PHP history and uses |
- Explain the difference between server side and client side scripts.
- Summarize the origin and development of PHP.
- List and briefly describe the most common alternatives to PHP.
- List some well known web sites and applications that has been built in PHP.
- Briefly explain the concept of Open Source.
- List some well-known public mailing lists, IRC channels and discussion forums where you can find help with PHP.
|
|
Installation and basic configuration of PHP and an IDE |
- Demonstrate installing an HTTP-server, PHP and MySQL on a computer.
- Demonstrate the usage of php.ini and .htaccess
- Explain why display_errors should be off on a production web server.
- List some commonly used PHP-modules and demonstrate how to activate them on a web server.
- Demonstrate how to get information about a PHP-installation using
phpinfo() and php -m.
- Demonstrate how to use PHP CLI.
- Demonstrate how to install an IDE or editor for PHP development.
- Explain the purpose and usage of development and staging servers.
- Explain the purpose of a version control system.
|
- Module 1: Installation
- Final exam
|
Basic PHP syntax |
- Demonstrate how to switch between HTML-mode and PHP mode.
- List what types of php tags that you can use, and explain the potential pitfalls of using short open tags. (Note to teachers: Turn open tags off on the server you provide.)
- Demonstrate how to use single line, multi line and PhpDoc-style comments.
- Demonstrate how to separate instructions.
- Demonstrate how to use the echo and print statements. Recognize the differences between the two.
|
- Module 1: Installation
- Final exam
- Final assignment
|
Using PHP as a simple template engine |
- Explain the concept of server side includes and why it is better than client side frames.
- Describe the differences between PHP’s include, include_once, require and require_once commands.
- Explain performance benefits of using absolute paths when including files.
- Explain why included files should always reside outside of the server root directory.
- Demonstrate how PHP can make client side frames redundant.
|
- Assignment 1: Use PHP as a Template System
|
PHP best practices overview |
Note: This is meant as an overview. No in-depth knowledge yet.
- Briefly discuss key characteristics of a well written PHP_application.
- Demonstrate how to write readable and properly indented code.
- Demonstrate basic knowledge about coding conventions, especially the PEAR coding standard.
- Explain what revision control is.
- Show basic knowledge about phpDocumentor. Use the most basic tags in phpDocumentor and produce generated documentation for your code.
- Explain what bug tracking is. List a few well known bug trackers.
|
- (Most assignments will touch upon these concepts in some way.)
- Final assignment.
- Final exam.
|
Programming concepts |
- Explain the concept of identifiers and list some identifier names one is not allowed to use in PHP.
- Explain the concept of sigils.
- Explain the consept of data types and compare strong and weak typing. Demonstrate type checking and type juggling.
- Recognize that all user-submitted data, and all data-base results, are strings to PHP. Demonstrate how to check for numeric values in strings.
- Explain the null value, and describe the difference between variables that are null and variables that have not been set.
- Demonstrate how to use the isset() and empty() functions. Explain what values in PHP that convert to false, when used in a boolean check.
- Demonstrate usage of variables and constants, using best practice naming conventions.
- Recognize the different kinds of constants in PHP (built in, magic, user defined; global, class).
- Demonstrate different syntaxes for setting constants (define and const - also for global constants since PHP 5.3)
- Explain the concept of statements. Demonstrate correct usage of statements and block statements.
- Explain the concept of expressions. Demonstrate correct usage of expressions.
- Explain what operators are and demonstrate correct usage of all common operators.
- Explain the concept of functions and all associated terminology and demonstrate how to write and use functions.
- Explain and use assignment by value and assignment by reference.
- Explain what arrays are in PHP and contrast the implementation to a few other programming languages. Demonstrate how to create and manipulate arrays and how to access individual items in arrays.
- Recognize all error levels in PHP and explain the difference between an error and an exception. Demonstrate how to handle errors appropriately.
|
(Modules with exercises are appreciated.)
- Final assignment.
- Final exam.
|
HTTP |
- Explain the most commonly used HTTP methods (get, post, head)
- Demonstrate how to fetch information from the client using $_SERVER.
- Explain MIME-types, and demonstrate how to set MIME-types using PHP’s header-function.
|
- Module 2 (a): Emulate HTTP-connections with netcat or telnet
- Module 2 (b): Analyze HTTP-traffic using Firebug or a similar tool.
- Final assignment.
- Final exam.
|
Character encoding |
Note: For any audience using non ascii-characters (almost everybody outside the USA and UK) this is essential!
- Describe the basics of character encodings and compare the terminology used by Unicode to the terminology used in HTTP-headers
encoding vs. charset .
- Demonstrate how to specify the encoding used in a script (the setting on your editor or IDE).
- Explain the difference between multi-byte encodings and single-byte encodings.
- Demonstrate how to use multi-byte string functions in PHP 5.x.
- Recognize problems that might occur in PHP because of misinterpreted character encodings.
- Demonstrate how to set character encoding in HTTP-headers, using the http-server tools and PHP.
