Saturday, November 30, 2013

PHP Basic Interview Questions and Answers for Web Developers - Part 1

PHP Basic Interview Questions and Answers for Web Developers - Part 1

In this article on PHP Interview Questions, I have compiled a list of very basic and fundamental PHP interview questions and answers for web developers. Every PHP web developer should know these basic questions of PHP. So, if you are preparing for any interview in PHP development, you should go through the following list of PHP basic interview questions. There PHP questions are based on very simple PHP concepts like basic introduction to PHP, Sessions and Cookies in PHP, Input / Output in PHP, Error Management in PHP, MySQL database connectivity in PHP, SQL Injection in PHP, Encryption and Decryption in PHP, Sending Emails in PHP, datatypes in PHP and many more. Lets have a look...

1. What is PHP?

PHP is a server side scripting object oriented language commonly used for web applications. 

2. What is the use of "echo" in php?

It is used to print a data in the webpage.

Example: 

<?php echo 'Hi'; ?>

The above code print the text in the webpage

3. How to include a file to a php page?

We can include a file using "include()" or "require()" function with file path as its parameter.

4. What's the difference between include and require?

If the file is not found by require(), it will cause a fatal error and halt the execution of the script. If the file is not found by include(), a warning will be issued, but execution will continue.

5. What is difference between require_once(), require() and include()?

require() includes and evaluates a specific file, while require_once() does that only if it has not been included before (on the same page). So, require_once() is recommended to use when you want to include a file where you have a lot of functions for example. This way you make sure you don't include the file more times and you will not get the "function re-declared" error.

6. Differences between GET and POST methods?

We can send 1024 bytes using GET method but POST method can transfer large amount of data and POST is the secure method than GET method .

7. How to declare an array in php?

Eg : var $arr = array('apple', 'grape', 'lemon');

8. What is the use of 'print' in php?

This is not actually a real function, It is a language construct. So you can use without parentheses with its argument list.

Example:

print('PHP Interview Questions'); 
print 'PHP Interview Questions';

9. What is use of in_array() function in php?

in_array used to checks if a value exists in an array

10. What is use of count() function in php?

count() is used to count all elements in an array, or something in an object

11. What is the difference between Session and Cookie?

The main difference between sessions and cookies is that sessions are stored on the server, and cookies are stored on the user’s computers in the text file format. Cookies can not hold multiple variables, but Session can hold multiple variables. We can set expiry for a cookie while the session only remains active as long as the browser is open. Users do not have access to the data you stored in Session because it is stored in the server. Session is mainly used for login/logout purpose while cookies using for user activity tracking

12. How to set cookies in PHP?

Setcookie("sample", "ram", time()+3600);

13. How to retrieve a Cookie Value?

eg : echo $_COOKIE["user"];

14. How to create a session? How to set a value in session ? How to remove data from a session?

Create session : session_start();
Set value into session : $_SESSION['USER_ID']=1;
Remove data from a session : unset($_SESSION['USER_ID'];

15. What types of loops exist in php?

for,while,do while and foreach 

16. How to create a mysql connection?

mysql_connect(servername,username,password);

17. How to select a database?

mysql_select_db($db_name);

18. How to execute an sql query? How to fetch its result ?

$my_qry = mysql_query("SELECT * FROM `users` WHERE `u_id`='1'; "); 
$result = mysql_fetch_array($my_qry);
echo $result['First_name'];

19. Write a program using while loop

$my_qry = mysql_query("SELECT * FROM `users` WHERE `u_id`='1'; "); 
while($result = mysql_fetch_array($my_qry))
{
   echo $result['First_name'.]."<br/>";
}

20. How we can retrieve the data in the result set of MySQL using PHP?

1. mysql_fetch_row
2. mysql_fetch_array
3. mysql_fetch_object
4. mysql_fetch_assoc

21. What is the use of explode() function?

Syntax : array explode ( string $delimiter , string $string [, int $limit ] ); 

This function breaks a string into an array. Each of the array elements is a substring of string formed by splitting it on boundaries formed by the string delimiter.

