Studyon Minte9.com
ZCE 5.3




Resume





PHP BASICS

* Bitwise
a&b(bits set a AND b) | a|b (OR) | a^b (XOR) a OR b, not both | a&~b (a, NOT b) | a<<2 (move bits)
1&10=0 | 1|10=11 | 2^10=8 | 1&~10=1 | 2<<2=8

* Functions | function_exists | func_get_args | _num_args | _get_arg

* Operators
Precedence | ++ | ! | */% | +-. | << >>  | & | &&

STRINGS

md5(str) [,flag_short=false] | not secure | 32 or 16 chars hexadecimal number
sha1(str) [,flag_short=false] | secure | 40 or 20 chars hexadecimal number 
crc32(str) | int



DATABASE



SECURITY

* Basics
Superglobals | $_SESSION (only safe) | on server
Forms | Whitelist (select) better than blacklist (input)
Input | Filter input (ctype_*)
Ouput | Escape output (htmlentities) | mysql_escape_string (for SQL)
Register_globals | on (security risks) | off default | no longer in PHP6

* Website
Form | Spoofed forms | Copy false | Input filter (ctype_*)
Comment | XSS (Cross Site Scripting) | bad code <script> (cookie) | Output escape (htmlentities)
Image Php | CSRF (Cross Site Request Forgery) | amazon checkout logged | Token (session & form)
Include | Remote Code Injection | Filter data (for include, require) | allow_url_fopen = 0

* Database
Query | Sql Injection | abc' OR 1 # | Login, Delete | mysql_escape_string | binding (best) prepare statement

* Session
PHPSESSID | unsafe?PHPSESSID=123 (fixation) | session_regenerate_id(true) | session.use_* 
Regenerated PHPSESSID | XSS find | SERVER[HTTP_USER_AGENT] check (persistent between requests)

* File
Browse | Restrict file type ($pathinfo['extension']) | rename UniqueId | Login and Moderate
Shell | no system() use | escapeshellargs|cmd
Email | SMTP port close | no open relays

* SSL
Secure Soket Layer | Encrypt data between web server and browser

* Configuration
Php.ini | register_globals=off | allow_url_include=off 
CGI File | /cgi-bin/php?file | PHP refuses to interpret arguments
CGI Private | /cgi-bin/php/secret/script.php | cgi.force_redirect, doc_root, user_dir
CGI Public | --enable-force-cgi-redirect
Php outside web tree | #!/usr/local/bin/php
Php Apache | autorization vs nobody | .htaccess, LDAP | open_basedir



WEB FEATURES

* HTTP headers
HTML generate | Client request | Server decode data | Server send headers & result_data
header() | Sets an HTTP header | header(Location, replace_flag=default, response_code=200) | void
output_buffering = 4096 | CAN send header lines AFTER you send BODY content
Compresion | ob_start(ob_gzhandler) | php.ini (zlib.output_compresion *)
HTTP auth | header("WWW-Authenticate: | Apache Module only | No encryption used

* Forms
_POST | for uploading files | same as GET (security)
_GET | for bookmarking | ampresand (&) | urlencode
_FILES | MAX_FILE_SIZE useless | post_max_size | max_input_time | upload_max_size
Name conversion | DOT and SPACES converted to _ | 'foo.x' became _GET['foo_x']

* Cookie
setcookie('hide', value) [, seconds, path, domain, secure | cookie send only for HTTPS ]
_COOKIE | Scalar only | Storage limited | Available on next request
Accessed with _COOKIE or _REQUEST

* Sessions
Start | session.auto_start = 1 OR session_start()
Server | sessions are stored on Server | Clinet | PHPSESSID is stored on Client
Timeout | Default untill the browser is closed




ARRAYS

* Basics
Keys | case-sensitive x[A] != x[a] | type insensitive x['1'] = x[1] | key_max_int+1 (automatic key add)
list() & array() | constructors not functions | list(a,b,c) = explode(/,date) / list() reverse order key

* Operations
Searching | is_array/array_key_exists (not count & isset) | in_array(x, arr)
Flipping & Reversing | array_flip|reverse
Iteration | reset | key/current | prev/next
Sorting | asort() maintain keys | usort() myFunc | keys = array_rand(arr, n)
Stacks/Queues | LILO push/pop | FIFO unshift/shift | n=_push([1,2,3],4,6)/n=5 | first=_shift(arr)
Sets | diff/intersect | diff([1,2,3],[1,3,4]) = 2

