Preparing for PHP Zend Certification

Free PHP Test for Zend Certification

2010-12-10T23:47:00.004+05:30

Update (04-01-2011) : The test is been take now.
Hello guys,

I have purchased online practice exam voucher before appearing for zend certification and I have some unsed test which I am sharing only 3 test are remaining so which ever gets first would get the test.

Go to following URL :
PHP Test

Best of luck !

What is displayed when the following script is executed?

2010-02-10T01:05:00.001+05:30

define(myvalue, "10");
$myarray[10] = "Dog";
$myarray[] = "Human";
$myarray['myvalue'] = "Cat";
$myarray["Dog"] = "Cat";
print "The value is: ";
print $myarray[myvalue]."\n";

a) The value is: Dog
b) The value is: Cat
c) The value is: Human
d) The value is: 10
e) Dog

post comments to answer

Which of the following is not valid PHP code?

2009-12-13T17:47:00.001+05:30

Options :

(a) $_10
(b) ${“MyVar”}
(c) &$something
(d) $10_somethings
(e) $aVaR

comments to answer

Choose the selection that best matches the following statements:

2009-12-11T20:36:00.000+05:30

PHP is a _____ scripting language based on the ____ engine. It is primarily used to
develop dynamic _____ content, although it can be used to generate ____ documents
(among others) as well.

a) Dynamic, PHP, Database, HTML
b) Embedded, Zend, HTML, XML
c) Perl-based, PHP, Web, Static
d) Embedded, Zend, Docbook, MySQL
e) Zend-based, PHP, Image, HTML

comments to answer

Which two internal PHP interfaces provide functionality which allow you to treat an object like an array?

2009-12-05T16:59:00.000+05:30

Options (select 2) :

a) iteration.
b) arrayaccess.
c) objectarray.
d) iterator.
e) array.

Comments to answer

If you would like to store your session in the database, you would do which of the following?

2009-12-03T21:04:00.001+05:30

Options :

a) It requires a custom PHP extension to change the session handler.
b) Implement the session_set_save_handler() function.
c) Create functions for each session handling step and use session_set_save_handler() to override PHP's internal settings.
d) Configure the session.save_handler INI directive to your session class.

Post comments to answer

What is the output of the following PHP script?

2009-11-28T23:58:00.000+05:30

$a = 1;
$b = 2.5;
$c = 0xFF;

$d = $b + $c;
$e = $d * $b;
$f = ($d + $e) % $a;

print($f + $e);

Options :

a) 643.75
b) 432
c) 643
d) 257
e) 432.75

Comments to answer

When opening a file in writing mode using the FTP handler what must be done so that the file will still be written to the server in the event it previously exists?

2009-11-25T22:11:00.001+05:30

Options:

a) Provide a context for fopen() using stream_context_create().
b) You must delete the file first before uploading a new file.
c) Configure this behavior in the php.ini file using the ftp.overwrite directive.
d) Open the file using the 'w+' mode.

comments to answer

The following code block produces which output array?

2009-11-23T13:16:00.000+05:30

$a = array(1 => "A", "B", "C");
$a[1] = "A"; $a[] = "B"; $a[] = "C";

print_r($a);

a) A => 1, B => 2, C => 3, B => 4, C => 5
b) A => 1, B => 2, C => 3
c) 1 => A, 2 => B, 3 => C
d) 0 => A, 1 => B, 2 => C
e) 1 => A, 2 => B, 3 => C, 4 => B, 5 => C

References :

PHP Arrays

Comments to answer

What is wrong with the following code?

2009-11-22T21:49:00.000+05:30

function duplicate($obj) {
 $newObj = $obj;
 return $newObj;
}

$a = new MyClass ( );

$a_copy = duplicate ( $a );

$a->setValue ( 10 );
$a_copy->setValue ( 20 );

Options :

a) You must use return &$newObj instead.
b) There is nothing wrong with this code.
c) duplicate() must accept its parameter by reference.
d) You must use the clone operator to make a copy of an object.
e) duplicate() must return a reference.

References :

Object Cloning

comments to answer

What should be replaced in the string ??????? below to open the archive myarchive.gz located in the document root of the www.example.com server and decompress it?

