1. What is the difference between “print” and echo”?

7. Which of the following statements about PHP is

A: There is no difference true? (Choose 3)
B: print returns true or false and echo does not
C: echo returns true or false and print does not a) A final class can be derived.
D: Print buffers the output, while echo does not b) A final class may be instantiated.
E: None of the above c) A class with a final function may be derived.
d) Static functions can be final.
e) Properties can be final.
2. What is the difference between the include and
require language constructs?
8. When working with the MVC paradigma, the
A. Require constructs can't be used with URL business logic should be implemented in which of
filenames the following components?
B. Include constructs cause a fatal error if the file
doesn't exist A. Model
C. There is no difference other than the name B. View
D. Include constructs are processed at run time; C. Controller
require constructs are processed at compile time
E. Require constructs cause a fatal error if the file
can't be read 9. Which of the following statements are correct?
(Choose 2)

3. Which of the following statements is NOT true?
a) Class constants are public
b) Class constants are being inherited
c) Class constants can omit initialization (default to NULL)
d) Class constants can be initialized by consts
A. It is possible to specify more than one __autoload
function
B. __autoload receives the missing class name all
lowercased
C. __autoload is being called for missing interfaces
D. Inside __autoload missing classes trigger __autoload

4. When a class is defined as final it: 10. Which of the following is correct? (Choose 2)

A. Can no longer be extended by other classes. A. A class can extend more than one class.
B. Means methods in the class are not over-loadable. B. A class can implement more than one class.
C. Cannot be defined as such, final is only applicable to C. A class can extend more than one interface.
object methods. D. A class can implement more than one interface.
D. Is no longer iteratable. E. An interface can extend more than one interface.
F. An interface can implement more than one
interface.

5. Which of the following statements is correct?

11. What object method specifies post-serialization
A. Interfaces can extend only one interface behavior for an object?
B. Interfaces can extend more than one interface
C. Interfaces can inherit a method from different interfaces A. __sleep()
D. Interfaces can redeclare inherited methods B. __wakeup()
C. __set_state()
D. __get()
E. __autoload()
6. You are creating an application that generates
invoices in a variety of formats, including PDF,
ODS and HTML. Each of these formats is
represented as a PHP class in your application. 12. What visibility denies access to properties and
While some of the operations can be performed on methods outside of the class?
all of the different formats (such as saving and
loading), other operations may be specific to one or A. static
two of the formats (such as setting as read only). B. protected
Which design pattern should you use for this C. private
application? D. public
E. const
A. Adapter
B. Factory
C. MVC
D. Singleton 13. You are creating an application that repeatedly
connects to a database to retrieve order data for
 invoices. All data comes from the same database.
In order to preserve resources, you have to ensure
that only one database connection should be used at 19. In PHP 5 you can use the ______ operator to
any time. The code also has to open as few new ensure that an object is of a particular type. You
database connections as possible. Which design can also use _______ in the function declaration.
pattern should you use for this scenario? A. instanceof, is_a
B. instanceof, type-hinting
A. Adapter C. type, instanceof
B. Factory D. ===, type-hinting
C. MVC E. ===, is_a
D. Singleton

14. PHP's array functions such as array_values() and
array_key_exists() can be used on an object if the
object...
A. implements Traversable
B. is an instance of ArrayObject
C. implements ArrayAccess
D. None of the above
15. What is the name of the method that can be used to
provide read access to virtual properties in a class?
20. How can you modify the copy of an object during a
clone operation?
A. Put the logic in the object's constructor to alter the
values
B. Implment your own function to do object copying
C. Implement the object's __clone() method
D. Implement __get() and __set() methods with the
correct logic
E. Implement the __copy() method with the correct
logic

A. __call()
B. __get()
C. __set()
D. __wakeup()
E. __fetch()
16. Which of the following function signatures is
correct if you want to have classes automatically
loaded?
A. function autoload($class_name)
B. function __autoload($class_name, $file)
C. function __autoload($class_name)
D. function _autoload($class_name)
E. function autoload($class_name, $file)
21. What is the primary difference between a method
declared as static and a normal method?
A. Static methods can only be called using the ::
syntax and never from an instance
B. Static methods do not provide a reference to $this
C. Static methods cannot be called from within class
instances
D. Static methods don't have access to the self
keyword
E. There is no functional difference between a static
and non-static method
22. The ______ keyword is used to indicate an
incomplete class or method, which must be further
extended and/or implemented in order to be used.

