification STUDY GUIDE

Recommendations

Info

Web Programming ” 103 in the example above). It is up to the script to move the file to a safe location if it so chooses—the temporary copy is automatically destroyed when the script ends. Inside your script, uploaded files will appear in the $_FILES superglobal array. Each element of this array will have a key corresponding to the name of the HTML element that uploaded a file (filedata in our case). The element will, itself, be an array with the following elements: name type size tmp_name error The original name of the file The MIME type of the file provided by the browser The size (in bytes) of the file The name of the file’s temporary location The error code associated with this file. A value of UPLOAD_ERR_OK indicates a successful transfer, while any other error indicates that something went wrong (for example, the file was bigger than the maximum allowed size). The real problem with file uploads is that most—but not all—of the information that ends up in $_FILES can be spoofed by submitting malicious information as part of the HTTP transaction. PHP provides some facilities that allow you to determine whether a file upload is legit. One of them is checking that the error element of your file upload information array is set to UPLOAD_ERR_OK. You should also check that size is not zero and that tmp_name is not set to none. Finally, you can use is_uploaded_file() to determine that a would-be hacker hasn’t somehow managed to trick PHP into building a temporary file name that, in reality, points to a different location, and move_uploaded_file() to move an uploaded file to a different location (a call to the latter function also checks whether the source file is a valid upload file, so there is no need to call is_uploaded_file() first): One of the most common mistakes that developers make when dealing with uploaded files is using the name element of the file data array as the destination when moving it from its temporary location. Because this piece of information is passed by the client, doing so opens up a potentially catastrophic security problem in your code. You should, instead, either generate your own file names, or make sure that you filter the input data properly before using it (this is discussed in greater detail in the Security chapter). Licensed to 482634 - Amber Barrow (itsadmin@deakin.edu.au)
104 ” Web Programming GET or POST? PHP makes it very easy to handle data sent using either POST or GET. However, this doesn’t mean that you should choose one or the other at random. From a design perspective, a POST transaction indicates that you intend to modify data (i.e.: you are sending information over to the server). A GET transaction, on the other hand, indicates that you intend to retrieve data instead. These guidelines are routinely ignored by most Web developers—much to the detriment of proper programming techniques. Even from a practical perspective, however, you will have to use POST in some circumstances; for example: • You need your data to be transparently encoded using an arbitrary character set • You need to send a multi-part form—for example, one that contains a file • You are sending large amounts of data HTTP Headers As we mentioned at the beginning of the chapter, the server responds to an HTTP request by first sending a set of response headers that contain various tidbits of information about the data that is to follow, as well as other details of the transaction. These are simple strings in the form key: value, terminated by a newline character. The headers are separated by the content by an extra newline. Although PHP and your web server will automatically take care of sending out a perfectly valid set of response headers, there are times when you will want to either overwrite the standard headers or provide new ones of your own. This is an extremely easy process—all you need to do is call the header() function and provide it with a properly-formed header. The only real catch (besides the fact that you should only output valid headers) is in the fact that header() must be called before any other output, including any whitespace characters outside of PHP tags, as well as all HTML data and PHP output. If you fail to abide by this rule, two things will happen: your header will have no effect, and PHP may output an error. Licensed to 482634 - Amber Barrow (itsadmin@deakin.edu.au)
Page 1 and 2:
php|architect’s ZEND PHP 5 Certif
Page 3 and 4:
php|architect’s Zend PHP 5 Certif
Page 5 and 6:
Licensed to 482634 - Amber Barrow (
Page 7 and 8:
vi ” CONTENTS Operators . . . . .
Page 9 and 10:
viii ” CONTENTS Delimiters . . .
Page 11 and 12:
x ” CONTENTS The Factory Pattern
Page 13 and 14:
xii ” CONTENTS Appendix A — Dif
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
xviii ” CONTENTS study process mu
Page 21 and 22:
Page 23 and 24:
4 ” PHP Basics Standard Tags Shor
Page 25 and 26:
6 ” PHP Basics Comments Another c
Page 27 and 28:
8 ” PHP Basics Another very impor
Page 29 and 30:
10 ” PHP Basics You would expect
Page 31 and 32:
12 ” PHP Basics ply the names of
Page 33 and 34:
14 ” PHP Basics } echo ’myFunc!
Page 35 and 36:
16 ” PHP Basics Arithmetic Operat