2009-11-21T08:15:00.001+05:30

$file = '???????';

$fr = fopen($file, 'rb');

$data = "";
while(!feof($fr)) {
 $data .= fgets($fr, 1024);
}

fclose($fr);

Options:

a) compress.zlib://{$http}www.example.com/myarchive.gz
b) compress.zlib://http://www.example.com/myarchive.gz
c) compress.http://www.example.com/myarchive.gz
d) compress.http.zlib://www.example.com/myarchive.gz
e) compress.zlib://myarchive.gz

Reference :

Compression Streams
Zlib Functions

Comments to answer

In the event of a PDOException, $info is set with the contents of the $errorInfo property of the exception. Which of the following are accurate descriptions of the contents?

2009-11-18T09:33:00.003+05:30

Options (choose 3) :
a.$info[1] is the database-specific error code.
b.$info[2] is the database-specific error message.
c.$info[1] is the unified error code.
d.$info[0] is the unified error code.
e.$info[0] Is the Database-specific error message.

Reference :
PDO::errorInfo

PDO::errorInfo — Fetch extended error information associated with the last operation on the database handle

Comments to answer

When using a function such as strip_tags, are markup-based attacks still possible?

2009-11-14T11:25:00.000+05:30

Yes it is possible because if some tags are allowed using the second parameter, this function does not allow to strip attributes within the allowed tags and hence should not be used against XSS vulnerabilities.

One can still execute javascript by 2 means:
- by inserting attributes that typically accept javascript
>> onClick="alert('XSS');"
- by using styles
>> style="width:expression(alert('XSS'));" (works on IE7 and probably other versions)

Exception Handling: What is the output of the following code ?

2009-11-14T11:19:00.001+05:30

class MyException extends Exception {
}
class AnotherException extends MyException {
}

class Foo {
 public function something() {
  throw new AnotherException ( );
 }
 public function somethingElse() {
  throw new MyException ( );
 }
}

$a = new Foo ( );

try {
 try {
  $a->something ();
 } catch ( AnotherException $e ) {
  $a->somethingElse ();
 } catch ( MyException $e ) {
  print "Caught Exception";
 }
} catch ( Exception $e ) {
 print "Didn't catch the Exception!";
}

key point to note in here is exception thrown in catch block wont be caught if its not surrounded by try block.

comments to answer.

Which of the following is not valid syntax for creating a new array key?

2009-11-14T11:08:00.002+05:30

Options :

a) $a[] = $value;
b) $a{} = $value;
c) $a{0} = $value;
d) $a[$b=0] = $value;

comments to answer.

Which php.ini directive should be disabled to prevent the execution of a remote PHP script via an include or require construct?

2009-11-14T11:06:00.000+05:30

options :

1. allow_url_fopen
2. allow_url_include

comments to answer.

Also, In the real case scenarios only disabling the directives is not sufficient to prevent the execution of a remote PHP script via an include or require construct one has to validate all the data coming from user, because quite often it is possible for an attacker to get PHP code into files on the server (sessiondata, fileupload, logfiles,...), so it boils down to secure coding practices.

What would you replace ??????? with, below to make the string Hello, World ! be displayed ?

2009-11-13T14:19:00.000+05:30

function myfunction(){
    ????????
    print $string;
}

myfunction("Hello, World!");

Options :

1. There is no way to do this.
2. $string = $argv[1];
3. $string = $_ARGV[0];
4. list($string) = func_get_args();
5. $string = get_function_args()

Comments to answer.

Which of the following list is not an appropriate use of an array?

2009-11-13T14:07:00.002+05:30

Options :

1. As a list.
2. All of these uses are valid.
3. As a Lookup Table.
4. A stack.
5. As a hash table.

Comments to discuss.

The following snippet is an example of which design pattern?

2009-11-13T12:58:00.005+05:30

class MyClass{

 static private $_instance;
 
 static public function getInstance(){
  
  if(!self::$_instance instanceof self){
   self::$_instance= new self();
  }
  
  return self::$_instance;
 }
}

Options :

1. Singleton
2. Factory
3. MVC
4. Validator

post comments to answer.