22. What is the difference between explode() and split() functions?

Split function splits string into array by regular expression. Explode splits a string into array by string.

23. What is the use of mysql_real_escape_string() function?

It is used to escapes special characters in a string for use in an SQL statement

24. Write down the code for save an uploaded file in php.

if ($_FILES["file"]["error"] == 0)
{
       move_uploaded_file($_FILES["file"]["tmp_name"],
      "upload/" . $_FILES["file"]["name"]);
      echo "Stored in: " . "upload/" . $_FILES["file"]["name"]; 
}

25. How to create a text file in php?

$filename = "/home/user/guest/newfile.txt";
$file = fopen( $filename, "w" );
if( $file == false )
{
echo ( "Error in opening new file" ); exit();
}
fwrite( $file, "This is a simple test\n" );
fclose( $file );

26. How to strip whitespace (or other characters) from the beginning and end of a string?

The trim() function removes whitespaces or other predefined characters from both sides of a string.

27. What is the use of header() function in php?

The header() function sends a raw HTTP header to a client browser.Remember that this function must be called before sending the actual out put.For example, You do not print any HTML element before using this function.

28. How to redirect a page in php?

The following code can be used for it, header("Location:index.php");

29. How stop the execution of a php script?

exit() function is used to stop the execution of a page

30. How to set a page as a home page in a php based site?

index.php is the default name of the home page in php based sites

31. How to find the length of a string?

strlen() function used to find the length of a string

32. What is the use of rand() in php?

It is used to generate random numbers.If called without the arguments it returns a pseudo-random integer between 0 and getrandmax(). If you want a random number between 6 and 12 (inclusive), for example, use rand(6, 12).This function does not generate cryptographically safe values, and should not be used for cryptographic uses. If you want a cryptographically secure value, consider using openssl_random_pseudo_bytes() instead.

33. What is the use of isset() in php?

This function is used to determine if a variable is set and is not NULL

34. What is the difference between mysql_fetch_array() and mysql_fetch_assoc()?

mysql_fetch_assoc function Fetch a result row as an associative array, While mysql_fetch_array() fetches an associative array, a numeric array, or both

35. What is mean by an associative array?

Associative arrays are arrays that use string keys is called associative arrays.

36. What is the importance of "method" attribute in a html form?

"method" attribute determines how to send the form-data into the server.There are two methods, get and post. The default method is get.This sends the form information by appending it on the URL.Information sent from a form with the POST method is invisible to others and has no limits on the amount of information to send.

37. What is the importance of "action" attribute in a html form?

The action attribute determines where to send the form-data in the form submission.

38. What is the use of "enctype" attribute in a html form?

The enctype attribute determines how the form-data should be encoded when submitting it to the server. We need to set enctype as "multipart/form-data" when we are using a form for uploading files

39. How to create an array of a group of items inside an HTML form?

We can create input fields with same name for "name" attribute with squire bracket at the end of the name of the name attribute, It passes data as an array to PHP. 

For instance :

<input name="MyArray[]" />  <input name="MyArray[]" />  <input name="MyArray[]" />  <input name="MyArray[]" />

40. Define Object-Oriented Methodology.

Object orientation is a software/Web development methodology that is based on the modeling a real world system.An object is the core concept involved in the object orientation. An object is the copy of the real world enity.An object oriented model is a collection of objects and its inter-relationships

41. How do you define a constant?

Using define() directive, like define ("MYCONSTANT",150)

42. How send email using php?

To send email using PHP, you use the mail() function.This mail() function accepts 5 parameters as follows (the last 2 are optional). You need webserver, you can't send email from localhost. eg : mail($to,$subject,$message,$headers);

43. How to find current date and time?

The date() function provides you with a means of retrieving the current date and time, applying the format integer parameters indicated in your script to the timestamp provided or the current local time if no timestamp is given. In simplified terms, passing a time parameter is optional - if you don't, the current timestamp will be used.

