Zend PHP5 certification Exam study review 11: supplementary II

In this and the up-coming Post, I listed some extra questions I found during I took the phparch’s Vulcan Zend PHP 5 Certification Testings. This post listed some EASIER but will not be frequently asked in the actual exam I think. But, they are worthy noted here, they can also serve as check points for you previously learned knowledge.

You can determine if you can seek an arbitrary stream in PHP with the stream_get_meta_data() function

The $params[‘notification’] context variable allows you to define a callback for the stream that will notify your script of certain events during the course of the transaction.

The PDOStatement->nextRowset() method in the PDOStatement class is used to return the next result set in a multi-query statement.

SimpleXML objects can be created from what types of data sources?
File
URL
String

During an HTTP authentication, how does one determine the username and password provided by the browser?
predefined variables PHP_AUTH_USER, PHP_AUTH_PW, and AUTH_TYPE set to the user name, password and authentication type respectively. These predefined variables are found in the $_SERVER and $HTTP_SERVER_VARS arrays.
$_SERVER[‘PHP_AUTH_USER’]
$_SERVER[‘PHP_AUTH_PW’]

End a script in PHP5:
__halt_compiler() ;
die();
exit();

When checking to see if two variables contain the same instance of an object, which of the following comparisons should be used?
===

When an object is serialized, which method will be called, automatically, providing your object with an opportunity to close any resources or otherwise prepare to be serialized?
serialize — Generates a storable representation of a value.
When serializing objects, PHP will attempt to call the member function __sleep() prior to serialization. This is to allow the object to do any last minute clean-up, etc. prior to being serialized. Likewise, when the object is restored using unserialize() the __wakeup() member function is called.

Which of the following are examples of the new engine executor models available in PHP 5?
Three execution models (CALL, GOTO, SWITCH) that the new virtual machine of PHP 5.1
Switch
Conditional
Goto
Call
Dynamic

The array_sum() function is used to add up the values of every entry within an array.

The children() method can be used from a SimpleXML node to return an iterator containing a list of all of the current node’s sub nodes.

To destroy one variable within a PHP session you should use which method in PHP 5?
session_destroy(); session_regenerate_id();

Unlike a database such as MySQL, SQLite columns are not explicitly typed. Instead, SQLite catagorizes data into which of the following catagories?
Textual and Numeric

Which two internal PHP interfaces provide functionality which allow you to treat an object like an array?
Iterator
ArrayAccess

The stream_set_timeout() function is used to modify the amount of time PHP will wait for a stream before timing out during reading or writing.

In a general sense, which is more important: performance or maintainability of an application?
maintainability first, performance second.

When using a function such as strip_tags, are markup-based attacks still possible?
yes.
string strip_tags ( string $str [, string $allowable_tags ] )

Which of the following are valid PHP variables?
@$foo
// &$variable
${0x0}
$variable
// $0x0

Unlike the old MySQL extension, the new MySQLi extension requires that you provide what when performing a query when using the procedural interface?
Procedural style:
mixed mysqli_query ( mysqli $link , string $query [, int $resultmode ] )

A FOREIGN key is particularly useful for maintaining data integrity within your database, and has the potential to ease the complexity of your PHP scripts by allowing the database to manage cascading deletes of data.
If you would like to store your session in the database, you would do which of the following?
Create functions for each session handling step and use session_set_save_handler() to override PHP’s internal settings

One can determine if it is possible to send HTTP headers from within your PHP script using which of the following functions?
bool headers_sent ([ string &$file [, int &$line ]] )

Check to make sure we haven’t already sent
the header:
!in_array(“Location: $url”, headers_list())

The tempnam function is used to generate a file resource in the file system with a randomly-generated filename to be used as temporary storage
string tempnam ( string $dir , string $prefix )
Creates a file with a unique filename, with access permission set to 0600, in the specified directory. If the directory does not exist, tempnam() may generate a file in the system’s temporary directory, and return the name of that.

18 Comments - Leave a comment
  1. tjmcd1963 says:

    When checking to see if two variables contain the same instance of an object, which of the following comparisons should be used?
    if($obj1 === $obj2) // ??? are you sure it’s not…
    if($obj1 instanceof $obj2) // ???
    e.g. (from the manual)…
    “Although instanceof is usually used with a literal classname, it can also be used with another object or a string variable:”

    if($a instanceof $b) echo “foo”;
    if($a === $b) echo “bar”;
    //returns foo

  2. David Adam says:

    Yeah, from the manual, it says instanceof can also used with another object or a string variable. However, look at the example#5 on php.net, the use of another object example is:
    $a = new MyClass;
    $b =new MyClass;
    if($a instanceof $b)…

    Here, $a and $b are not the same instance of an object, they are two different instance of the same class, eventhough the if statement will return true.

  3. tjmcd1963 says:

    Here, $a and $b are not the same instance of an object, they are two different instance of the same class, eventhough the if statement will return true…

    Ok, I see your point there, but without simply stating that $a=$b; can you provide a simple example wherein $a and $b would in fact be “the same instance of an object” never mind where $a and $b “contain” the same instance? I confess that I am having some difficulty imagining such a scenario in the real world.