PHP Strings

2009-09-07T18:51:00.003+05:30

- they are the most commonly used variable type in PHP.
- Within strings many characters take a special meaning, matching quotes, back slashes, octal numbers, variables, if you wish to use them as they are you must escape them with the \ character.

Escape Sequences:

– \n linefeed (LF or 0x0A (10) in ASCII)
– \r carriage return (CR or 0x0D (13) in ASCII)
– \t horizontal tab (HT or 0x09 (9) in ASCII)
– \\ backslash
– \$ dollar sign
– \" double-quote
– \[0-7]{1,3} the sequence of characters matching the regular expression is a character in octal notation

Strings Matching:

- strcmp() – Binary safe string comparison. Returns < 0 if str1 is less than str2 ; > 0 if str1 is greater than str2 , and 0 if they are equal.
- strcasecmp() – Case insensitive version of strcmp()
– Note 0 == FALSE and 0 !== FALSE

Strings Extracting:

- substr() – Used to extract a portion of a string

$string = "I am the very model of the modern major general";
echo substr($string, 2);
//am the very model of the modern major general
echo substr($string, 9, 10); //very model
echo substr($string, -7); //general
echo substr($string, 5, -8);//the very model of the modern major

Extracting – Array Syntax

$string = "I am the very model of the modern
major general";
echo $string[5]; //t, the t from the
echo $string[0]; //I
echo $string{2}; //a, the a from am
exit;

- The {} syntax is depreciated in PHP 5.1 and will produce a warning under E_STRICT

Formatting - number_format() – By default formats a number with the comma as the thousands separator, and no decimal

echo number_format("1234567.89");
// 1,234,568
echo number_format("9876543.698", 3, ",", " ");
// Shows 9 876 543,698

money_format() - Only available when the underlying c library strfmon() is available (not windows)

$number = 1234.56;
setlocale(LC_MONETARY, 'en_US');
echo money_format('%i', $number) . "\n";
// USD 1,234.56
setlocale(LC_MONETARY, 'it_IT');
echo money_format('%.2n', $number) . "\n";
// L. 1.234,56

Printf family

- Part of a family: print(), sprintf(), vprintf(), sscanf(), fscanf(). All of which accept the same formatting options 10

Printf formatting specifiers: - % - a literal percent character. No argument is required.
- b - the argument is treated as an integer, and presented as a binary number.
- c - the argument is treated as an integer, and presented as the character with that ASCII value.
- d - the argument is treated as an integer, and presented as a (signed) decimal number.
- e - the argument is treated as scientific notation (e.g. 1.2e+2).
- u - the argument is treated as an integer, and presented as an unsigned decimal number.
- f - the argument is treated as a float, and presented as a floating-point number (locale aware).
- F - the argument is treated as a float, and presented as a floating-point number (non-locale aware). Available since PHP 4.3.10 and PHP 5.0.3.
- o - the argument is treated as an integer, and presented as an octal number.
- s - the argument is treated as and presented as a string.
- x - the argument is treated as an integer and presented as a hexadecimal number (with lowercase letters).
- X - the argument is treated as an integer and presented as a hexadecimal number (with uppercase letters).

Printf examples

$number = 1234.5678;
printf("%d", $number); //1234
printf("%f", $number);
//1234.567800 (6 Decimal Places)
printf("%8d", $number); // 1234
printf("%'x8d", $number); //xxxx1234
printf("%8.2f", $number); //1234.57
printf("%8.2f", $number); //1234.57

Replacement

$string = "I want steak with a side of salad";
echo str_replace("salad", "fries", $string);
//I want steak with a side of fries
echo str_replace(array("steak", "salad"), array
("burger", "taco"), $string);
//I want burger with a side of taco
echo str_replace(array("steak", "burger"), array
("burger", "taco"), $string);
//I want taco with a side of salad

PCRE

- PCRE – Perl Compatible Regular Expressions, PHP’s most popular RegEx engine
- Technically you can turn it off, no one does
- Exceedingly powerful, not always the fastest choice, if you can use a built in function do so.