17. What type of class definition can be used to define A. final

multiple inheritance? B. protected
C. incomplete
A. Class D. abstract
B. Abstract E. implements
C. Interface
D. Final

23. To ensure that a given object has a particular set of

methods, you must provide a method list in the
form of an ________ and then attach it as part of
18. What does an object based on the Active Record your class using the ________ keyword.
pattern provide?
A. array, interface
A. A way to actively control the application's workflow B. interface, implements
B. A way to record the history of its changes C. interface, extends
C. A way to effortlessly store its properties in a database
D. instance, implements
E. access-list, instance C. Requires less memory then DOM
D. Easier to develop parsers

24. Type-hinting and the instanceof keyword can 30. Creating new nodes in XML documents using
be used to check what types of things about PHP can be done using which XML/PHP 5
variables? Choose 3 technologies?
A. XQuery
A. If a particular child class extends from it B. XPath
B. If they are an instance of a particular interface C. SimpleXML
C. If they are an abstract class D. DOM
D. If they have a particular parent class E. SAX
E. If they are an instance of a particular class

25. PHP 5 supports which of the following XML 31. When working with SimpleXML in PHP 5, the
parsing methods? four basic rules on how the XML document is
A. SAX accessed are which of the following?
B. FastDOM A. Element namespaces are denoted by the
C. DOM 'namespace' attribute
D. XPath B. converting an element to a string denotes text
E. XML to Object mapping data
C. Non-numeric indexes are element attributes
D. Numeric indexes are elements
E. Properties denote element iterators

26. When embedding PHP into XML documents,

what must you ensure is true in order for things
to function properly?
A. Disabling of the short_tags PHP.ini directive
B. Enabling the asp_tags PHP.ini directive
C. That you have XPath support enabled in PHP 5
32. SimpleXML objects can be created from what
D. That your XML documents are well-formed types of data sources?
E. None of the above, PHP can be embedded in XML A. A String
in all cases. B. An array
C. A DomDocument object
D. A URI
E. A Database resource
27. What XML technology is used when you mix
two different document types in a single XML
document? 33. Which of the following functions are part of
A. Validators PHP's internal Iterator interface?
B. DTD A. rewind()
C. Transformations B. valid()
D. Namespaces C. next()
D. key()
E. current()

28. Event-based XML parsing is an example of

which parsing model?
A. SAX
B. DOM 34. What DOMElement method should be used to
C. XML Object Mapping check for availability of a non-namespaced
attribute?
D. XPath
E. XQuery
A. getAttributeNS()
B. getAttribute()
C. hasAttribute()
D. hasAttributeNS()
29. What is the primary benefit of a SAX-based
XML parser compared to DOM?
A. All of the above
B. Faster then DOM methods
 35. REST is a(n) ...

A. Web service protocol similar to SOAP with a strict XML

schema.
B. Principle to exchange information using XML and 41. Which of the following statements about SOAP
HTTP. is NOT true?
C. API to get information from social networking sites.
A. SOAP is a request-/response-based protocol.
B. SOAP can be transported using SMTP, HTTP and other
protocols.
C. SOAP requires developers to use WSDL.
D. SOAP traffic via HTTP can be encrypted and compressed
just like other HTTP requests
36. Which of the following statements are NOT
true?

A. SimpleXML allows removal of attributes. 42. Which of the following XML declarations is
B. SimpleXML allows addition of new attributes. NOT valid?
C. SimpleXML allows removal of nodes.
D. SimpleXML allows addition of new nodes. A. <?xml version="1.0" ?>
E.None of the above B. <?xml version="1.1" encoding="UTF-8" ?>
C. <?xml standalone="no" ?>
D. <?xml standalone="1" ?>

37. What DOM method is used to load HTML files?

A. load()
B. loadXML()
C. loadHTML() 43. Which of these protocols are NOT governed by
D. loadHTMLFile() the W3C in their latest versions? (Choose 2)

A. XML-RPC
B. SOAP
38. Which of the following are valid SoapClient C. WSDL
calls? (Choose 2) D. UDDI

A. $client = new SoapClient("weather.wsdl");

B. $client = new SoapClient; 44. Which one of the following technologies was not
C. $client = new SoapClient(null, array("location" => built into PHP before version 5?
"http://example.com/weather", "uri" => "http://test-
uri.com/")); A. XSL
D. $client = new SoapClient(null, array()); B. SOAP
C. DOM
D. SAX

39. What parsing methodology is utilized by the

SimpleXML extension? 45. What SimpleXML function is used to parse a
file?
A. SAX
B. DOM A. simplexml_load_file()
C. XPath B. simplexml_load_string()
D. Push/Pull Approach C. load()
E. Expat D. loadFile()
E. loadXML()
F. None of the above.