* Functions
Creation | array_dif(a,b) a/not b | _chunk(arr100, 2)/ 50 arrays | extract(a=1)/a=1 | range(1.2,4.1)=1.2,2.2,3.2
Searching | _sum+/_product* / _search return key / _keys(arr) ,seachVal,flag_identical | count(false)=1
Modify | _fill(start, range, 'x') | _fill_keys($keys, 'x') | _map('cube', arr) == _walk (&ref needed)
Replace | _replace(arr, array(1=>new)) | _slice(arr,0,2)/extract portion | _splice(arr,2,length,newarr)/replace portion
Sorting | _natsort(10t,2t,20t)/first is 2t | _filter(arr,[func])/remove empty OR func | _multisort(a1,a2)|a1,SORT_DESC,...
Randomize | key=_rand(arr,2)
Storage | serialize/ json
Spl | ArrayObject



OOP

* Fundamentals
Encapsulation | Inheritance | Object pass by reference (always) | clone (copy, not reference)
Constructor | unset not enought (reference remains) | Destructor

* Visibility
PPP | Protected (accessible from CLASS or DESCENDANTS)
Static | No need for instance | foo::$var / foo::func()
Constants | const BAR | foo::BAR

* Class Type
Abstract | myClass extends ONE | signature & implementation | abstract foo(); / public foo2(){with body}
Interface | myClass implements MULTIPLE | API | no body | can implement

* Exception
try/catch / throw new Exception | set_exception_handler(myFunc) / myFunc($e)

* Autoload
One | __autoload($class) | 
Many | spl_autoload_register(myAutoload) | stack (top of each other)

* Magic methods
__get | called when variable undefined | __isset
__sleep | called when serialize(myobject) | specify which to serialize
__wakeup | with deserialize()
__call | triggered for non-existent method | myClass->OZN()
__callStatic | myClass::OZN()

* Type hinting 
foo(myOhterClass $a) | force param to be object | NOT with INT or STRING

* SPL
ArrayObject | predifined class
Coutable | predifined interface | Iterator | Serializable | ArrayAccess

* Design Patterns
Singleton | static $_instance | ::getInstance()
Front Controller | index.php
Factory Method | ::factory(PDO_MYSQL|Oracle | Zend_Db_Adapter_{$adapter}
Registry | advance Singleton | any object | modelBroker example
MVC | business logic (model) display (view) decisional (controller)
Active Record | this->select()->from | encapsulate READING & WRITING




I/O STREAMS

* Basics
2 types | Files / Network | Not in memory / reference to a resource

* Functions
f* | fopen(file, a|w+b | fgets(fd) [,1024 | 1=n] | fread(fd, 2|endfile) care not n | fpassthr / current to EOF
file* | readfile / output / pdf ex | file / array lines | s=file_get_contents | file_put_contens(file, data) 
[,FILE_APPEND|LOCK_EX]
Position | fseek(fd, 2, SEEK_SEET) beginning (n considered) | ftell(fd)=1 (with fseek)
Csv | fgetcsv(fd) - row / array each line | fputcsv(fd, arr) [,delimiter]
Stats | clearstatcache/ (unlink, file_exists ex) / stat(file) info / fstat(fd) info | finfo_open|finfo_file
Lock| flock (not realy ex) | is_writeable|writable | row = fscanf

* Streams
Context | file_get_contents(http://commentadd, 0, stream_create_context(options))
Socket | stream_socket_client(tcp..)/feof/readfile | server=_socket_server / while(con=_socket_accept(server)/fwrite
Filters | _append_filter(conn, string.toupper)
Transporters | tcp/udp/ssl/tls | unix/udg | STDIO/stream





XML & WEB SERVICES

* Xml Basics
Elements (data) Attributes (metadata) | libxml | DTD (document type declaration)

* Simple Xml
Load | simplexml_load_string|file | new SimpleXMLElement(file.xml, null, true)/true-file, not string
Accessing | book[isbn] attribute / book->title element
Abstract | library->children() / child->getName()
Queries | library->xpath(/library/book/title) | library->book[0]->xpath(title)
Modify | libray->addChild / addAttribute
Namespaces | xmls:pub / <pub:publisher>

* Dom
Load | dom=new DomDocument / dom->load(xml) | dom->loadXML(str)
Saving | dom->save(xml)|saveHTMLFile(xml)
Queries | xpath=new DomXPath(dom) | xpath->query(//lib:title/text())
Import | simplexml_import_dom | dom_import_simplexml	

* Soap
Types | XMLRPC, SOAP, REST
Defined | file.wsdl (web service description language)
Client | client=new SoapClient(file?wsdl) | client=new SoapClient(NULL, array(location, uri))
Server | server=new SoapServer(NULL, array(uri))
Methods | __getFunctions | __getLastResponseHeaders (only with trace=1) | __setCookie

* Json
json_decode(json( [, arrrayFlag, depth]
json_encode | {"a":1,"b":2}
json_last_error | json_decode(invalid_json)

* Rest
Design standard (not extension) | Transfers XML or JSON
Verbs | GET / POST (create) / PUT (update) / DELETE