PCRE – Meta Characters

- \d Digits 0-9
- \D Anything not a digit
- \w Any alphanumeric character or an underscore (_)
- \W Anything not an alphanumeric character or an underscore
- \s Any whitespace (spaces, tabs, newlines)
- \S Any non-whitespace character
- . Any character except for a newline

PCRE – Meta Characters

- ? Occurs 0 or 1 time
- * Occurs 0 or more times
- + Occurs 1 or more times
- {n} Occurs exactly n times
- {,n} Occurs at most n times
- {m,} Occurs m or more times
- {m,n} Occurs between m and n times

PCRE – Pattern Modifiers

The way the PCRE engine works can be modified by modifiers placed after the terminating character
– i – Case insensitive search
– m – Multiline, $ and ^ will match at newlines
– s – Makes the dot metacharacter match newlines
– x – Allows for commenting
– U – Makes the engine un-greedy
– u – Turns on UTF8 support
– e – Matched with preg_replace() allows you to call

preg_match()

- preg_match() – Returns the number of matches found by a given search string under this format, also capable of returning the match:

$string = "124 abc";
var_dump(preg_match("/\w\s
\w/", $string)); // 1 (matches);
var_dump(preg_match("/\d{3}\s[a-z]
{3}/", $string)) // 1 (matches)

preg_replace() - Searches the subject for matches to a given pattern replaced with the given replacement text

$pattern = "!(java|ruby)!i";
$string = "I love programming in Java, I als
o love ruby!";
echo preg_replace
($pattern, "php", $string);
- //I love programming in php, I also love php!

$bbcode = "Hi !!Paul!!, how are !!you!! today\n";
echo preg_replace("/!!(.+)!!/e", "strtoupper('\
\1')", $bbcode);
//Hi PAUL!!, HOW ARE !!YOU today
echo preg_replace("/!!(.+)!!/eU", "strtoupper('
\1')", $bbcode);
//Hi PAUL, how are YOU today

- Security concerns, escape input

preg_split()

- preg_split() allows you to split strings based on more complex rules:

$ws = "Too   much  white   space";
print_r(preg_split("!\s+!", $ws));
Array(
[0] => Too
[1] => much
[2] => white
[3] => space 
)

Strings & Patterns Conclusion

- Escaping, worth thinking about
- Heredoc vs “ vs ‘
- printf() and its family
- PCRE
– meta characters
– pattern modifiers
– functions

Questions for further study

- Develop a regular expression to pull email addresses from a web page using the standard paul at preinheimer dot com format.
- Experiment with the printf() modifiers and research the related functions
- There are many string functions in PHP experiment and research a few
- Try using the various escape sequences with all three quote types (single, double, heredoc)

read more

My Experience of Zend Examination.

2009-09-02T12:04:00.004+05:30

Hello fellas :)

After having 4+ years of experience of PHP I decided to finally get certified by Zend.

So whenever I got time I use study and also spend my time on Devshed Forums, sarav_dude is my username. I decided to take a leave from work so that i can totally dedicate my time to this and get passed, and certianly that week was quite a tense for me.

From my experience I can tell you guys who wants ZCE (Zend Certified Engineer) you need to understand how things work, if you say you will by heart the manual u will likely be in trouble because the actual questions are well twisted and can be answered if you understand the concept behind it.

I have purchased Zend PHP 5 Certification Online Practice Testing of 10 pack which I later realize that It is more than what its required because all the question of the tests repeat many times as you take different tests and 3 of the test is still remaining with me, and the question they ask are quite good and give you an idea how the question can be but you should not rely on this papers, cracking the answers to the questions they ask is a good way to learn and also study about the related functions and understanding of the concept.

This book Zend PHP 5 Certification Guide provides and in depth knowledge about PHP. You must read this and understand well the concept given in this book before going through the exam.

And finally most important of them all The Manual based on the PHP version 5.1 as the Exam is based on that version you need to learn the topics and related functions. Quite a questions from the XML and Web services, SPL, Reflections and few advanced topics. Remember which functions do what, parameters and how the behaviours are changed based on certain parameters.

Once you have a confidence that you can give the exam , you can purchase the voucher from the Zend online store, once u have the voucher you can schedule your exam based on the available dates from pearsonvue.com for that you need to make an account on that website and find a centre near to your place and schedule for the required date. Reach the centre 15-20 mins before keep your mind in peace and focus on the exam, make sure you get your 2 id proofs who has your signature and photograph.