40. Which of the following is an invalid DOM save

method?

A. save() 46. What is the method used to execute XPath

B. saveFile() queries in the SimpleXML extension?
C. saveXML()
D. saveHTML() A. xpathQuery()
E. saveHTMLFile() B. xpath()
C. simpleXMLXpath()
D. query()
E. evaluate()
47. What is the method used to execute XPath
queries in the SimpleXML extension? \
A. xpathQuery()
B. xpath()
C. simpleXMLXpath()
D. query()
E. evaluate()
48. Which of the following parts must a XML
document have in order to be well-formed?
A. An XML declaration
B. A root element
C. A specified encoding
D. A reference to either a DTD or an XML schema definition
49. How can XML parsing errors be suppressed in
the SimpleXML extension?
A. error_reporting(E_ALL^E_NOTICE);
B. simplexml_disable_errors(TRUE);
C. simplexml_ignore_errors(TRUE);
D. libxml_use_internal_errors(TRUE);
E. simplexml_load_file("file.xml", LIBXML_NOERROR) ;
50. Which php.ini directive should be disabled to
prevent the execution of a remote PHP script via an
include or require construct?
A. You cannot disable remote PHP script execution
B. curl.enabled
C. allow_remote_url
D. allow_url_fopen
E. allow_require
51. When implementing a permissions system for your
Web site, what should always be done with regards
to the session?
A. None of the above
B. You should not implement permission systems
using sessions
C. Sessions should be cleared of all data and re-
populated
D. The session key should be regenerated
E. The session should be destroyed
52. When attempting to prevent a cross-site scripting
attack, which of the following is most important?
A. Not writing Javascript on the fly using PHP
B. Filtering Output used in form data
C. Filtering Output used in database transactions
D. Writing careful Javascript
E. Filtering all input
53. Which of the following php.ini directives
should be disabled to improve the outward security
of your application?
A. safe_mode
B. magic_quotes_gpc
C. register_globals
D. display_errors
E. allow_url_fopen
54. Which of the following list of potential data
sources should be considered trusted?
A. None of the above
B. $_ENV
C. $_GET
D. $_COOKIE
E. $_SERVER
55. What is the best way to ensure the distinction
between filtered / trusted and unfiltered / untrusted
data?
A. None of the above
B. Never trust any data from the user
C. Enable built-in security features such as
magic_quotes_gpc and safe_mode
D. Always filter all incoming data
E. Use PHP 5's tainted mode
56. What is the best measure one can take to prevent a
cross-site request forgery?
A. Disallow requests from outside hosts
B. Add a secret token to all form submissions
C. Turn off allow_url_fopen in php.ini
D. Filter all output
E. Filter all input
57. Which of the following values of $_GET['url']
would cause session fixation?
A. Session Fixation is not possible with this code
snippet
B. http://www.zend.com/?PHPSESSID=123
C. PHPSESSID%611243
D. Set-Cookie%3A+PHPSESSID%611234
E. http%3A%2F%2Fwww.zend.com%2F%0D%0ASet-
Cookie%3A+PHPSESSID%611234
58. To destroy one variable within a PHP session you
should use which method in PHP 5?
A. Unset the variable in $HTTP_SESSION_VARS
B. Use the session_destroy() function
C. Use the session_unset() function
D. unset the variable in $_SESSION using unset()
E. Any of the above are acceptable in PHP 5
59. If you would like to store your session in the
database, you would do which of the following?
A. It requires a custom PHP extension to change the
session handler
B. Implement the session_set_save_handler()
function
C. Create functions for each session handling step
and use session_set_save_handler() to override
PHP's internal settings
D. Configure the session.save_handler INI directive to
your session class
60. To destroy a PHP session completely, one must
which of the following?
A. Regenerate the session ID using
session_regenerate_id()
B. If cookies are used, destroy it
C. Use session_demolish() to completely destroy the
session
D. Change the session name using session_name()
E. Destroy the session data using session_destroy()
61. If you would like to change the session ID
generation function, which of the following is the
best approach for PHP 5?
A. Set the session.hash_function INI configuration
directive
B. Use the session_set_id_generator() function
C. Set the session id by force using the session_id()
function
D. Use the session_regenerate_id() function
E. Implement a custom session handler
62. Setting a cookie on the client in PHP 5 can be best
accomplished by:
A. Use the add_cookie() function
B. Use the setcookie() function
C. Use the the apache_send_header() function
D. Setting a variable in the $_COOKIE superglobal
63. How does one create a cookie which will exist only
until the browser session is terminated?
A. You cannot create cookies that expire when the
browser session is terminated
B. Setting the expiration time for a cookie to a time in
the distant future
C. Do not provide a cookie expiration time
D. Enable Cookie Security
E. Set a cookie without a domain
64. Setting a HTTP cookie on the client which is not
URL-encoded is done how in PHP 5?
A. Use the setrawcookie() function
B. Set the cookies.urlencode INI directive to false
C. Use urldecode() on the return value of setcookie()
D. Setting the $no_encode parameter of setcookie()
to a boolean 'true'
E. All cookies must be URL encoded
65. During an HTTP authentication, how does one
determine the username and password provided by
the browser?
A. Parse the HTTP headers manually using
http_get_headers()
B. Use the get_http_username() and
get_http_password() functions
C. Use the $_SERVER['HTTP_USER'] and
$_SERVER['HTTP_PASSWORD'] variables
D. Use the $_SERVER['PHP_AUTH_USER'] and
$_SERVER['PHP_AUTH_PW'] variables
E. Parse the $_SERVER['REQUEST_URI'] variable
66. onsider the following function:
<?php
function redirect($url) {
// Check to make sure we haven't
already sent
// the header:
if(???????) {
header("Location: $url");
}
}
?>
What conditional should replace the ????? above?
A. !in_array("Location: $url", headers_list())
B. !header_exists("Location: $url")
C. !header_location($url)
D. $_SERVER['HTTP_LOCATION'] != $url
67. One can ensure that headers can always be sent
from a PHP script by doing what?
A. Enable header buffering in PHP 5
B. Set the header.force INI directive to true
C. Enable output buffering in PHP 5
D. There is no way to ensure that headers can always 73. Which of the following functions allow you to
be set, they must always be checked introspect the call stack during execution of a PHP
E. None of the above script?
A. get_backtrace()
B. get_function_stack()
C. debug_backtrace()
68. When is it acceptable to store sensitive information D. debug_print_backtrace()
in an HTTP cookie? E. print_backtrace()
A. Only under extremely controlled situations
B. When the cookie is sent over a secure HTTP
request
C. When it is encrypted 74. When running PHP in a shared host environment,
D. It is always acceptable what is the major security concern when it comes
to session data?
A. Sessions on shared hosts are easily hijacked by
outside malicious users
69. When using a function such as strip_tags, are B. All of the above
markup-based attacks still possible? C. You cannot use a custom data store in shared
A. No, HTML does not pose any security risks hosts
B. Yes, even a <p> HTML tag is a security risk D. Session data stored in the file system can be read
C. Yes, attributes of allowed tags are ignored by other scripts on the same shared host
D. No, strip_tags will prevent any markup-based E. Users outside the shared host can access any site
attack which created a session for them

