1. What is the difference between “print” and echo”?

7. Which of the following statements about PHP is

A: There is no difference true? (Choose 3)
B: print returns true or false and echo does not
C: echo returns true or false and print does not a) A final class can be derived.
D: Print buffers the output, while echo does not b) A final class may be instantiated.
E: None of the above c) A class with a final function may be derived.
d) Static functions can be final.
e) Properties can be final.
2. What is the difference between the include and
require language constructs?
8. When working with the MVC paradigma, the
A. Require constructs can't be used with URL business logic should be implemented in which of
filenames the following components?
B. Include constructs cause a fatal error if the file
doesn't exist A. Model
C. There is no difference other than the name B. View
D. Include constructs are processed at run time; C. Controller
require constructs are processed at compile time
E. Require constructs cause a fatal error if the file
can't be read 9. Which of the following statements are correct?
(Choose 2)

3. Which of the following statements is NOT true? A. It is possible to specify more than one __autoload
function
a) Class constants are public B. __autoload receives the missing class name all
b) Class constants are being inherited lowercased
c) Class constants can omit initialization (default to NULL) C. __autoload is being called for missing interfaces
d) Class constants can be initialized by consts D. Inside __autoload missing classes trigger __autoload

4. When a class is defined as final it: 10. Which of the following is correct? (Choose 2)

A. Can no longer be extended by other classes. A. A class can extend more than one class.
B. Means methods in the class are not over-loadable. B. A class can implement more than one class.
C. Cannot be defined as such, final is only applicable to C. A class can extend more than one interface.
object methods. D. A class can implement more than one interface.
D. Is no longer iteratable. E. An interface can extend more than one interface.
F. An interface can implement more than one
interface.

5. Which of the following statements is correct?

11. What object method specifies post-serialization
A. Interfaces can extend only one interface behavior for an object?
B. Interfaces can extend more than one interface
C. Interfaces can inherit a method from different interfaces A. __sleep()
D. Interfaces can redeclare inherited methods B. __wakeup()
C. __set_state()
D. __get()
E. __autoload()
6. You are creating an application that generates
invoices in a variety of formats, including PDF,
ODS and HTML. Each of these formats is
represented as a PHP class in your application. 12. What visibility denies access to properties and
While some of the operations can be performed on methods outside of the class?
all of the different formats (such as saving and
loading), other operations may be specific to one or A. static
two of the formats (such as setting as read only). B. protected
Which design pattern should you use for this C. private
application? D. public
E. const
A. Adapter
B. Factory
C. MVC
D. Singleton 13. You are creating an application that repeatedly
connects to a database to retrieve order data for
 invoices. All data comes from the same database.
In order to preserve resources, you have to ensure
that only one database connection should be used at 19. In PHP 5 you can use the ______ operator to
any time. The code also has to open as few new ensure that an object is of a particular type. You
database connections as possible. Which design can also use _______ in the function declaration.
pattern should you use for this scenario? A. instanceof, is_a
B. instanceof, type-hinting
A. Adapter C. type, instanceof
B. Factory D. ===, type-hinting
C. MVC E. ===, is_a
D. Singleton

14. PHP's array functions such as array_values() and 20. How can you modify the copy of an object during a
array_key_exists() can be used on an object if the clone operation?
object...
A. Put the logic in the object's constructor to alter the
A. implements Traversable
B. is an instance of ArrayObject values
C. implements ArrayAccess B. Implment your own function to do object copying
D. None of the above C. Implement the object's __clone() method
D. Implement __get() and __set() methods with the
correct logic
E. Implement the __copy() method with the correct
15. What is the name of the method that can be used to logic
provide read access to virtual properties in a class?

A. __call()
B. __get() 21. What is the primary difference between a method
C. __set() declared as static and a normal method?
D. __wakeup()
E. __fetch() A. Static methods can only be called using the ::
syntax and never from an instance
B. Static methods do not provide a reference to $this
C. Static methods cannot be called from within class
16. Which of the following function signatures is instances
correct if you want to have classes automatically
D. Static methods don't have access to the self
loaded?
keyword
A. function autoload($class_name) E. There is no functional difference between a static
B. function __autoload($class_name, $file) and non-static method
C. function __autoload($class_name)
D. function _autoload($class_name)
E. function autoload($class_name, $file)
22. The ______ keyword is used to indicate an
incomplete class or method, which must be further
extended and/or implemented in order to be used.