PHP Functions

2009-09-01T20:20:00.003+05:30

If you don't know what functions are…

We use functions for several major reasons

– Readability
– Maintainability
– Code separation
– Modularity
– Our Comp-Sci teacher told us to
– To do otherwise would subject us to mockery

Functions.. Examples?

function myName()
 {
  echo "Paul";
 }
 function yourName($name)
 {
  echo $name;
 }

Functions - Scope

function scope($count)
 {
  $count = 100;
  echo $count;
 }
 $count = 3;
 scope($count);
 echo $count;

Functions - Examples

function incrementID()
 {
  global $id; //GLOBALS[‘id’];
  $id++;
 }
 function x10($number)
 {
  return $number * 10;
 }
 
 function printList($string, $count = 5)
 {
  for ($i = 0; $i < $count; $i++)
 {
  echo $string;
 }
 }
 
 function newTo5(&$number = 2)
 {
  echo ++$number;
 }
 
 function takeWhatYouGet()
 {
  $a = func_get_args();
  
  foreach ($a as $key => $value)
  {
   echo "In slot $key I found $value how exciting! \n";
  }
 }
 //takeWhatYouGet(3, 2, "paul", "bob", 28);

Functions & Objects, Friends at last

- In PHP4 Objects were thrown around ByVal,
this meant that you made copies without
even thinking about it.
- In PHP5 Objects are always passed ByRef
unless you explicitly clone it, keep that in
mind

Functions - Conclusion

They’re terribly useful

- You have to remember how scope works Practice tracing
- Objects fly around by reference now
- Return statements can exist anywhere within
the function, you can even have several
- Avoid situations where the same function
may return nothing, or something (Zend Studio’s Code Analyzer tests for this)

Questions for further study

- Develop a function that accepts a variable
number of parameters
- Experiment with variable scope, ensure you
are comfortable with how local and global
variables interact
- What happens if a function is defined then
the PHP scope ends, then resumes again
later with the remainder of the function
- Is “_” a valid function name?

PHP Questions Answers

2009-08-30T21:45:00.000+05:30

1. Which php.ini directive should be disabled to prevent the execution of a remote PHP script via an include or require construct?

Ans: allow_url_include

2. What is output of following code :

class MyException extends Exception {}
class AnotherException extends MyException {}

class Foo {
  public function something() {
    throw new AnotherException();
  }
  public function somethingElse() {
    throw new MyException();
  }
}

$a = new Foo();

try {
  try {
    $a->something();    
  } catch(AnotherException $e) {
    $a->somethingElse();    
  } catch(MyException $e) {
    print "Caught Exception";
  }
} catch(Exception $e) {
  print "Didn't catch the Exception!";
}
?>

Ans: Didn't catch the Exception!

3. When using a function such as strip_tags, are markup-based attacks still possible?

Ans: Yes, because the attributes of the markup tags are completely ignored

PHP Basics

2009-08-30T21:15:00.002+05:30

PHP Basics refers to a number of things that
are likely already second nature to you:
– Syntax
– Operators
– Variables
– Constants
– Control Structures
– Language Constructs and Functions

PHP Tags

– Since PHP was designed to be incorporated
with HTML, the interpreter needs to
distinguish between PHP code and the
HTML markup.
– The most common tags are these:
– <?php
– //Long Tags
– ?>
– While the regular style of tags is preferred,
and can not be disabled, you are also
guaranteed access to the script style tags
<script language="php">
//Long or Script style tags
</script>
– Short tags have also been quite popular,
however they can be disabled (often for XML
compliance) and are falling from favour
<? echo 'Short PHP tags'; ?>
<?= $expression ?>
– The latter set of tags are a shortcut for
<? echo $expression ?>
– Both sets of tags can be enabled/disabled via
use of the short_open_tag directive in php.ini
– ASP style tags are also available, but must
be enabled specifically in the php.ini file via
the asp_tags directive
<% echo 'ASP-style tags'; %>
<%= $variable; %>

PHP Tags Conclusion

– Use the long or regular PHP tags to ensure
your application will be portable across
multiple servers regardless of configuration
options.