70. Where should indirectly executed PHP scripts (i.e. 75. Which of the following filtering techniques
include files) be stored in the file system? prevents cross-site scripting (XSS)
A. Outside of the Document Root vulnerabilities?
B. In the document root
C. Anywhere you want A. Strip all occurrences of the string script.
D. In the database B. Strip all occurrences of the string javascript.
C. Enable magic_quotes_gpc.
D. None of the above.

71. When executing system commands from PHP,

what should one do to keep applications secure?
A. Remove all quote characters from variables used 76. Identify the security vulnerability in the
in a shell execution following example:
B. Avoid using shell commands when PHP equivlents
<?php
are available
echo "Welcome, {$_POST['name']}.";
C. Hard code all shell commands ?>
D. Escape all shell arguments
E. Escape all shell commands executed A. SQL Injection
B. Cross-Site Scripting
C. Remote Code Injection
D. None of the above
72. Why is it important from a security perspective to
never display PHP error messages directly to the
end user, yet always log them?
A. Error messages will contain sensitive session 77. Which options do you have in PHP to set the
information expiry date of a session?
B. Error messages can contain cross site scripting
attacks A. Set the session.duration directive in php.ini
C. Security risks involved in logging are handled by B. Set session cookie expiry date locally via
PHP session_set_cookie_params()
D. Error messages give the perception of insecurity to C. Set session expiry date locally via session_cache_expire()
the user D. None of the above
E. Error messages can contain data useful to a
potential attacker
 78. Which of the following data types cannot be B. strip_tags()
directly manipulated by the client? C. addslashes()
D. session_regenerate_id()
A. Cookie Data
B. Session Data
C. Remote IP Address
D. User Agent 84. How can you determine if magic_quotes_gpc is
enabled? (Choose 2)