44. Difference between mysql_connect and mysql_pconnect?

There is a good page in the php manual on the subject, in short mysql_pconnect() makes a persistent connection to the database which means a SQL link that do not close when the execution of your script ends. mysql_connect()provides only for the databasenewconnection while using mysql_pconnect , the function would first try to find a (persistent) link that's already open with the same host, username and password. If one is found, an identifier for it will be returned instead of opening a new connection... the connection to the SQL server will not be closed when the execution of the script ends. Instead, the link will remain open for future use.

45. What is the use of "ksort" in php?

It is used for sort an array by key in reverse order.

46. What is the difference between $var and $$var?

They are both variables. But $var is a variable with a fixed name. $$var is a variable who's name is stored in $var. For example, if $var contains "message", $$var is the same as $message.

47. What are the encryption techniques in PHP?

MD5: PHP implements the MD5 hash algorithm using the md5 function.

eg : $encrypted_text = md5 ($msg);

mcrypt_encrypt: string mcrypt_encrypt ( string $cipher , string $key , string $data , string $mode [, string $iv ] ); 

Encrypts plaintext with given parameters

48. What is the use of the function htmlentities?

htmlentities Convert all applicable characters to HTML entities This function is identical to htmlspecialchars() in all ways, except with htmlentities(), all characters which have HTML character entity equivalents are translated into these entities.

49. How to delete a file from the system?

Unlink() deletes the given file from the file system.

50. How to get the value of current session id?

session_id() function returns the session id for the current session.

51. What are the differences between mysql_fetch_array(), mysql_fetch_object(), mysql_fetch_row()?

Mysql_fetch_array Fetch a result row as an associative array, a numeric array, or both.
mysql_fetch_object ( resource result ) Returns an object with properties that correspond to the fetched row and moves the internal data pointer ahead. Returns an object with properties that correspond to the fetched row, or FALSE if there are no more rows
mysql_fetch_row() fetches one row of data from the result associated with the specified result identifier. The row is returned as an array. Each result column is stored in an array offset, starting at offset 0.

52. What are the different types of errors in PHP?

Here are three basic types of runtime errors in PHP:

1. Notices: These are trivial, non-critical errors that PHP encounters while executing a script - for example, accessing a variable that has not yet been defined. By default, such errors are not displayed to the user at all - although you can change this default behavior.

2. Warnings: These are more serious errors - for example, attempting to include() a file which does not exist. By default, these errors are displayed to the user, but they do not result in script termination.

3. Fatal errors: These are critical errors - for example, instantiating an object of a non-existent class, or calling a non-existent function. These errors cause the immediate termination of the script, and PHP's default behavior is to display them to the user when they take place.

53. What is SQL Injection?

SQL injection is a malicious code injection technique.It exploiting SQL vulnerabilities in Web applications

54. What is x+ mode in fopen() used for?

Read/Write. Creates a new file. Returns FALSE and an error if file already exists

55. How to find the position of the first occurrence of a substring in a string?

strpos() is used to find the position of the first occurrence of a substring in a string

56. What is PEAR?

PEAR is a framework and distribution system for reusable PHP components.The project seeks to provide a structured library of code, maintain a system for distributing code and for managing code packages, and promote a standard coding style.PEAR is broken into three classes: PEAR Core Components, PEAR Packages, and PECL Packages. The Core Components include the base classes of PEAR and PEAR_Error, along with database, HTTP, logging, and e-mailing functions. The PEAR Packages include functionality providing for authentication, networking, and file system features, as well as tools for working with XML and HTML templates.

57. Distinguish between urlencode and urldecode?

This method is best when encode a string to used in a query part of a url. it returns a string in which all non-alphanumeric characters except -_. have replece with a percentege(%) sign . the urldecode->Decodes url to encode string as any %and other symbole are decode by the use of the urldecode() function.

I will come up with more PHP interview questions and answers in second part of this post.

Friday, November 29, 2013

How to use TpFIBDataSet, TpFIBQuery and TpFIBTransaction FIBPlus components to connect with Firebird / Interebase database in Delphi XE4?

How to use TpFIBDataSet, TpFIBQuery and TpFIBTransaction FIBPlus components to connect with Firebird / Interebase database in Delphi XE4?