17. What type of class definition can be used to define A. final

multiple inheritance? B. protected
C. incomplete
A. Class D. abstract
B. Abstract E. implements
C. Interface
D. Final

23. To ensure that a given object has a particular set of

methods, you must provide a method list in the
form of an ________ and then attach it as part of
18. What does an object based on the Active Record your class using the ________ keyword.
pattern provide?
A. array, interface
A. A way to actively control the application's workflow B. interface, implements
B. A way to record the history of its changes C. interface, extends
C. A way to effortlessly store its properties in a database
D. instance, implements
E. access-list, instance C. Requires less memory then DOM
D. Easier to develop parsers

24. Type-hinting and the instanceof keyword can 30. Creating new nodes in XML documents using
be used to check what types of things about PHP can be done using which XML/PHP 5
variables? Choose 3 technologies?
A. XQuery
A. If a particular child class extends from it B. XPath
B. If they are an instance of a particular interface C. SimpleXML
C. If they are an abstract class D. DOM
D. If they have a particular parent class E. SAX
E. If they are an instance of a particular class

25. PHP 5 supports which of the following XML 31. When working with SimpleXML in PHP 5, the
parsing methods? four basic rules on how the XML document is
A. SAX accessed are which of the following?
B. FastDOM A. Element namespaces are denoted by the
C. DOM 'namespace' attribute
D. XPath B. converting an element to a string denotes text
E. XML to Object mapping data
C. Non-numeric indexes are element attributes
D. Numeric indexes are elements
E. Properties denote element iterators

26. When embedding PHP into XML documents,

what must you ensure is true in order for things
to function properly?
A. Disabling of the short_tags PHP.ini directive
B. Enabling the asp_tags PHP.ini directive
C. That you have XPath support enabled in PHP 5
32. SimpleXML objects can be created from what
D. That your XML documents are well-formed types of data sources?
E. None of the above, PHP can be embedded in XML A. A String
in all cases. B. An array
C. A DomDocument object
D. A URI
E. A Database resource
27. What XML technology is used when you mix
two different document types in a single XML
document? 33. Which of the following functions are part of
A. Validators PHP's internal Iterator interface?
B. DTD A. rewind()
C. Transformations B. valid()
D. Namespaces C. next()
D. key()
E. current()

28. Event-based XML parsing is an example of

which parsing model?
A. SAX
B. DOM 34. What DOMElement method should be used to
C. XML Object Mapping check for availability of a non-namespaced
attribute?
D. XPath
E. XQuery
A. getAttributeNS()
B. getAttribute()
C. hasAttribute()
D. hasAttributeNS()
29. What is the primary benefit of a SAX-based
XML parser compared to DOM?
A. All of the above
B. Faster then DOM methods
 35. REST is a(n) ...

A. Web service protocol similar to SOAP with a strict XML

schema.
B. Principle to exchange information using XML and 41. Which of the following statements about SOAP
HTTP. is NOT true?
C. API to get information from social networking sites.
A. SOAP is a request-/response-based protocol.
B. SOAP can be transported using SMTP, HTTP and other
protocols.
C. SOAP requires developers to use WSDL.
D. SOAP traffic via HTTP can be encrypted and compressed
just like other HTTP requests
36. Which of the following statements are NOT
true?

A. SimpleXML allows removal of attributes. 42. Which of the following XML declarations is
B. SimpleXML allows addition of new attributes. NOT valid?
C. SimpleXML allows removal of nodes.
D. SimpleXML allows addition of new nodes. A. <?xml version="1.0" ?>
E.None of the above B. <?xml version="1.1" encoding="UTF-8" ?>
C. <?xml standalone="no" ?>
D. <?xml standalone="1" ?>

37. What DOM method is used to load HTML files?

A. load()
B. loadXML()
C. loadHTML() 43. Which of these protocols are NOT governed by
D. loadHTMLFile() the W3C in their latest versions? (Choose 2)

A. XML-RPC
B. SOAP
38. Which of the following are valid SoapClient C. WSDL
calls? (Choose 2) D. UDDI

A. $client = new SoapClient("weather.wsdl");

B. $client = new SoapClient; 44. Which one of the following technologies was not
C. $client = new SoapClient(null, array("location" => built into PHP before version 5?
"http://example.com/weather", "uri" => "http://test-
uri.com/")); A. XSL
D. $client = new SoapClient(null, array()); B. SOAP
C. DOM
D. SAX

39. What parsing methodology is utilized by the

SimpleXML extension? 45. What SimpleXML function is used to parse a
file?
A. SAX
B. DOM A. simplexml_load_file()
C. XPath B. simplexml_load_string()
D. Push/Pull Approach C. load()
E. Expat D. loadFile()
E. loadXML()
F. None of the above.

