In this second part of a two part series, you'll learn how to use debuggers and optimize performance. It is excerpted from chapter 12 of the book Zend PHP Certification, written by George Schlossnagle et al (Sams; ISBN: 0672327090).
Use addslashes and sprintf to avoid security holes and make the code cleaner
B. Split the query over several lines
C. Use mysql_query() instead of $db->query()
D. Define the table fields that will be affected by the INSERT statement
E. Use mysql_query() instead of $db->query() and addslashes to avoid security hole
Answers A, B, and D are correct. First of all, you need to ensure that the query is secure; this is done by executing addslashes (or the equivalent function for your DBMS of choice) to prevent scripting attacks. If your query is long, it's not a bad idea to split it over several lines to get a better overview of your code. Use sprintf() where possible to make the code cleaner. Finally it's always a good idea to define the table fields that will be filled by an INSERT statement to prevent unexpected errors if the table changes.
You developed a big application accessed by several thousand users at the same time. Suddenly, your web server stops responding and users are getting connection errors. What could have happened?
A. The database server was terminated because of the unusually high amount of database accesses.
B.The web server was misconfigured so that it ran into virtual memory usage and consequent resource starvation because of too many child processes.
C. You didn't optimize your code design properly.
Answer B is correct. Although it could be possible that the database server was killed because of the many requests from the users, they should at least be able to see the HTML pages from the website because the web server would still be running. If connections are timing out, it is likely that the server ran into swap space because of misconfiguration of the number of concurrent web server child processes and crashed because of resource starvation.
You are in a team of developers working on a number of different business applications. Your project manager tells you that in two weeks another three PHP developers will join the team and that you have to ensure that they will be ready to dive in to the current PHP code without problems. What could you do?
A.Write proper end user documentation on how to use the web front end.
B. Write proper end user documentation and generate proper PHPDoc comments inside the code to get an API documentation.
C. The absence of documentation will actually encourage the new developers to delve more deeply into the code.
Answer B is correctóor, at least, as correct as you can get in a general situation. The key here is that you should write proper documentation at the same time as you're writing your code. You could then use a tool such as PHPDocumentor to generate a nicely formatted API documentation in HTML or PDF and make it available to any new developers who join your team.
Suppose that you are receiving input from the user in the form of the string "0mydeviceid" for a field for which you only allow valid numeric values. You want to test if this variable is equal to 0 and, if it isn't, output an error. Which comparison operation should you use?
A. (0 = "0mydeviceid")
B. (0 == "0mydeviceid")
C. (0 === "0mydeviceid")
D. None of the above
Answer D is correct. Because PHP is automatically trying to convert the string "0mydeviceid" to 0 when comparing it with the equal operator == , your condition in answer B evaluates to true even though the user input is not a valid numeric value. The expression in answer C, on the other hand, correctly determines that the user input is not a valid integeróbut that will always be the case because you're likely to always receive user input in the form of a stringóso, even if that string can be converted to an integer value, the identity test will fail.