Midterm Study 3

Question 1

Is HTTP a stateful or or stateless protocol?

Answer 1

HTTP is a stateless protocol, meaning there is no built-in mechanism for linking one HTTP request with another.

Question 2

What is session management?

Answer 2

Any web app that remembers who the user is and/or what they were doing from one HTTP request to the next is using some form of session management

Question 3

What gets sent to the client along with the HTTP response in order to implement session management?

Answer 3

A cookie (token) usually valid until the browser is closed.

Question 4

How is the cookie used?

Answer 4

The cookie contains a unique id to identify the user. When the user initiates a new HTTP request, the browser sends the cookie back along with it. When the server receives a request with a session cookie, it can look up the id to retrieve information about the session

Question 5

How do you start a session and where does it go?

Answer 5

session_start();
Starts or resumes a session. Must be called before any output has been written into the HTTP Response (i.e. above the line in a PHP web page).

Question 6

How is session information stored?

Answer 6

$_SESSION[]
An associative array to store and retrieve data for the current session. You can store values of any type in this array, including other Array values. Values that come from user-defined parameters should be validated and/or filtered before they are stored

Question 7

How do you remove all values from a session?

Answer 7

session_unset()

Removes all values from $_SESSION.

Question 8

How do you end a session?

Answer 8

session_destroy();
Terminates the session. The next call to session_start() will start a new session with an empty $_SESSION[]object. Note that you must call session_start() to resume the session before you can destroy it.

Question 9

What is the number one way websites and databases get hacked in the real world?

Answer 9

SQL Injections

Question 10

What does PDO stand for?

Answer 10

PHP Data Objects

Question 11

What is a SQL injection?

Answer 11

An injection attack is a malicious hack that can occur any time user input is executed as code

Question 12

What is the number 1 way to prevent SQL injections?

Answer 12

Prepared statements

Question 13

What does the syntax for a prepared statement look like?

Answer 13

$id = filter_input(INPUT_POST, “id”, FILTER_SANITIZE_SPECIAL_CHARS); $command=”DELETE FROM polls WHERE ID=?”;
$stmt = $dbh->prepare($command);
$userParams = [$deleteid];
$stmt->execute($userParams);

Question 14

What does a SELECT statement look like in SQL

Answer 14

SELECT * FROM “mytable” WHERE “quantity” = 0

Question 15

What does an INSERT statement look like in SQL?

Answer 15

INSERT INTO “mytable” (col1, col2) VALUES (22, ‘String’)

Question 16

What does a DELETE statement look like in SQL?

Answer 16

DELETE FROM sales WHERE transaction_id = 5

Question 17

What does an UPDATE statement look like in SQL?

Answer 17

UPDATE departments SET manager_first_name = ‘Bob’ WHERE department_id = 5