40. Which of the following is an invalid DOM save

method?

A. save() 46. What is the method used to execute XPath

B. saveFile() queries in the SimpleXML extension?
C. saveXML()
D. saveHTML() A. xpathQuery()
E. saveHTMLFile() B. xpath()
C. simpleXMLXpath() E. Filtering all input
D. query()
E. evaluate()

53. Which of the following php.ini directives

should be disabled to improve the outward security
47. What is the method used to execute XPath of your application?
queries in the SimpleXML extension? \ A. safe_mode
B. magic_quotes_gpc
A. xpathQuery() C. register_globals
B. xpath() D. display_errors
C. simpleXMLXpath() E. allow_url_fopen
D. query()
E. evaluate()

54. Which of the following list of potential data

sources should be considered trusted?
48. Which of the following parts must a XML A. None of the above
document have in order to be well-formed? B. $_ENV
C. $_GET
A. An XML declaration
D. $_COOKIE
B. A root element
C. A specified encoding E. $_SERVER
D. A reference to either a DTD or an XML schema definition

55. What is the best way to ensure the distinction

between filtered / trusted and unfiltered / untrusted
49. How can XML parsing errors be suppressed in
data?
the SimpleXML extension?
A. None of the above
A. error_reporting(E_ALL^E_NOTICE); B. Never trust any data from the user
B. simplexml_disable_errors(TRUE); C. Enable built-in security features such as
C. simplexml_ignore_errors(TRUE); magic_quotes_gpc and safe_mode
D. libxml_use_internal_errors(TRUE); D. Always filter all incoming data
E. simplexml_load_file("file.xml", LIBXML_NOERROR) ; E. Use PHP 5's tainted mode

50. Which php.ini directive should be disabled to

prevent the execution of a remote PHP script via an
include or require construct? 56. What is the best measure one can take to prevent a
A. You cannot disable remote PHP script execution cross-site request forgery?
B. curl.enabled A. Disallow requests from outside hosts
C. allow_remote_url B. Add a secret token to all form submissions
D. allow_url_fopen C. Turn off allow_url_fopen in php.ini
E. allow_require D. Filter all output
E. Filter all input

51. When implementing a permissions system for your

Web site, what should always be done with regards
to the session?
A. None of the above 57. Which of the following values of $_GET['url']
B. You should not implement permission systems would cause session fixation?
using sessions A. Session Fixation is not possible with this code
C. Sessions should be cleared of all data and re- snippet
populated B. http://www.zend.com/?PHPSESSID=123
D. The session key should be regenerated C. PHPSESSID%611243
E. The session should be destroyed D. Set-Cookie%3A+PHPSESSID%611234
E. http%3A%2F%2Fwww.zend.com%2F%0D%0ASet-
Cookie%3A+PHPSESSID%611234
52. When attempting to prevent a cross-site scripting
attack, which of the following is most important?
A. Not writing Javascript on the fly using PHP
B. Filtering Output used in form data 58. To destroy one variable within a PHP session you
C. Filtering Output used in database transactions should use which method in PHP 5?
D. Writing careful Javascript A. Unset the variable in $HTTP_SESSION_VARS
B. Use the session_destroy() function B. Setting the expiration time for a cookie to a time in
C. Use the session_unset() function the distant future
D. unset the variable in $_SESSION using unset() C. Do not provide a cookie expiration time
E. Any of the above are acceptable in PHP 5 D. Enable Cookie Security
E. Set a cookie without a domain

59. If you would like to store your session in the 64. Setting a HTTP cookie on the client which is not
database, you would do which of the following? URL-encoded is done how in PHP 5?
A. It requires a custom PHP extension to change the A. Use the setrawcookie() function
session handler B. Set the cookies.urlencode INI directive to false
B. Implement the session_set_save_handler() C. Use urldecode() on the return value of setcookie()
function D. Setting the $no_encode parameter of setcookie()
C. Create functions for each session handling step to a boolean 'true'
and use session_set_save_handler() to override E. All cookies must be URL encoded
PHP's internal settings
D. Configure the session.save_handler INI directive to
your session class
65. During an HTTP authentication, how does one
determine the username and password provided by
the browser?
60. To destroy a PHP session completely, one must A. Parse the HTTP headers manually using
which of the following? http_get_headers()
A. Regenerate the session ID using B. Use the get_http_username() and
session_regenerate_id() get_http_password() functions
B. If cookies are used, destroy it C. Use the $_SERVER['HTTP_USER'] and
C. Use session_demolish() to completely destroy the $_SERVER['HTTP_PASSWORD'] variables
session D. Use the $_SERVER['PHP_AUTH_USER'] and
D. Change the session name using session_name() $_SERVER['PHP_AUTH_PW'] variables
E. Destroy the session data using session_destroy() E. Parse the $_SERVER['REQUEST_URI'] variable