A. Use the get_magic_quotes() function.

79. What is the function of backtick (`) characters B. Using the get_magic_quotes_runtime() function.
in PHP? C. Use the get_magic_quotes_gpc() function.
D. Using ini_get('magic_quotes_gpc').
A. Same as single-quotes, used to enclose strings. E. Using ini_get('magic_quotes').
B. Escape operators.
C. No special meaning.
D. Execute the enclosed string as a command.
E. Error control operators. 85. Which of the following statements about
exceptions are correct? (Choose 2)

A. you can only throw classes derived from Exception

80. Which constant must be passed as the second B. a try block can have multiple catch blocks
argument to htmlentities() to convert single C. a try block must not be followed by a catch block
quotes (') to HTML entities? D. try blocks cannot contain nested try blocks

A. TRUE
B. FALSE
C. ENT_QUOTES 86. In a shared hosting environment, session data
D. ENT_NOQUOTES can be read by PHP scripts written by any user.
E. ENT_COMPAT How can you prevent this?

A. Store session data in a different location with

81. You want to allow your users to submit HTML
code in a form, which will then be displayed as
real code and not affect your site layout. Which
function do you apply to the text, when
displaying it? (Choose 2)
session.save_path
B. Store session data in a database.
C. Enable safe_mode.
D. Set session.name to something unique.

A. strip_tags() 87. Which is the most secure approach for handling

B. htmlentities() dynamic data in SQL queries?
C. htmltidy()
D. htmlspecialchars() A. Use addslashes().
E. showhtml() B. Enable magic_quotes_gpc.
C. Use prepared statements if supported by the database
library, data-specific escaping functions otherwise.
D. Use stored procedures.

82. One common security risk is exposing error

messages directly in the browser. Which PHP
configuration directive can be disabled to prevent 88. Which of the following functions are used to
this? escape data within the context of HTML?
(Choose 2)
A. html_display
B. error_reporting A. htmlentities()
C. display_errors B. addslashes()
D. error_log C. stripslashes()
E. ignore_repeated_errors D. strip_tags()
E. htmlspecialchars()

83. Which of the following functions can help

prevent session fixation vulnerabilities? 89. Which of the following configuration directives
increase the risk of remote code injection when
A. magic_quotes_gpc() enabled? (Choose 2)
A. allow_url_fopen
B. register_globals 94. Which session function can help to avoid session
C. magic_quotes_gpc fixation?
D. safe_mode
A. session_is_registered()
B. session_register()
C. session_unregister()
90. Assume that you are using PHP s session D. session_regenerate_id()
management without cookies and want to make E. None of the above.
sure that session information does not get lost
when redirecting the client to another URL.
Which of the following functions do you need to
achieve that? (Choose 3) 95. Which function can help prevent cross-site
scripting? (Choose 2)
A. header()
B. session_id() A. addslashes()
C. session_info() B. htmlentities()
D. session_name() C. htmlspecialchars()
E. session_write_close() D. strip_tags()
E. quotemeta()

91. An HTML form contains this form element:

<input type="file" name="myFile" />
When this form is submitted, the following PHP code gets
executed:
<?php
move_uploaded_file(
$_FILES['myFile']['tmp_name'],
'uploads/' . $_FILES['myFile']['name']);
?>
92. Which of the following actions must be taken
before this code may go into production?
(Choose 2)
96. Under which circumstances is the $_SESSION
super-global available? (Choose 2)
A. If session_start() was called.
B. If session.auto_start INI setting is enabled.
C. Always available in PHP 5.
D. If a valid session id is passed via GET, POST or
COOKIE.
E. If register_globals are enabled.

A. Check with is_uploaded_file() whether the uploaded file 97. You need to escape special characters to use
$_FILES['myFile']['tmp_name'] is valid user input inside a regular expression. Which
B. Sanitize the file name in $_FILES['myFile']['name'] functions would you use? (Choose 2)
because this value is not consistent among web browsers
C. Check the charset encoding of the HTTP request to see A. addslashes()
whether it matches the encoding of the uploaded file B. htmlentities()
D. Sanitize the file name in $_FILES['myFile']['name'] C. preg_quote()
because this value could be forged D. regex_quote()
E. Use $HTTP_POST_FILES instead of $_FILES to maintain E. quotemeta()
upwards compatibility