Following is the basic article on Firebird / Interbase database connectivity in Delphi XE4 using FIBPlus database components like TpFIBDataSet, TpFIBQuery and TpFIBTransaction. I will explain all these FIBPlus database components in detail. I have written a small article on TpFIBDatabase before this article. Please go through that before reading this one. Read FIBPlus TpFIBDatabase...

FIBPlus TpFIBQuery Component

An application works with a database by issuing SQL instructions. They are used to get and modify data\metadata. FIBPlus has a special TpFIBQuery component responsible for SQL operator execution. This robust, light and powerful component can perform any actions with the database. 

TpFIBQuery is very easy-to-use: just set the TpFIBDatabase component, fill in the SQL property and call any ExecQuery method (ExecQueryWP, ExecQueryWPS). 

NOTE: The tpFIBQuery is not a TDataset descendant, so it does not act in exactly the same way or exhibit the same methods / properties as you would expect to find in a dataset. 

The example below will show how to create TpFIBQuery dynamically at run-time and thus get data about clients.

 var sql: TpFIBQuery;
 sql := TpFIBQuery.Create(nil);
 with sql do
 try
 Database := db;
 Transaction := db.DefaultTransaction;
 SQL.Text := 'select first_name, last_name from customer';
 ExecQuery;
 while not Eof do begin
 Memo1.Lines.Add(
 FldByName['FIRST_NAME'].AsString+' '+
 FldByName['LASTST_NAME'].AsString);
 Next; end;
 sql.Close;
 finally
 sql.Free;
 end;

FIBPlus TpFIBDataSet component

The TpFIBDataSet component is responsible for work with datasets. It is based on the TpFIBQuery component and helps to cache selection results. TpFIBDataSet is a TDataSet descendant so it supports all TDataSet properties, events and methods.

TpFIBDataSet enables you to select, insert, update and delete data. All these operations are executed by TpFIBQuery components in TpFIBDataSet. 

To select data you set the SelectSQL property. It’s similar to setting the SQL property of the QSelect component (TpFIBQuery type). Define the InsertSQL.Text property to insert data, UpdateSQL.Text to update, DeleteSQL.Text to delete and RefreshSQL.Text to refresh the data. 

Here is a demo database employee.gdb (or .fdb for Firebird) to show how to write Select SQL and get a list of all employees. I will write all queries in InsertSQL, UpdateSQL, etc.

with pFIBDataSet1 do begin
 if Active then Close;

 SelectSQL.Text := 'select CUST_NO, CUSTOMER, CONTACT_FIRST, CONTACT_LAST from CUSTOMER';

 InsertSQL.Text := 'insert into CUSTOMER(CUST_NO, CUSTOMER, CONTACT_FIRST,                                           CONTACT_LAST )' + 
                              ' values (:CUST_NO, :CUSTOMER, :CONTACT_FIRST, :CONTACT_LAST)';

 UpdateSQL.Text := 'update CUSTOMER set CUSTOMER = :CUSTOMER, '+
                   'CONTACT_FIRST = :CONTACT_FIRST, CONTACT_LAST = :CONTACT_LAST '+
                   'where CUST_NO = :CUST_NO';

 DeleteSQL.Text := 'delete from CUSTOMER where CUST_NO = :CUST_NO';

 RefreshSQL.Text := 'select CUST_NO, CUSTOMER, CONTACT_FIRST, CONTACT_LAST '                                       + 'from CUSTOMER where CUST_NO = :CUST_NO';

 Open;
end;

To open TpFIBDataSet either execute Open/OpenWP methods or set the Active property to True. To close TpFIBDataSet call the Close method

FIBPlus TpFIBTransaction component

A transaction is an operation of database transfer from one consistent state to another. All operations with the dataset (data/metadata changes) are done in the context of a transaction. To understand special FIBPlus features completely you need to know about InterBase / FIBPlus transactions. 

All the changes done in the transaction can be either committed (in case there are no errors) by Commit or rolled back (Rollback). Besides these basic methods TpFIBTransaction has their context saving analogues: CommitRetaining and RollbackRetaining, i.e. on the client side, these will not close a TpFibQuery or TpFibDataset.