61. If you would like to change the session ID 66. onsider the following function:
generation function, which of the following is the
best approach for PHP 5? <?php
A. Set the session.hash_function INI configuration function redirect($url) {
directive // Check to make sure we haven't
B. Use the session_set_id_generator() function already sent
C. Set the session id by force using the session_id() // the header:
function
if(???????) {
D. Use the session_regenerate_id() function header("Location: $url");
E. Implement a custom session handler }
}

?>
62. Setting a cookie on the client in PHP 5 can be best
accomplished by: What conditional should replace the ????? above?
A. Use the add_cookie() function
B. Use the setcookie() function
A. !in_array("Location: $url", headers_list())
C. Use the the apache_send_header() function
B. !header_exists("Location: $url")
D. Setting a variable in the $_COOKIE superglobal
C. !header_location($url)
D. $_SERVER['HTTP_LOCATION'] != $url

63. How does one create a cookie which will exist only
until the browser session is terminated?
A. You cannot create cookies that expire when the 67. One can ensure that headers can always be sent
from a PHP script by doing what?
browser session is terminated
A. Enable header buffering in PHP 5
B. Set the header.force INI directive to true
C. Enable output buffering in PHP 5
D. There is no way to ensure that headers can always 73. Which of the following functions allow you to
be set, they must always be checked introspect the call stack during execution of a PHP
E. None of the above script?
A. get_backtrace()
B. get_function_stack()
C. debug_backtrace()
68. When is it acceptable to store sensitive information D. debug_print_backtrace()
in an HTTP cookie? E. print_backtrace()
A. Only under extremely controlled situations
B. When the cookie is sent over a secure HTTP
request
C. When it is encrypted 74. When running PHP in a shared host environment,
D. It is always acceptable what is the major security concern when it comes
to session data?
A. Sessions on shared hosts are easily hijacked by
outside malicious users
69. When using a function such as strip_tags, are B. All of the above
markup-based attacks still possible? C. You cannot use a custom data store in shared
A. No, HTML does not pose any security risks hosts
B. Yes, even a <p> HTML tag is a security risk D. Session data stored in the file system can be read
C. Yes, attributes of allowed tags are ignored by other scripts on the same shared host
D. No, strip_tags will prevent any markup-based E. Users outside the shared host can access any site
attack which created a session for them

70. Where should indirectly executed PHP scripts (i.e. 75. Which of the following filtering techniques
include files) be stored in the file system? prevents cross-site scripting (XSS)
A. Outside of the Document Root vulnerabilities?
B. In the document root
C. Anywhere you want A. Strip all occurrences of the string script.
D. In the database B. Strip all occurrences of the string javascript.
C. Enable magic_quotes_gpc.
D. None of the above.

71. When executing system commands from PHP,

what should one do to keep applications secure?
A. Remove all quote characters from variables used 76. Identify the security vulnerability in the
in a shell execution following example:
B. Avoid using shell commands when PHP equivlents
<?php
are available
echo "Welcome, {$_POST['name']}.";
C. Hard code all shell commands ?>
D. Escape all shell arguments
E. Escape all shell commands executed A. SQL Injection
B. Cross-Site Scripting
C. Remote Code Injection
D. None of the above
72. Why is it important from a security perspective to
never display PHP error messages directly to the
end user, yet always log them?
A. Error messages will contain sensitive session 77. Which options do you have in PHP to set the
information expiry date of a session?
B. Error messages can contain cross site scripting
attacks A. Set the session.duration directive in php.ini
C. Security risks involved in logging are handled by B. Set session cookie expiry date locally via
PHP session_set_cookie_params()
D. Error messages give the perception of insecurity to C. Set session expiry date locally via session_cache_expire()
the user D. None of the above
E. Error messages can contain data useful to a
potential attacker
 78. Which of the following data types cannot be B. strip_tags()
directly manipulated by the client? C. addslashes()
D. session_regenerate_id()
A. Cookie Data
B. Session Data
C. Remote IP Address
D. User Agent 84. How can you determine if magic_quotes_gpc is
enabled? (Choose 2)