  4. Alexey says:

    Hi!
    On question
    “To destroy one variable within a PHP session you should use which method in PHP 5?”
    you answered
    session_destroy(); session_regenerate_id();
    Why? To destroy ONE variable you should use unset() method, like unset ($_SESSION[‘var’])
    P.S. Thank you for interesting article

  5. David Adam says:

    Hi Alexey, you are right. My answers were wrong, it should use unset. Actually, I knew they are wrong a long time ago; I forgot to correct it. And, later, I thought, maybe just keep it as is. I never said that all these here are the “correct answers” :). Thank you very much for your this comments!

  6. David Adam says:

    tjmcd1963, I knew what you mean. I think, maybe in the case that you want to test if a class is a singleton? E.g.:

    $a = new ForeignClass();
    $b = new ForeignClass();
    if($a === $b) {echo “It is a singleton.”;} else{echo “It is not a singleton.”;}

    Of coures, in the real world, this is a very rare scenario, even you got a class from somewhere, and it was not documented and has no comment, you can always check the source code of the Class right? But I also can’t think another example in the real world right now. But, this is may useful in large project, and you use $a=$b; but after pass $a and $b around, in some places, you forgot you used this stating or it is just another person on the project, so use if($a===$b).
    P.S., I think “the same instance of an object” is actually “the same instance of an class”. The question itself seem has a problem.

  7. Mike says:

    “The $params[‘notification’] context variable allows you to define a callback for the stream that will notify your script of certain events during the course of the transaction.”

    Can you provide some references to this that support your answer? I have been unable to find the answer to this question, nor have I been able to find anything that uses $params[‘notification’].

    Thanks!

  8. David Adam says:

    Hi, Mike. As all of us knew, I actually don’t know the “real right” answer for any exam question. But, I just do my best to get the most correct information.
    Why I think the $params[‘notification’] is the “context variable”? Well, you can go through three pages on the php,net:

    http://cn.php.net/manual/en/function.stream-notification-callback.php
    There is a link to the “notification context parameter” on above page.

    http://cn.php.net/manual/en/context.params.php#context.params.notification
    Then there is a link to the stream_context_set_params() function.

    http://cn.php.net/manual/en/function.stream-context-set-params.php

    And there is a table of “Supported parameters” for the $params array. The first row of the table is about the “$params[‘notification’]”.

    Do you think I got it right?

  9. Karol says:

    I think that tmpfile() is better than tempnam() in this case.

    Cheers!

    PS
    This blog is realy great job! It helped me to organize my knowlege a lot

  10. David Adam says:

    Karol, after checked the php.net, I agree. Thanks. :)

  11. Yahav says:

    That is a good article.
    but for my knolage, in the “binary safe compare” there is === ans strcmp (i answerd on the exam too… i going to do it tomorow becuse of that i looked for reviews and you helped me alot :) )

  12. john smith says:

    Hello

    I am prepareing ZCE. Anybody can the answer of the following question

    when working with a database which of the following can be used to mitigate the possiblilty of exposing your database credientials to malicious user
    (1) Moving all database into single file
    (2) Moving all database credentials outside of the document root
    (3) Restricting access to files not designed to be executed independently
    (4) Setting credential information as system enviorment variable
    (5) Using php constants instead of variables to store credentials

  13. Jahid says:

    My Answer would be:

    (2) Moving all database credentials outside of the document root
    (3) Restricting access to files not designed to be executed independently
    (5) Using php constants instead of variables to store credentials

  14. Richard says:

    Unlike the old MySQL extension, the new MySQLi extension requires that you provide what when performing a query when using the procedural interface?

    I believe the answer is ‘The database handle’. The link identifier is mandatory with the new style procedural mysqli_query, but it is not with the old style mysql_query.

    Old style mysql_query:
    resource mysql_query ( string $query [, resource $link_identifier ] )

    New style mysqli_query:
    mixed mysqli_query ( mysqli $link , string $query [, int $resultmode ] )

  15. Jevgenijus says:

    (2) and (3) of course, and I would also consider taking

    (4) “Setting credential information as system environment variables”,

    as, according to this page:

    http://phpsec.org/projects/guide/3.html

  16. James Dunmore says:

    “The ????? function is used to generate a file resource in the file system with a randomly-generated filename to be used as temporary storage”

    You said tempnam, but arguably tmpfile could be used (although you never know the file name – tmpfile is temporary storage, no reason why tempnam has to be temporary).

    Incidentally, #14,#15 and #17 – it’s a terrible question (in the mock exam)… all are good practice, it’s just the order that you able to apply them (for example, 4 is one of the best, but not always available in shared hosting; 2 and 3 are part-in-part the same thing). But at the end of the day, it’s a mock exam, and as long as it gets you thinking…..!

Leave a Reply

Your email address will not be published. Required fields are marked *

*