- List the characters that have a highest potential for abuse (e.g. “null” and “eof”) and demonstrate how to filter input to avoid them using ctype functions.
- Demonstrate how to set the encoding (and collation) in a MySQL table or field, using PhpMyAdmin or a similar tool.
- Demonstrate how to convert text between different encodings.
|
- Assignment 3.
- Final assignment
- Final exam
Extra questions for SS 2:
- Explain what a BOM is and how it can cause problems for PHP scripts.
- What is the difference between little endian and big endian UTF-16?
- What is Unicode normalization?
|
Locales, timezones and time functions. |
- Explain the concept of locales.
- Demonstrate how to set timezones for PHP scripts.
- Demonstrate how to set locale for PHP scripts.
- Explain the concept of collation and demonstrate how to use locale aware string and array comparison and sorting.
- Demonstrate how locale and timezone information affects date and time functionality in PHP. Use the basic date and time functions.
|
(Modules with exercises are appreciated.)
- Final exam
- Final assignment
|
Strings |
- Explain the concept of a string.
- Compare the two types of strings there is in PHP 6. Demonstrate how to set them and convert between them.
- Demonstrate how to get the length of a string and access its characters by index
- Demonstrate how to handle single and double quotes in strings with variables.
- Demonstrate how to concatenate strings.
- Demonstrate how to use heredoc and nowdoc. Recognize the two syntaxes that exist for heredoc as of PHP 5.3.
- Demonstrate how to escape characters in strings.
- Demonstrate correct usage of basic string functions, e.g. strlen, substr, strstr, strpos, trim, strtolower, with variants.
- Demonstrate how to compare strings, using operators and comparison functions like strcmp or strcoll.
- Demonstrate how to check the integrity of string contents using the ctype-functions.
- Explain the concept of regular expressions, exemplify when they can be used and demonstrate simple usage.
|
- Assignment 3.
- Final exam.
- Final assignment.
|
Array usage and array functions |
- Demonstrate how to iterate over an array using the foreach function.
- Demonstrate how to sort arrays.
- Demonstrate how to perform a function call on each value in an array.
- Specifically, demonstrate how to remove magic quotes from GPC-data.
- Explain what the cursor is in an array and demonstrate how to walk through arrays.
- Demonstrate how to use assign multiple variables from array values using the list() language construct.
- Demonstrate how to check for the existence of specific keys or values within an array.
- Demonstrate how to attach and how to delete values at both the bottom and top of an array.
|
- Assignment 3.
- Final exam.
- Final assignment.
|
Objects and classes (simple overview) |
- Explain some benefits of Object Oriented programming compared to procedural programming.
- Explain basic OO terminology.
- Demonstrate how to define and instantiate classes in PHP. Explain constructors and destructors, how to name constructors in PHP 4 and 5+ and how to use constructors.
- Demonstrate how to use the $this pseudovariable.
- Explain the concept of inheritance och demonstrate how to use the extends keyword.
- Explain the concept of polymorfism and demonstrate how to use interfaces and abstract classes in PHP.
- Briefly explain the differences in the object model between PHP 4 and PHP 5.
- Explain visibility of properties and methods.
- Explain class constants, static properties and methods and demonstrate how to use the scope resolution operator (
Paamayim Nekudotayim ).
|
(Modules with exercises are appreciated.)
- Final exam
- Final assignment
|
Error handling and exceptions |
- Recognize the types of errors in PHP.
- Handle interaction errors e.g. GET-data does not match DB-record might produce a 404.
- Use good error handling strategies. E.g:
- Differentiate between development servers (show on page) vs. production servers (log errors).
- Make usable error pages and understandable error messages.
- Send the correct HTTP status code for error pages.
- Recognize exceptions and handle them using try and catch.
|
(Modules with exercises are appreciated.)
- Final exam.
- Final assignment.
|
Server side architecture |
- Recognize what
separation of concerns mean for PHP development.
- Recognize the following concepts: Presentation logic and templates, business logic and data storage logic.
- Demonstrate a secure and logical directory structure for PHP applictions.
- Explain include paths. Demonstrate how to write an application that does not depend on being in a specific root directory.
- Demonstrate a good strategy for filtering all untrusted data.
- Demonstrate consistent and appropriate escaping of output data.
- Implement usable, SEO-friendly and hackable URL:s.
- Recognize rewrite rules.
- Recognize the abbreviation MVC and briefly explain the rationale behind it.
|
- Exercise 4.
- Final exam.
- Final assignment.
|
Handling posted data |
- Explain why client side checks only can be used to offload a server and provide better usability, never for security.
- Explain why GPC-data might be quoted in PHP 4.x and 5.x. Explain what problems magic quotes were intended to solve, why they did not work properly and are being removed in PHP 6 and how they can be removed in a script.
- Explain how the superglobal array $_POST relates to name attributes in HTML forms. Demonstrate handling posted data.