Page 37 and 38:
18 ” PHP Basics $string2 = "baz";
Page 39 and 40:
20 ” PHP Basics 4,294,967,296—w
Page 41 and 42:
22 ” PHP Basics == Equivalence. E
Page 43 and 44:
24 ” PHP Basics echo !$a; // outp
Page 45 and 46:
26 ” PHP Basics Associativity Ope
Page 47 and 48:
28 ” PHP Basics The code above wo
Page 49 and 50:
30 ” PHP Basics true, the code in
Page 51 and 52:
32 ” PHP Basics } echo $i . PHP_E
Page 53 and 54:
34 ” PHP Basics i Error reporting
Page 55 and 56:
Page 57 and 58:
38 ” Functions { } echo "Hello Wo
Page 59 and 60:
40 ” Functions However, any time
Page 61 and 62:
42 ” Functions Variable-length Ar
Page 63 and 64:
44 ” Functions // Remove the defi
Page 65 and 66:
Page 67 and 68:
48 ” Arrays assigns a numeric key
Page 69 and 70:
50 ” Arrays $a = array (’4’ =
Page 71 and 72: 52 ” Arrays } int(3) Note how the
Page 73 and 74: 54 ” Arrays echo isset ($a[’a
Page 75 and 76: 56 ” Arrays cope with the fact th
Page 77 and 78: 58 ” Arrays If, however, all you
Page 79 and 80: 60 ” Arrays $type = array(’inte
Page 81 and 82: 62 ” Arrays ["b"]=> string(3) "ba
Page 83 and 84: 64 ” Arrays { // Sort according t
Page 85 and 86: 66 ” Arrays $cards = array (1, 2,
Page 87 and 88: 68 ” Arrays $last_in = array_pop(
Page 89 and 90: 70 ” Arrays want it to be compute
Page 91 and 92: Licensed to 482634 - Amber Barrow (
Page 93 and 94: 74 ” Strings And Patterns Escape
Page 95 and 96: 76 ” Strings And Patterns When us
Page 97 and 98: 78 ” Strings And Patterns Note th
Page 99 and 100: 80 ” Strings And Patterns You can
Page 101 and 102: 82 ” Strings And Patterns echo st
Page 103 and 104: 84 ” Strings And Patterns Formatt
Page 105 and 106: 86 ” Strings And Patterns This ti
Page 107 and 108: 88 ” Strings And Patterns b c d e
Page 109 and 110: 90 ” Strings And Patterns lier in
Page 111 and 112: 92 ” Strings And Patterns Sub-Exp
Page 113 and 114: 94 ” Strings And Patterns [0]=> a
Page 117 and 118: 98 ” Web Programming made for a P
Page 119 and 120: 100 ” Web Programming Note that,
Page 121: 102 ” Web Programming file (usual
Page 125 and 126: 106 ” Web Programming The level o
Page 127 and 128: 108 ” Web Programming UNIX timest
Page 129 and 130: 110 ” Web Programming session.aut
Page 133 and 134: 114 ” Object Oriented Programming
Page 161 and 162: 142 ” Database Programming i The
Page 163 and 164: 144 ” Database Programming SQL su
Page 165 and 166: 146 ” Database Programming These
Page 167 and 168: 148 ” Database Programming A good
Page 169 and 170: 150 ” Database Programming DELETE
Page 171 and 172: 152 ” Database Programming As you
Page 173 and 174:
154 ” Database Programming Transa
Page 175 and 176:
156 ” Database Programming PHP Da
Page 177 and 178:
158 ” Database Programming $autho
Page 179 and 180:
160 ” Database Programming While
Page 181 and 182:
162 ” Database Programming $dbh->
Page 183 and 184:
164 ” Database Programming Since
Page 185 and 186:
166 ” Database Programming query,
Page 187 and 188:
168 ” Database Programming Transa
Page 189 and 190:
Page 191 and 192:
172 ” Elements of Object-oriented
Page 193 and 194:
Page 195 and 196:
Page 197 and 198:
Page 199 and 200:
Page 201 and 202:
Page 203 and 204:
Page 205 and 206:
186 ” XML and Web Services This c
Page 207 and 208:
188 ” XML and Web Services struct
Page 209 and 210:
190 ” XML and Web Services Fahren
Page 211 and 212:
192 ” XML and Web Services Since
Page 213 and 214:
194 ” XML and Web Services What t
Page 215 and 216:
196 ” XML and Web Services i If a
Page 217 and 218:
198 ” XML and Web Services operab
Page 219 and 220:
200 ” XML and Web Services if ($r
Page 221 and 222:
202 ” XML and Web Services $dom =
Page 223 and 224:
204 ” XML and Web Services Workin
Page 225 and 226:
206 ” XML and Web Services Web Se
Page 227 and 228:
208 ” XML and Web Services way da
Page 229 and 230:
210 ” XML and Web Services } When
Page 231 and 232:
212 ” XML and Web Services The UR
Page 233 and 234:
Page 235 and 236:
216 ” Security tainted and this d
Page 237 and 238:
218 ” Security spoofed forms, it
Page 239 and 240:
220 ” Security $html = array(); $
Page 241 and 242:
222 ” Security Website Security W
Page 243 and 244:
224 ” Security Cross-Site Scripti
Page 245 and 246:
226 ” Security your own site may
Page 247 and 248:
228 ” Security if (count($results
Page 249 and 250:
230 ” Security While this will pr
Page 251 and 252:
232 ” Security While this attack
Page 253 and 254:
234 ” Security tions or classes l
Page 255 and 256:
Page 257 and 258:
238 ” Streams and Network Program
Page 259 and 260:
Page 261 and 262:
Page 263 and 264:
Page 265 and 266:
Page 267 and 268:
Page 269 and 270:
Page 271 and 272:
Page 273 and 274:
254 ” Differences Between PHP 4 a
Page 275 and 276:
256 ” Differences Between PHP 4 a
Page 277 and 278:
258 ” INDEX as stacks, 68 calcula
Page 279 and 280:
260 ” INDEX constants, 14 class c
Page 281 and 282:
262 ” INDEX removeAttribute(), 20
Page 283 and 284:
264 ” INDEX compression, 105 cook
Page 285 and 286:
266 ” INDEX ArrayAccess, 177 offs
Page 287 and 288:
268 ” INDEX set_exception_handler
Page 289 and 290:
270 ” INDEX with printf(), 87 her
show all

ZEND PHP 5 Certification STUDY GUIDE

Create successful ePaper yourself

Delete template?

Save as template?