98. Identify the security vulnerability in the

93. What will the following code print? following example:

echo addslashes('I am a <b>small</b> "HTML" string, <?php

which is \'invalid\'</u>.'); mail('feedback@example.org', 'Feddback', 'Here is my
feedback.', "From: {$_COOKIE['email']}");
A. I am a <b>small</b> "HTML" string, which is ?>
'invalid'</u>.
B. I am a <b>small</b> \"HTML\" string, which is A. Remote Code Injection
\'invalid\'</u>. B. Cross-Site Request Forgeries
C. I am a <b>small</b> \"HTML\" string, which is C. Email Injection
\\'invalid\\'</u>. D. None of the above
D. I am a <b>small</b> \"HTML\" string, which is
\\\'invalid\\\'</u>.
E. I am a \<b\>small\<\/b\> "HTML" string, which is
'invalid'\<\/u\>.
 99. What happens if you try to access a property B. Moving all database credentials outside of the
whose name is defined in a parent class as document root
private, and is not declared in the current class? C. Restricting access to files not designed to be
executed independently
A. An E_NOTICE error will be triggered. D. Setting creditial information as system
B. An E_ERROR error will be triggered. environment variables
C. An E_WARNING error will be triggered. E. Using PHP constants instead of variables to store
D. No errors will be triggered credentials

104. Which of the following are not true about streams?

100. Where should indirectly executed PHP scripts (i.e.
A. They are always seekable
include files) be stored in the file system?
B. When used properly they significantly reduce
A. Outside of the Document Root
memory consumption
B. In the document root
C. They can be applied to any data source
C. Anywhere you want
D. They are always bi-directional
D. In the database
E. They can be filtered

101. Which of the following functions are part of PHP's

105. Using flock() to lock a stream is only assured to
internal Iterator interface?
work under what circumstances?
A. rewind()
A. When running in a Linux environment local
B. valid()
filesystem
C. next()
B. When accessing the stream of the local filesystem
D. key()
C. When running in a Windows environment and
E. current()
accessing a share
F. All of the above
D. When accessing a bi-directional stream
E. When accessing a read-only stream

102. Which of the following methods are used to fetch

data from a PDO Statement?
106. _______ can be used to add additional functionality
A. fetchColumn()
to a stream, such as implementation of a specific
B. fetchObject()
protocol on top of a normal PHP stream
C. fetch() implementation.
D. fetchClass() A. Buffered
E. fetchRow() B. Buckets
C. Wrappers
D. Filters
103. When writing portable database code using PDO,
what is the PDO::ATTR_CASE attribute useful
for? 107. The _______ constant in a CLI script is an
A. None of the above automatically provided file resource representing
B. Ensuring that all columns are of a particular case standard input of the terminal.
when fetched A. STDIN
C. Adjusting the case of a query before it is processed B. __STDIN__
for compatibility reasons C. STDIO
D. Controls the switch logic of how queries are D. PHP::STDIO
processed E. STD_IN
E. Allows you to adjust the memory cache (or "case")
for increased performance

108. What should go in the ??????? assignment below to

create a Zlib-compressed file foo.gz with a
compression level of 9?
When working with a database, which of the following
can be used to mitigate the possibility of exposing your <?php
database credientials to a malicious user?
$file = '????????';
A. Moving all database credentials into a single file
$fr = fopen($file, 'wb9');
fwrite($fr, $data);
fclose($fr); error. How does one access these streams in PHP
5?
?> A. Use stdin(), stdout() and stderr() functions
B. PHP::STDIN, PHP::STDOUT, PHP::STDERR class
constants in PHP 5
A. gzip://foo.gz?level=9 C. STDIN, STDOUT, and STDERR constants in PHP 5
B. compress.zip://foo.gz?level=9 D. use the php::stdin(), php::stdout(), and
C. compress.zlib://foo.gz php::stderr() class methods
D. compress.gzip://foo.gz?level=9
E. zlib://foo.gz

114. How can one take advantage of the time waiting for
a lock during a stream access, to do other tasks
109. Which of the following is not a valid default stream using the following locking code as the base:
wrapper for PHP 5, assuming OpenSSL is enabled?
A. ftps:// $retval = flock($fr, LOCK_EX);
B. ftp://
C. sftp:// A. Use flock_lazy() instead of flock()
D. https:// B. Use LOCK_EX|LOCK_NB instead of LOCK_EX
E. http:// C. Use LOCK_UN instead of LOCK_EX
D. Check the value of $retval to see if the lock was
obtained
E. Check to see if $retval == LOCK_WAIT
110. When opening a file in writing mode using the FTP
handler, what must be done so that the file will still
be written to the server in the event it previously
exists?
115. Which of the following extensions are no longer
A. Provide a context for fopen() using part of PHP 5 and have been moved to PECL?
stream_context_create() A. tidy
B. You must delete the file first before uploading a B. mysql
new file C. w32api
C. Configure this behavior in the php.ini file using the D. curl
ftp.overwrite directive E. dio
D. Open the file using the 'w+' mode