A. Use the get_magic_quotes() function.

79. What is the function of backtick (`) characters B. Using the get_magic_quotes_runtime() function.
in PHP? C. Use the get_magic_quotes_gpc() function.
D. Using ini_get('magic_quotes_gpc').
A. Same as single-quotes, used to enclose strings. E. Using ini_get('magic_quotes').
B. Escape operators.
C. No special meaning.
D. Execute the enclosed string as a command.
E. Error control operators. 85. Which of the following statements about
exceptions are correct? (Choose 2)

A. you can only throw classes derived from Exception

80. Which constant must be passed as the second B. a try block can have multiple catch blocks
argument to htmlentities() to convert single C. a try block must not be followed by a catch block
quotes (') to HTML entities? D. try blocks cannot contain nested try blocks

A. TRUE
B. FALSE
C. ENT_QUOTES 86. In a shared hosting environment, session data
D. ENT_NOQUOTES can be read by PHP scripts written by any user.
E. ENT_COMPAT How can you prevent this?

A. Store session data in a different location with

session.save_path
81. You want to allow your users to submit HTML B. Store session data in a database.
code in a form, which will then be displayed as C. Enable safe_mode.
real code and not affect your site layout. Which D. Set session.name to something unique.
function do you apply to the text, when
displaying it? (Choose 2)

A. strip_tags() 87. Which is the most secure approach for handling

B. htmlentities() dynamic data in SQL queries?
C. htmltidy()
D. htmlspecialchars() A. Use addslashes().
E. showhtml() B. Enable magic_quotes_gpc.
C. Use prepared statements if supported by the database
library, data-specific escaping functions otherwise.
D. Use stored procedures.

82. One common security risk is exposing error

messages directly in the browser. Which PHP
configuration directive can be disabled to prevent 88. Which of the following functions are used to
this? escape data within the context of HTML?
(Choose 2)
A. html_display
B. error_reporting A. htmlentities()
C. display_errors B. addslashes()
D. error_log C. stripslashes()
E. ignore_repeated_errors D. strip_tags()
E. htmlspecialchars()

83. Which of the following functions can help

prevent session fixation vulnerabilities? 89. Which of the following configuration directives
increase the risk of remote code injection when
A. magic_quotes_gpc() enabled? (Choose 2)
A. allow_url_fopen
B. register_globals 94. Which session function can help to avoid session
C. magic_quotes_gpc fixation?
D. safe_mode
A. session_is_registered()
B. session_register()
C. session_unregister()
90. Assume that you are using PHP s session D. session_regenerate_id()
management without cookies and want to make E. None of the above.
sure that session information does not get lost
when redirecting the client to another URL.
Which of the following functions do you need to
achieve that? (Choose 3) 95. Which function can help prevent cross-site
scripting? (Choose 2)
A. header()
B. session_id() A. addslashes()
C. session_info() B. htmlentities()
D. session_name() C. htmlspecialchars()
E. session_write_close() D. strip_tags()
E. quotemeta()

91. An HTML form contains this form element:

<input type="file" name="myFile" /> 96. Under which circumstances is the $_SESSION
When this form is submitted, the following PHP code gets super-global available? (Choose 2)
executed:
<?php A. If session_start() was called.
move_uploaded_file( B. If session.auto_start INI setting is enabled.
$_FILES['myFile']['tmp_name'], C. Always available in PHP 5.
'uploads/' . $_FILES['myFile']['name']); D. If a valid session id is passed via GET, POST or
?> COOKIE.
92. Which of the following actions must be taken E. If register_globals are enabled.
before this code may go into production?
(Choose 2)

A. Check with is_uploaded_file() whether the uploaded file 97. You need to escape special characters to use
$_FILES['myFile']['tmp_name'] is valid user input inside a regular expression. Which
B. Sanitize the file name in $_FILES['myFile']['name'] functions would you use? (Choose 2)
because this value is not consistent among web browsers
C. Check the charset encoding of the HTTP request to see A. addslashes()
whether it matches the encoding of the uploaded file B. htmlentities()
D. Sanitize the file name in $_FILES['myFile']['name'] C. preg_quote()
because this value could be forged D. regex_quote()
E. Use $HTTP_POST_FILES instead of $_FILES to maintain E. quotemeta()
upwards compatibility

