1108 お客様のコメント
質問 1:
What information can be used to reliably determine the type of an uploaded file?
A. Contents of the file
B. File name extension
C. MIME type
正解:A
質問 2:
Is the following code vulnerable to SQL Injection ($mysqli is an instance of the MySQLi class)?
$ age= $mysqli->real_escape_string($_GET['age']);
$ name= $mysqli->real_escape_string($_GET['name']);
$ query= "SELECT* FROM 'table' WHERE name LIKE '$name' AND age= $age";
$ results= $mysqli->query($query);
A. Yes, because the $name variable and the $age variable is improperly escaped.
B. Yes, because you cannot prevent SQL Injection when using MySQLi
C. No, the code is fully protected from SQL Injection.
D. Yes, because the $name variable is improperly escaped.
E. Yes, because the $age variable is improperly escaped.
正解:E
質問 3:
What function can reverse the order of values in an array so that keys are preserved?
A. array_reverse()
B. rsort()
C. krsort()
D. array_multisort()
E. array_flip()
正解:A
質問 4:
Late static binding is used in PHP to:
A. Use caller class information provided in static method call
B. Find proper method to call according to the call arguments
C. Load dynamic libraries and extensions at runtime
D. Resolve undefined class names by automatically including needed files
正解:A
質問 5:
What is the preferred method for preventing SQL injection?
A. Using addslashes() to escape variables to be used in a query.
B. Always using the available database-specific escaping functionality on all variables prior to building the
SQL query.
C. Always using prepared statements for all SQL queries.
D. Using htmlspecialchars() and the available database-specific escaping functionality to escape
variables to be used in a query.
正解:C
What information can be used to reliably determine the type of an uploaded file?
A. Contents of the file
B. File name extension
C. MIME type
正解:A
質問 2:
Is the following code vulnerable to SQL Injection ($mysqli is an instance of the MySQLi class)?
$ age= $mysqli->real_escape_string($_GET['age']);
$ name= $mysqli->real_escape_string($_GET['name']);
$ query= "SELECT* FROM 'table' WHERE name LIKE '$name' AND age= $age";
$ results= $mysqli->query($query);
A. Yes, because the $name variable and the $age variable is improperly escaped.
B. Yes, because you cannot prevent SQL Injection when using MySQLi
C. No, the code is fully protected from SQL Injection.
D. Yes, because the $name variable is improperly escaped.
E. Yes, because the $age variable is improperly escaped.
正解:E
質問 3:
What function can reverse the order of values in an array so that keys are preserved?
A. array_reverse()
B. rsort()
C. krsort()
D. array_multisort()
E. array_flip()
正解:A
質問 4:
Late static binding is used in PHP to:
A. Use caller class information provided in static method call
B. Find proper method to call according to the call arguments
C. Load dynamic libraries and extensions at runtime
D. Resolve undefined class names by automatically including needed files
正解:A
質問 5:
What is the preferred method for preventing SQL injection?
A. Using addslashes() to escape variables to be used in a query.
B. Always using the available database-specific escaping functionality on all variables prior to building the
SQL query.
C. Always using prepared statements for all SQL queries.
D. Using htmlspecialchars() and the available database-specific escaping functionality to escape
variables to be used in a query.
正解:C
Kawano -
これ一冊でOKだね!ほんとうに勉強してて思いました!本をかなり読み込む方が良いと思います。