Q1: Describe the process from a users web browser, to the web-server and back again.Q2: How would you check that a string is a palindrome?*hint* using only one statement.Q3: What's the maximum size of integral numbers in PHP? How would you manipulate very large numbers? (e.g. 8+ billion)Q4: What is 'htmlentities' and it's relationship with preventing XSS attacks/vulnerabilities?Q5: Describe the differences between the object models in PHP 4 and PHP 5.

nimalan

• Jul 3rd, 2007

 

using strrev() function.

for example
$mystr='tenet';
if($mystr==strrev($mystr))
print "The given string is a palindrome";

Ganesh

• Sep 7th, 2007

 

The client sends php requests, if any, to the Php server. Php server parses, executes them, sends the outputs to the client.

kalp.mehta

 Profile Answers by kalp.mehta 

• Dec 16th, 2007

 

1) When user submits the form from the browser, the form is submitted to the Web server where it filters the server-side languages and client-side languages. Now the server side languages is parsed and executed on the server and queries if any to the backend i.e. database and gets values from there. After whole process or form is executed, the result is thrown to the web browser on the client side. And client side scripts like javascript and HTML are already parsed on the user's browser only.

2) For checking tht the string is palindrome, just check the original string with its strrev() result, if both matches, than the string is palindrome.

3) Dont understand this questions exactly. Is it liike KB, MB, GB, TB, etc?

4) XSS or crossite attacks is like when you change the URL and try to change the form submit for attacking to the server for some hacking or such stuffs. e.g. : www.mysite.com?name=kalpesh can be easily attacked if there is no "htmlentities" which filters all the html tags, by using like : www.mysite.com?name='kalpesh; drop table test;'


-Kalpesh

msdwivedi

 Profile Answers by msdwivedi 

• Dec 28th, 2007

 

Answer 1: when user opens their browser and type the url in the address bar they actually sends requests to web-server, clicking on links or submitting a form may also considered as request.
    Server on the other hand recieves the request create/maintain a session between browser and web-server, execute any server-side script, produce parsed output and then sends back to client's browser.

Answer 2: echo ($string==strrev($string)?"The string is palindrome":"The string is not a palindrome");

Answer 3: The size of an integer is platform-dependent, although a maximum value of about two billion is the usual value (that's 32 bits signed). PHP does not support unsigned integers. Integer size can be determined from PHP_INT_SIZE, maximum value from PHP_INT_MAX since PHP 4.4.0 and PHP 5.0.5.

Answer 4: Convert all applicable characters to HTML entities. This fuction is particularly useful against XSS (cross-site-scripting-). XSS makes use of holes in code, whether it be in Javascript or PHP. XSS often, if not always, uses HTML entities to do its evil deeds, so this function in co-operation with your scripts (particularly search or submitting scripts) is a very useful tool in combatting "H4X0rz". (reference: jake_mcmahon at hotmail dot com URL:http://in2.php.net/htmlentities).