- Recognize the usage of register globals and explain why it is a security hazard. Recognize the bad habit of manually making EGPCS-data into regular variables ($foo = $_POST[‘foo’] or extract($_POST)).
- Recognize the usage of $_REQUEST and explain why it is considered bad practice to use it.
- Recognize how sensitive data can be transmitted securily, using encryption. Recognize the abbreviations SSL and TLS.
|
- Exercise 5.
- Final exam.
- Final assignment.
|
Sending email |
- Demonstrate simple usage of the mail() function in PHP.
- Recognize the concept SMTP injection and demonstrate how to avoid it.
|
- Exercise 5.
- Final exam.
- Final assignment.
|
Sessions and authentication |
- Recognize the sessionless nature of HTTP.
- Recognize session fixation and session hijacking. Use session_regenerate_id and set session ID using cookies only.
- Recognize HTTP-authentication in PHP.
- Preventing multiple submits of a form.
- Demonstrate how to prevent cross-posting using a session variable.
|
- Final exam.
- Final assignment.
|
Cookies |
- Explain the concept of cookies and how they are passed to the server from the browser.
- Demonstrate how to set and read cookies.
- Explain the security benefits of server side only cookies, and demonstrate how to set them.
|
- Final exam.
- Final assignment.
|
File handling and storing data in text files |
- Demonstrate how to read from and write to files.
- Recognize the different flags used to control the opening of file sockets.
- Recognize the most common security problems when usiing file functions.
- Demonstrate how to safely handle files uploaded by the user.
|
- Final exam.
- Final assignment.
|
Relational Database concepts and MySQL fundamentals |
- List some common Database Management Systems (DBMS).
- List some common alternatives to storing data in a relational database and briefly explain the merits and disadvantages of each option.
- Explain how SQLite can be used from every modern PHP installation. (Note: SQLite is primarily included to provide a way to explain data access abstraction using PDO.)
- Give an overview of how a relational database works.
- Recognize the terminology used about databases (relation/table, tuple/row, attribute/field/column, default values, NULL, keys, etc).
- Briefly explain the concept of normalization and recognize the related glossary (keys, functional dependency)
- List the available data types in MySQL and demonstrate proper usage of the most common ones.
- Explain the concept of indexes. Demonstrate how to use indexes in MySQL.
- Recognize the concept of a
storage engines in MySQL and briefly explain the main differences between MyISAM and InnoDB.
- Demonstrate how to use PhpMyAdmin or a graphical tool to set up a database. Make a user with privileges suitable for PHP scripts. Demonstrate how to run queries in the tool.
- Demonstrate how to backup/dump a MySQL database.
- Question to reviewers: Is it possible to wait with constraints and referential integrity (foreign keys) until Server Side Scripting 2?
|
- Final assignment
- Final exam
|
SQL |
- Recognize the glossary of SQL (DDL, DML, CRUD)
- Demonstrate how to access a MySQL DBMS from a CLI tool.
- Demonstrate how to SELECT individual records and groups of records; SORT-ing and LIMIT-ing of the results.
- Demonstrate how to use JOIN.
- Demonstrate simple usage of SQL-functions (count!)
- Demonstrate how to INSERT data into a table.
- Demonstrate how to UPDATE a table and explain why one should always use the WHERE clause doing so.
- Demonstrate how to DELETE data and explain why one should always use the WHERE clause doing so.
|
- Final assignment
- Final exam
|
PDO |
- Recognize all 3 built in API’s to access a MySQL database from PHP (mysql, mysqli, PDO). Discuss their strengths and downsides.
- Demonstrate how to connect to a DBMS with PDO, prepare and execute statements, fetch single results and iterate over result sets.
- Recognize how to access reults from a prepared statement as normal arrays, associative arrays, objects and objects belonging to a specific class.
- Demonstrate safe usage of user submitted data in SQL.
- Recognize how to manually quote user submitted data.
- Discuss the benefits of prepared statements.
- Demonstrate how to handle errors and unexpected results using PDO.
- Demonstrate safe handling of database credentials.
|
- Final assignment
- Final exam
|
The mysql and the mysqli functions |
- Recognize how to use the mysql and the mysqli functions.
- Discuss how to safely handle user submitted data using the mysql and the mysqli functions.
|
|
SPL, PEAR and Frameworks |
- Recognize PEAR, PECL, SPL and the most well known PHP Component libraries?
- Recognize the most common PHP Frameworks.
- Recognize the most common PHP applications/Content Managament Systems.
- Recognize the usage of PHP for extended functionality for some big websites (e.g. Facebook)
|
|
Web Services, API’s, RSS, JSON and Ajax |
- Recognize the most common formats for data interchange.
- Summarize the Ajax pattern for updating a web page.
- Briefly describe the concepts of API’s and Web Services.
|
|
Shared hosting |
- Recognize the most important technical considerations one must know when chosing a web host.
- List the most important security considerations one must know about shared hosting.
- Demonstrate usage of a web host control panel.
|
- Final assignment
- Final exam
|