In this section I will cover:

Data filtering
SQL injection
Command injection
XSS
Safe mode
Coding Standards
Error logging
Debugging and optimization

Data Filtering

Users are evil and sometimes they don’t even know it. You should always “taint” and filter data PHP provides lots of functions that can help here.
Never rely on register_globals. In fact, if you’re writing for redistribution, undo its effects if it is on.
Data filtering depends on what you need to do with it. You will rarely need “raw” data. Most of the time, it needs to be escaped to do something or ether—e.g.: display, insert into db, and so on

SQL Injection

In this section I will cover:

Databasics
Indices and keys
Table manipulation
Joins
Aggregates
Transactions
File wrappers
Streams

Databasics

The exam covers databases at an abstract level. No specific implementation
SQL-92 standards only
Only the basics of database design and programming are actually required
Table creation/population/manipulation, Data extraction, Reference integrity
Joins / Grouping / Aggregates

Relational databases: Called because the relationship among different entities is its foundation
• Schemas/databases
• Tables
• Rows
Data types
• Int
• Float
• Char/varchar
• BlOBs

Indices

In this section I will cover:

Opening and closing files
Reading from and writing to files
Getting information about a file
Copying, renaming, deleting files
File permissions
File locks
Sending e-mail
MIME
HTML E-mails
Multipart E-mails

Files — Opening and Closing

Files are open using the fopen() function:
fopen ($filename, $mode)
returns a file resource (not a pointer!)
The $mode parameter indicates how the file should be open:
r — read only
r+ — read/write
w — write only and create the file
w+ — read/write and create the file
a — write only and position at end of file

In this section we will cover:

HTML form management
File uploads
Cookies
Magic Quotes
Sessions
Times and dates in PHP
Formatting date values
Locale-dependent date formatting
Date validation

HTML Form Management

HTML forms are submitted by the browser using either GET or POST
GET transaction data is sent as part of the query string
POST data is sent as part of the HTTP transaction itself
POST is often considered “safer” than GET—WRONG!
POST data is made available as part of the $_POST superglobal array
GET data is made available as part of the $_GET superglobal array
Both are “superglobal”—in-context everywhere in your scripts

In this section we will cover:

Comparisons
Basic search and replace
Regular Expressions
String functions and formatting
Accessing arrays
Single- and multidimensional arrays
Array iteration
Array sorting
Array functions and manipulation
Serialization

String Comparison

String comparison is mostly trivial, but can sometimes be tricky. The equivalence operator should be used when you know that you are comparing two strings—or when you don’t care about cases like this:

• “123test” == 123 == TRUE!