98. Identify the security vulnerability in the

93. What will the following code print? following example:

echo addslashes('I am a <b>small</b> "HTML" string, <?php

which is \'invalid\'</u>.'); mail('feedback@example.org', 'Feddback', 'Here is my
feedback.', "From: {$_COOKIE['email']}");
A. I am a <b>small</b> "HTML" string, which is ?>
'invalid'</u>.
B. I am a <b>small</b> \"HTML\" string, which is A. Remote Code Injection
\'invalid\'</u>. B. Cross-Site Request Forgeries
C. I am a <b>small</b> \"HTML\" string, which is C. Email Injection
\\'invalid\\'</u>. D. None of the above
D. I am a <b>small</b> \"HTML\" string, which is
\\\'invalid\\\'</u>.
E. I am a \<b\>small\<\/b\> "HTML" string, which is
'invalid'\<\/u\>.
 99. What happens if you try to access a property B. Moving all database credentials outside of the
whose name is defined in a parent class as document root
private, and is not declared in the current class? C. Restricting access to files not designed to be
executed independently
A. An E_NOTICE error will be triggered. D. Setting creditial information as system
B. An E_ERROR error will be triggered. environment variables
C. An E_WARNING error will be triggered. E. Using PHP constants instead of variables to store
D. No errors will be triggered credentials

104. Which of the following are not true about streams?

100. Where should indirectly executed PHP scripts (i.e.
A. They are always seekable
include files) be stored in the file system?
B. When used properly they significantly reduce
A. Outside of the Document Root
memory consumption
B. In the document root
C. They can be applied to any data source
C. Anywhere you want
D. They are always bi-directional
D. In the database
E. They can be filtered

101. Which of the following functions are part of PHP's

105. Using flock() to lock a stream is only assured to
internal Iterator interface?
work under what circumstances?
A. rewind()
A. When running in a Linux environment local
B. valid()
filesystem
C. next()
B. When accessing the stream of the local filesystem
D. key()
C. When running in a Windows environment and
E. current()
accessing a share
F. All of the above
D. When accessing a bi-directional stream
E. When accessing a read-only stream

102. Which of the following methods are used to fetch

data from a PDO Statement?
106. _______ can be used to add additional functionality
A. fetchColumn()
to a stream, such as implementation of a specific
B. fetchObject()
protocol on top of a normal PHP stream
C. fetch() implementation.
D. fetchClass() A. Buffered
E. fetchRow() B. Buckets
C. Wrappers
D. Filters
103. When writing portable database code using PDO,
what is the PDO::ATTR_CASE attribute useful
for? 107. The _______ constant in a CLI script is an
A. None of the above automatically provided file resource representing
B. Ensuring that all columns are of a particular case standard input of the terminal.
when fetched A. STDIN
C. Adjusting the case of a query before it is processed B. __STDIN__
for compatibility reasons C. STDIO
D. Controls the switch logic of how queries are D. PHP::STDIO
processed E. STD_IN
E. Allows you to adjust the memory cache (or "case")
for increased performance

108. What should go in the ??????? assignment below to

create a Zlib-compressed file foo.gz with a
compression level of 9?
When working with a database, which of the following
can be used to mitigate the possibility of exposing your <?php
database credientials to a malicious user?
$file = '????????';
A. Moving all database credentials into a single file
$fr = fopen($file, 'wb9');
fwrite($fr, $data);
fclose($fr); error. How does one access these streams in PHP
5?
?> A. Use stdin(), stdout() and stderr() functions
B. PHP::STDIN, PHP::STDOUT, PHP::STDERR class
constants in PHP 5
A. gzip://foo.gz?level=9 C. STDIN, STDOUT, and STDERR constants in PHP 5
B. compress.zip://foo.gz?level=9 D. use the php::stdin(), php::stdout(), and
C. compress.zlib://foo.gz php::stderr() class methods
D. compress.gzip://foo.gz?level=9
E. zlib://foo.gz

114. How can one take advantage of the time waiting for
a lock during a stream access, to do other tasks
109. Which of the following is not a valid default stream using the following locking code as the base:
wrapper for PHP 5, assuming OpenSSL is enabled?
A. ftps:// $retval = flock($fr, LOCK_EX);
B. ftp://
C. sftp:// A. Use flock_lazy() instead of flock()
D. https:// B. Use LOCK_EX|LOCK_NB instead of LOCK_EX
E. http:// C. Use LOCK_UN instead of LOCK_EX
D. Check the value of $retval to see if the lock was
obtained
E. Check to see if $retval == LOCK_WAIT
110. When opening a file in writing mode using the FTP
handler, what must be done so that the file will still
be written to the server in the event it previously
exists?
115. Which of the following extensions are no longer
A. Provide a context for fopen() using part of PHP 5 and have been moved to PECL?
stream_context_create() A. tidy
B. You must delete the file first before uploading a B. mysql
new file C. w32api
C. Configure this behavior in the php.ini file using the D. curl
ftp.overwrite directive E. dio
D. Open the file using the 'w+' mode