116. Unlike a database such as MySQL, SQLite

111. Which of the following functions is used to columns are not explicitly typed. Instead, SQLite
determine if a given stream is blocking or not? catagorizes data into which of the following
A. stream_get_blocking catagories?
B. stream_get_meta_data A. textual
C. stream_is_blocking B. unicode
D. stream_get_blocking_mode C. numeric
D. binary
E. constant

112. What is the difference between the include and

require language constructs?
A. Require constructs can't be used with URL
filenames
B. Include constructs cause a fatal error if the file
doesn't exist
C. There is no difference other than the name
D. Include constructs are processed at run time;
require constructs are processed at compile time
E. Require constructs cause a fatal error if the file
can't be read
117. Which of the following cases are cases when you
should use transactions?
A. Updating a single row in a table
B. Inserting a new row into a single table
C. Performing a stored procedure
D. Selecting rows from multiple different tables
E. Updating a single row in multiple different tables

118. Which of the following is not a valid PDO DSN?

113. When writing CLI scripts it is often useful to A. All of the above are valid
access the standard streams available to the B. mysql:unix_socket=/tmp/mysql.sock;dbname=test
operating system such as standard input/output and db
 C. oci:dbname=//localhost:1521/mydb
D. mysql:host=localhost;port=3307;dbname=testdb
E. sqlite2:/opt/databases/mydb.sq2
119. When connecting to a database using PDO, what
must be done to ensure that database credentials are
not compromised if the connection were to fail?
A. wrap the PDO DSN in a try/catch block to catch
any connection exception
B. Use constants in the PDO DSN
C. Place the login credentials in the php.ini file
D. Disable E_STRICT and E_NOTICE error reporting
levels
120. Implementing your own PDO class requires which
steps from the list below?
A. Extending the PDOStatement Class
B. Set the PDO::ATTR_STATEMENT_CLASS parameter
C. Call the PDO::setStatementClass() method
D. Extend the PDO class
E. Set the PDO::ATTR_USE_CLASS parameter
121. What function is used to retrieve all available
information about a symbolic link?
A. symlink()
B. stat()
C. fstat()
D. lstat()
E. readlink()
122. After executing a SELECT query on a database
server,
A. All data is immediately transmitted to PHP
B. All data will be transmitted on-demand to PHP
C. None of the above
123. Transactions are used to:
A. guarantee high performance
B. secure data consistency
C. secure access to the database
D. reduce the database server overhead
E. reduce code size in PHP
124. Some databases support the LIMIT clause. It is
a method to ensure that ...
A. only certain rows are deleted in DELETE queries.
B. only a defined subset of rows are read in SELECT
queries.
C. only certain users can access the database.
125. What does the __FILE__ constant contain?
A. The filename of the current script.
B. The full path to the current script.
C. The URL of the request made.
D. The path to the main script.
126. What PHP function can be used to remove a
local file?
A. rmdir()
B. unlink()
C. rm()
D. delete()
E. delete_file()
127. What function returns the filename component of
the file's path:
A.dirname()
B.realpath()
C. basename()
D. pathinfo()
E. parse_url()
128. After executing a query on a database server,
PHP offers several functions to read the
resulting lines, such as mysqli_fetch_assoc,
pg_fetch_row, oci_fetchtc.). If such functions do
not return any rows, it means: (Choose 2)
A. a SELECT statement returned no rows
B. the transaction has been rolled back
C. the connection to the database server was disconnected
during query execution
D. the query was too slow to execute
129. An unbuffered query will: (Choose 2)
A. Return the first data faster
B. Return all data faster
C. Free connection faster for others scripts to use
D. Use less memory
130. Which of the following commands will append
data to an existing file?
A. file_put_contents("file", "data", "a");
B. file_put_contents("file", "a", "data");
C. file_put_contents("file", "data", FILE_APPEND);
D. file_put_contents("file", "a", NULL, FILE_APPEND);
 136. Which of the following actions must be taken
before this code may go into production? (Choose
2)
131. Which elements does the array returned by the
function pathinfo() contain? A. Check with is_uploaded_file() whether the uploaded file
$_FILES['myFile']['tmp_name'] is valid
A. root, dir, file B. Sanitize the file name in $_FILES['myFile']['name']
B. dirname, filename, fileextension because this value is not consistent among web browsers
C. dirname, basename, extensio C. Check the charset encoding of the HTTP request to see
D. path, file whether it matches the encoding of the uploaded file
D. Sanitize the file name in $_FILES['myFile']['name']
because this value could be forged
E. Use $HTTP_POST_FILES instead of $_FILES to maintain
upwards compatibility
132. Which requirements need NOT be met so that
file uploads work?