To start the transaction you should call the StartTransaction method or set the Active property to True. To commit the transaction call Commit/CommitRetaing, to roll it back - Rollback/RollbackRetaining. 

TpFIBQuery and TpFIBDataSet components have some properties which help to control transactions automatically. In particular they are: the TpFIBDataSet.AutoCommit property; the poStartTransaction parameter in TpFIBDataSet.Options; qoStartTransaction and qoCommitTransaction in TpFIBQuery.Options.

TpFIBTransaction has three basic transaction types: 
tpbDefault, 
tpbReadCommited, 
tpbRepeatableRead. 

At design time you can also create special types of your own in the TpFIBTransaction editor and use them as internal ones. Set the transaction type to set its 
parameters:

TpbDefault – parameters must be set in TRParams
tbpReadCommited – shows the ReadCommited isolation level
tbpRepeatableRead – shows the RepeatableRead isolation level 

How to use TpFIBDatabase FIBPlus Component to connect with Firebird database in Delphi XE4?

How to use TpFIBDatabase FIBPlus Component to connect with Firebird database in Delphi XE4?

TpFIBDatabase component is used to make database connectivity with Firebird database in Delphi. For using TpFIBDatabase component, you should have FIBPlus and Firebird installed on your system. I am using Delphi XE4, Firebird 2.5.2 and FIBPlus 7.5 to make database connection.

Connection parameters are typical for InterBase/Firebird server:

1) path to a database file;
2) user name and password;
3) user role;
4) charset;
5) dialect;
6) client library (gds32.dll for InterBase and fbclient.dll for Firebird).

To connect to a database you should call the Open method or set the Connected property to True. It’s also possible to use this code to connect to a database:

function Login(DataBase: TpFIBDatabase; dbpath, uname, upass, urole: string): Boolean;
begin
 if DataBase.Connected then DataBase.Connected := False; 
 with FDataBase.ConnectParams do begin
   UserName := uname;
   Password := upass;
   RoleName := urole;
 end;
 DataBase.DBName := dbpath;
 try DataBase.Connected := True;
 except
   on e: Exception do
   ShowMessage(e.Message);
 end;
 Result := DataBase.Connected;
end;

To close the connection either call the Close method or set the Connected property to False. 

You can also close all datasets and connected transactions at once:

procedure Logout(DataBase: TpFIBDatabase);
var i: Integer;
begin
  if not DataBase.Connected then
  Exit;

  for i := 0 to DataBase.TransactionCount - 1 do
    if TpFIBTransaction(DataBase.Transactions[i]).InTransaction then 
      TpFIBTransaction(DataBase.Transactions[i]).Rollback
 DataBase.CloseDataSets;
 DataBase.Close;
end;

Wednesday, November 27, 2013

HTML5 MENU Tag Redefined

HTML5 <menu> Tag Redefined

The <menu> tag provides an easy way to create menus on a web page. The HTML <menu> element was deprecated in HTML 4.01 but is redefined in HTML5. The HTML <menu> tag defines a list/menu of commands. The <menu> tag is used for context menus, toolbars and for listing form controls and commands.

<li> tag is used within the <menu> tag. For example:

Which pet do you own?
<menu>
 <li>Dog</li>
 <li>Cat</li>
</menu>

You can also place radio buttons and check boxes inside <menu> tags. Have a look at following simple example of <menu> tag

radiobuttons inside <menu> tag

<menu>
   <li><input type="radio" id="radDog" class="radPets" name="radDog"/>Dog</li>
   <li><input type="radio" id="radCat" class="radPets" name="radCat"/>Cat</li>
</menu>

checkboxes inside <menu> tag

<menu>
   <li><input type="checkbox" id="cbDog" class="cbPets" name="cbDog"/>Dog</li>
   <li><input type="checkbox" id="cbCat" class="cbPets" name="cbCat"/>Cat</li>
</menu>

<menu> tag is used instead of <ul> tag

Earlier we used to make an unordered list by using <ul> tag like this:

<ul class="toolbar">
  <li>New</li>
  <li>Open</li>
  <li>Save</li>
  <li>Quit</li>
</ul>

But as I earlier said, <menu> is redefined in HTML5. The <menu> element represents an unordered list of commands. It has a type attribute, which can be set to popup or toolbar.