116. Unlike a database such as MySQL, SQLite

111. Which of the following functions is used to columns are not explicitly typed. Instead, SQLite
determine if a given stream is blocking or not? catagorizes data into which of the following
A. stream_get_blocking catagories?
B. stream_get_meta_data A. textual
C. stream_is_blocking B. unicode
D. stream_get_blocking_mode C. numeric
D. binary
E. constant

112. What is the difference between the include and

require language constructs?
A. Require constructs can't be used with URL 117. Which of the following cases are cases when you
filenames should use transactions?
B. Include constructs cause a fatal error if the file A. Updating a single row in a table
doesn't exist B. Inserting a new row into a single table
C. There is no difference other than the name C. Performing a stored procedure
D. Include constructs are processed at run time; D. Selecting rows from multiple different tables
require constructs are processed at compile time E. Updating a single row in multiple different tables
E. Require constructs cause a fatal error if the file
can't be read

118. Which of the following is not a valid PDO DSN?

113. When writing CLI scripts it is often useful to A. All of the above are valid
access the standard streams available to the B. mysql:unix_socket=/tmp/mysql.sock;dbname=test
operating system such as standard input/output and db
 C. oci:dbname=//localhost:1521/mydb
D. mysql:host=localhost;port=3307;dbname=testdb
E. sqlite2:/opt/databases/mydb.sq2

125. What does the __FILE__ constant contain?

119. When connecting to a database using PDO, what A. The filename of the current script.
must be done to ensure that database credentials are B. The full path to the current script.
not compromised if the connection were to fail? C. The URL of the request made.
A. wrap the PDO DSN in a try/catch block to catch D. The path to the main script.
any connection exception
B. Use constants in the PDO DSN
C. Place the login credentials in the php.ini file
D. Disable E_STRICT and E_NOTICE error reporting 126. What PHP function can be used to remove a
levels local file?

A. rmdir()
B. unlink()
C. rm()
120. Implementing your own PDO class requires which
D. delete()
steps from the list below?
E. delete_file()
A. Extending the PDOStatement Class
B. Set the PDO::ATTR_STATEMENT_CLASS parameter
C. Call the PDO::setStatementClass() method
D. Extend the PDO class
E. Set the PDO::ATTR_USE_CLASS parameter
127. What function returns the filename component of
the file's path:
A.dirname()
B.realpath()
121. What function is used to retrieve all available C. basename()
information about a symbolic link? D. pathinfo()
E. parse_url()
A. symlink()
B. stat()
C. fstat()
D. lstat()
E. readlink() 128. After executing a query on a database server,
PHP offers several functions to read the
resulting lines, such as mysqli_fetch_assoc,
pg_fetch_row, oci_fetchtc.). If such functions do
not return any rows, it means: (Choose 2)
122. After executing a SELECT query on a database
server, A. a SELECT statement returned no rows
B. the transaction has been rolled back
A. All data is immediately transmitted to PHP C. the connection to the database server was disconnected
B. All data will be transmitted on-demand to PHP during query execution
C. None of the above D. the query was too slow to execute

123. Transactions are used to: 129. An unbuffered query will: (Choose 2)
A. guarantee high performance
B. secure data consistency A. Return the first data faster
C. secure access to the database B. Return all data faster
D. reduce the database server overhead C. Free connection faster for others scripts to use
E. reduce code size in PHP D. Use less memory

124. Some databases support the LIMIT clause. It is 130. Which of the following commands will append
a method to ensure that ... data to an existing file?
A. only certain rows are deleted in DELETE queries. A. file_put_contents("file", "data", "a");
B. only a defined subset of rows are read in SELECT B. file_put_contents("file", "a", "data");
queries. C. file_put_contents("file", "data", FILE_APPEND);
C. only certain users can access the database. D. file_put_contents("file", "a", NULL, FILE_APPEND);
 136. Which of the following actions must be taken
before this code may go into production? (Choose
2)
131. Which elements does the array returned by the
function pathinfo() contain? A. Check with is_uploaded_file() whether the uploaded file
$_FILES['myFile']['tmp_name'] is valid
A. root, dir, file B. Sanitize the file name in $_FILES['myFile']['name']
B. dirname, filename, fileextension because this value is not consistent among web browsers
C. dirname, basename, extensio C. Check the charset encoding of the HTTP request to see
D. path, file whether it matches the encoding of the uploaded file
D. Sanitize the file name in $_FILES['myFile']['name']
because this value could be forged
E. Use $HTTP_POST_FILES instead of $_FILES to maintain
upwards compatibility
132. Which requirements need NOT be met so that
file uploads work?