Comments

– Good programmers comment their code, PHP
supports multiple syntaxes for comments:
<?php
//This is a single line comment
# This is also a single line comment
/*
This is a multi-line
comment
*/

A few comments about comments

– Single line comments are ended by either the
newline character or a closing PHP tag, so a
single like comment like
// This tag ?> can end PHP code
– Can have unintended output.

Variables

– Variables provide containers for data, with
PHP there are two main naming rules for
variables and other identifiers:
– Variables names can only contain letters,
numbers or underscores
– Variables names must start with a letter or an
underscore.
– Even though PHP is loosely typed, PHP
variables are still stored and managed in one
of PHP’s core types:
– Scalar types: boolean, string, integer, float
– Compound types: array, object
– Special Types: resource, null.

Scalar Types - Strings

– Strings can be quoted in one of three ways
– ‘ ’ – The single quote or string literal, characters
within single quotes will be recorded as is, without
variable or escape sequences interpreted and
replaced
– “ “ – The double quotes, variables and escape
sequnces will be interpreted and replaced
– <<< – Heredoc (next slide)
The heredoc syntax functions in a similar manner to
double quotes, but is designed to span multiple lines,
and allow for the use of quotes without escaping
$greeting = <<<GREETING
She said "That is $name's" dog!
While running towards the thief
GREETING;
– The closing heredoc tag must be the first thing on
the line, the only other permissible character on the
line is the semi-colon.

Scalar Types - Integer

– Integers (whole numbers) can be specified in
decimal (base 10), hexadecimal (base 16), or
octal (base 8) notation and optionally
preceded by a sign (+, -)
– To use octal precede the number with a 0
– To use hex precede the number with a 0x
– The maximum size of an integer is platform
dependent, a maximum of ~2Billion is
common.

Scalar Types – Float (double)

– Floats, or doubles, can be used to represent really
large or really small values. Floats can be entered
via several syntaxes
$a = 1.234; //Standard decimal notation
$b = 1.2e3; //Scientific notation (1200)
$c = 7E-10;
//Scientific notation (0.0000000007)
– The size of a float is platform-dependent, although a
maximum of ~1.8e308 with a precision of roughly 14
decimal digits is a common value.

Scalar Types - Boolean

– Boolean values hold either True (1) or False
(0)
– Any integer other than 0 is cast to TRUE
– TRUE & FALSE are case-insensitive, though
the all caps representation is common.

Quick Quiz

– Things to ponder:
– What is the output of:
echo 09;
– What is the output of:
$a = 3e4;
$b = <<<EOD
This is a variable: $a
Wasn't that nice?
EOD;
echo $b; read more

Zend Certification Exam Information

2009-08-30T19:48:00.001+05:30

PHP 5 Zend certificaiton Exam covers several topics :

PHP Basics

Syntax
Operators
Variables
Constants
Control Structures
Language Constructs and Functions

Object Oriented Programming

Instantiation
Modifiers/Inheritance
Interfaces
Exceptions
Static Methods & Properties
Autoload
Reflection
Type Hinting
Class Constants

PHP 4/5 Differences

Object Orientation
E_STRICT
References vs. Object Handles

Streams and Network Programming

Files
Reading
Writing
File System Functions
Streams

Security

Configuration
Session Security
Cross-Site Scripting
Cross-Site Request Forgeries
SQL Injection
Remote Code Injection
Email Injection
Filter Input
Escape Output

Functions

Syntax
Arguments
Variables
References
Returns
Variable Scope

Databases and SQL

SQL
Joins
Analyzing Queries
Prepared Statements
Transactions

Strings and Patterns

Quoting
Matching
Extracting
Searching
Replacing
Formatting
PCRE

Arrays

Enumerated Arrays
Associative Arrays
Array Iteration
Multi-Dimensional Arrays
Array Functions
SPL

XML and Web Services

XML Basics
SimpleXML
XML Extension
Xpath
Webservices Basics
SOAP
REST

Web Features

Sessions
Forms
GET and POST data
Cookies
HTTP Headers

Design and Theory

IDesign Patterns
Code Reuse
OOP Theory

FAQ for exam