A. The PHP directive file_uploads must be set to On
B. The form's method attribute must be set to "post"
C. Safe mode must be turned off so that the uploaded file an
be written to the server
D. The form's enctype attribute must be set to
"multipart/form-data"
137. When a transaction reports no affected rows, it
means that: (Choose 2)
A. The transaction failed
B. The transaction affected no lines
C. The transaction was rolled back
D. The transaction was committed without error

133. How can precisely one byte be read from a file, 138. What does the chown() function do?
pointed by $fp? (Choose 2)
A. Change the file permissions.
A. fread($fp, 1); B. Change the owner of the file.
B. fgets($fp, 1); C. Change the group of the file.
C. fgetss($fp, 1); D. Checks if the file is accessible.
D. fgetc($fp);
E. All of the above

134. When you need to process the values of columns

in a database, you should:
A. Only use built-in database functions
B. Always use read the values as-is from the database and
then process them with PHP
C. Use built-in database functions for simple processing,
and perform more complicated logic in PHP
D. Use built-in database functions for complicated logic,
and perform simpler functions in PHP
135. An HTML form contains this form element:
139. The function mysqli_affected_rows() can be
used to perform which of the following actions?
(Choose 2)
A. get the number of rows that are affected by SELECT
statements
B. get the number of rows that are affected by UPDATE
statements
C. get the number of rows that are affected by INSERT
statements
D. get the number of rows in a result set
E. get the numbers of rows that are affected after
committing a transaction using COMMIT

<input type="file" name="myFile" />

When this form is submitted, the following PHP code gets
executed: 140. In a typical web application the most used
<?php database action is...
move_uploaded_file(
$_FILES['myFile']['tmp_name'], A. INSERT
'uploads/' . $_FILES['myFile']['name']); B. UPDATE
?> C. SELECT
D. CREATE
E. ALTER
 D. File system
E. Session Server
141. What is the file locking mode that should be
used when writing to a file?

A. LOCK_UN 147. When comparing prepared statements and

B. LOCK_SH regular, application-constructed SQL
C. LOCK_EX statements, which of the following is true?
D. LOCK_NB A. Prepared statements are faster
B. Prepared statements are always shorter
C. Prepared statements are more secure
D. Prepared statements are easier to develop
142. What function is ideal for outputting contents of E. None of the above
a static file to screen?

A. file_get_contents()
B. readfile() 148. Which of the following statements is true?
C. fread()
D. include() A. All PHP database extensions support prepared statements
E. require() B. All PHP database extensions come with their own special
F. file() helper functions to escape user data to be used in dynamic
SQL queries
C. All PHP database extensions provide an OOP interface
D. All PHP database extensions appear in the output of php
143. Which of the following will set a 10 seconds read -m , if installed
timeout for a stream?

A. ini_set("default_socket_timeout", 10);
B. stream_read_timeout($stream, 10);
C. Specify the timeout as the 5th parameter to the
fsockopen() function used to open a stream
D. stream_set_timeout($stream, 10);
E. None of the above
144. What is the ideal method of copying data
between two opened files?
A. copy($source_file, $destination_file);
B. copy(destination_file, $source_file);
C. stream_copy_to_stream($source_file, $destination_file);
D. stream_copy_to_stream($destination_file, $source_file);
E. stream_bucket_prepend($source_file, $destination_file);
149. Which of the following statements about
database connections are commonly true?
(Choose 2)
A. Database connections are closed after each SQL
statement is executed
B. Database connections are closed at the end of each
request
C. Database connections are only closed when the Web
server shuts down
D. A single database connection may serve more than one
PHP application at the same time
150. Which of the following code snippets writes the
content of the file "source.txt" to
"target.txt"?(Choose 3)

A. file_put_contents("target.txt", fopen("source.txt", "r"));

B. file_put_contents("target.txt", readfile("source.txt"));
C. file_put_contents("target.txt", join(file("source.txt"), ""));
145. Which technique should be used to speed up D. file_put_contents("target.txt",
joins without changing their results? file_get_contents("source.txt"));
E. $handle = fopen("target.txt", "w+"); fwrite($handle,
A. Add indices on joined columns file_get_contents("source.txt")); fclose($handle);
B. Add a WHERE clause
C. Add a LIMIT clause
D. Use an inner join

146. Where does the session extension store the

session data by default?

A. SQLite Database
B. MySQL Database
C. Shared Memory