<menu type="toolbar">
  <li>New</li>
  <li>Open</li>
  <li>Save</li>
  <li>Quit</li>
</menu>

Please note: The <menu> tag is valid within blockquote, body, button, center, dd, div, fieldset, form, iframe, li, noframes, noscript, object, td and th tags.

Saturday, November 23, 2013

How to secure jQuery AJAX calls in PHP from hackers?

How to secure jQuery AJAX calls in PHP from hackers?

If you are making jQuery AJAX calls in your PHP website, please ensure that those jQuery AJAX calls are secure from website hackers. Your code should not be vulnerable to hackers. Below are some methods and steps which need to be taken to secure your jQuery AJAX calls to PHP files. I am writing this post because I had written a simple post "How to call PHP function from JavaScript function? Always use AJAX." without mentioning any security code. I got following comment on that post:

"Your code is very vulnerable. You're not filtering the $_POST variable at all. This opens yourself to HTML injection. A hacker could pwn your web site very quickly if you used this code. Careless examples like yours is exactly why so many web sites are hacked."

That's why this is my small attempt to make your jQuery AJAX calls secure. 

1. Use $_SERVER['HTTP_X_REQUESTED_WITH']

This is a basic check to see if the request is an Ajax request or not?

if(!empty($_SERVER['HTTP_X_REQUESTED_WITH']) &&       strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') 
{
    //Request identified as ajax request
}

However you should never base your security on this check. It will eliminate direct accesses to the page if that is what you need.

2. Use $_SERVER['HTTP_REFERER']

if(@isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER']=="http://yourdomain/ajaxurl")
{
 //Request identified as ajax request
}

But not all browsers set it. So don't properly rely on it but yes, to some extent it can secure your webpage.

Nobody can AJAX your site from other domain, but always can connect and drieclty send http request, for example by cURL.

JavaScript running on another domain cannot access any page on your domain because this is a violation of the Same-Origin Policy. The attacker would need to exploit an XSS vulnerability in order to pull this off. In short you don't need to worry about this specific attack, just the same old attacks that affect every web application.

3. Generate Access Tokens

$token = md5(rand(1000,9999)); //you can use any encryption
$_SESSION['token'] = $token; //store it as session variable

You can create some token in cookies, that will be also seen from jquery request, but that solution can also be hacked.

4. Always check $_POST variables in your PHP file whether those are set or not? Whether there is valid value in $_POST or not before executing the actual PHP code.

Basic code snippet for securing your jQuery AJAX calls in PHP

Step-1 : Generate Token System For All Web-Service:

Generating Token :

<?php
  session_start();
  $token = md5(rand(1000,9999)); //you can use any encryption
  $_SESSION['token'] = $token; //store it as session variable
?>

Step-2 : Use it while sending ajax call:

var form_data = 
{
  data: $("#data").val(), //your data being sent with ajax
  token:'<?php echo $token; ?>', //used token here.
  is_ajax: 1
};

$.ajax({
  type: "POST",
  url: 'yourajax_url_here',
  data: form_data,
  success: function(response)
  {
    //do further
  }
});

Step-3 : NOW, Let's secure ajax handler PHP file with,

session_start(); 
if($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') 
{
  //Request identified as ajax request

  if(@isset($_SERVER['HTTP_REFERER']) &&    $_SERVER['HTTP_REFERER']=="http://yourdomain/ajaxurl")
  {
   //HTTP_REFERER verification
    if($_POST['token'] == $_SESSION['token']) {
      //do your ajax task
      //don't forget to use sql injection prevention here.
    }
    else
   {
      header('Location: http://yourdomain.com');
    }
  }
  else 
  {
    header('Location: http://yourdomain.com');
  }
}
else 
{
  header('Location: http://yourdomain.com');
}