A. The PHP directive file_uploads must be set to On 137. When a transaction reports no affected rows, it
B. The form's method attribute must be set to "post" means that: (Choose 2)
C. Safe mode must be turned off so that the uploaded file an
be written to the server A. The transaction failed
D. The form's enctype attribute must be set to B. The transaction affected no lines
"multipart/form-data" C. The transaction was rolled back
D. The transaction was committed without error

133. How can precisely one byte be read from a file, 138. What does the chown() function do?
pointed by $fp? (Choose 2)
A. Change the file permissions.
A. fread($fp, 1); B. Change the owner of the file.
B. fgets($fp, 1); C. Change the group of the file.
C. fgetss($fp, 1); D. Checks if the file is accessible.
D. fgetc($fp);
E. All of the above

134. When you need to process the values of columns

in a database, you should:
139. The function mysqli_affected_rows() can be
A. Only use built-in database functions used to perform which of the following actions?
B. Always use read the values as-is from the database and (Choose 2)
then process them with PHP
C. Use built-in database functions for simple processing, A. get the number of rows that are affected by SELECT
and perform more complicated logic in PHP statements
D. Use built-in database functions for complicated logic, B. get the number of rows that are affected by UPDATE
and perform simpler functions in PHP statements
C. get the number of rows that are affected by INSERT
statements
D. get the number of rows in a result set
E. get the numbers of rows that are affected after
committing a transaction using COMMIT
135. An HTML form contains this form element:

<input type="file" name="myFile" />

When this form is submitted, the following PHP code gets
executed: 140. In a typical web application the most used
<?php database action is...
move_uploaded_file(
$_FILES['myFile']['tmp_name'], A. INSERT
'uploads/' . $_FILES['myFile']['name']); B. UPDATE
?> C. SELECT
D. CREATE
E. ALTER
 D. File system
E. Session Server
141. What is the file locking mode that should be
used when writing to a file?

A. LOCK_UN 147. When comparing prepared statements and

B. LOCK_SH regular, application-constructed SQL
C. LOCK_EX statements, which of the following is true?
D. LOCK_NB A. Prepared statements are faster
B. Prepared statements are always shorter
C. Prepared statements are more secure
D. Prepared statements are easier to develop
142. What function is ideal for outputting contents of E. None of the above
a static file to screen?

A. file_get_contents()
B. readfile() 148. Which of the following statements is true?
C. fread()
D. include() A. All PHP database extensions support prepared statements
E. require() B. All PHP database extensions come with their own special
F. file() helper functions to escape user data to be used in dynamic
SQL queries
C. All PHP database extensions provide an OOP interface
D. All PHP database extensions appear in the output of php
143. Which of the following will set a 10 seconds read -m , if installed
timeout for a stream?

A. ini_set("default_socket_timeout", 10);
B. stream_read_timeout($stream, 10); 149. Which of the following statements about
C. Specify the timeout as the 5th parameter to the database connections are commonly true?
fsockopen() function used to open a stream (Choose 2)
D. stream_set_timeout($stream, 10);
E. None of the above A. Database connections are closed after each SQL
statement is executed
B. Database connections are closed at the end of each
request
144. What is the ideal method of copying data C. Database connections are only closed when the Web
between two opened files? server shuts down
D. A single database connection may serve more than one
A. copy($source_file, $destination_file); PHP application at the same time
B. copy(destination_file, $source_file);
C. stream_copy_to_stream($source_file, $destination_file);
D. stream_copy_to_stream($destination_file, $source_file);
E. stream_bucket_prepend($source_file, $destination_file); 150. Which of the following code snippets writes the
content of the file "source.txt" to
"target.txt"?(Choose 3)

A. file_put_contents("target.txt", fopen("source.txt", "r"));

B. file_put_contents("target.txt", readfile("source.txt"));
C. file_put_contents("target.txt", join(file("source.txt"), ""));
145. Which technique should be used to speed up D. file_put_contents("target.txt",
joins without changing their results? file_get_contents("source.txt"));
E. $handle = fopen("target.txt", "w+"); fwrite($handle,
A. Add indices on joined columns file_get_contents("source.txt")); fclose($handle);
B. Add a WHERE clause
C. Add a LIMIT clause
D. Use an inner join

146. Where does the session extension store the

session data by default?

A. SQLite Database
B. MySQL Database
C. Shared Memory