jump to content

Competencies

Please note that security is not a topic in this table to be handled separately. Security is built in, not bolt on. Security is also expected to be taught from day one, and not considered to be an advanced topic.

Topic Competency Evaluation Methods
PHP history and uses
  • Explain the difference between server side and client side scripts.
  • Summarize the origin and development of PHP.
  • List and briefly describe the most common alternatives to PHP.
  • List some well known web sites and applications that has been built in PHP.
  • Briefly explain the concept of Open Source.
  • List some well-known public mailing lists, IRC channels and discussion forums where you can find help with PHP.
  • Final exam
Installation and basic configuration of PHP and an IDE
  • Demonstrate installing an HTTP-server, PHP and MySQL on a computer.
  • Demonstrate the usage of php.ini and .htaccess
  • Explain why display_errors should be off on a production web server.
  • List some commonly used PHP-modules and demonstrate how to activate them on a web server.
  • Demonstrate how to get information about a PHP-installation using phpinfo() and php -m.
  • Demonstrate how to use PHP CLI.
  • Demonstrate how to install an IDE or editor for PHP development.
  • Explain the purpose and usage of development and staging servers.
  • Explain the purpose of a version control system.
  • Module 1: Installation
  • Final exam
Basic PHP syntax
  • Demonstrate how to switch between HTML-mode and PHP mode.
  • List what types of php tags that you can use, and explain the potential pitfalls of using short open tags. (Note to teachers: Turn open tags off on the server you provide.)
  • Demonstrate how to use single line, multi line and PhpDoc-style comments.
  • Demonstrate how to separate instructions.
  • Demonstrate how to use the echo and print statements. Recognize the differences between the two.
  • Module 1: Installation
  • Final exam
  • Final assignment
Using PHP as a simple template engine
  • Explain the concept of server side includes and why it is better than client side frames.
  • Describe the differences between PHP’s include, include_once, require and require_once commands.
  • Explain performance benefits of using absolute paths when including files.
  • Explain why included files should always reside outside of the server root directory.
  • Demonstrate how PHP can make client side frames redundant.
  • Assignment 1: Use PHP as a Template System
PHP best practices overview

Note: This is meant as an overview. No in-depth knowledge yet.

  • Briefly discuss key characteristics of a well written PHP_application.
  • Demonstrate how to write readable and properly indented code.
  • Demonstrate basic knowledge about coding conventions, especially the PEAR coding standard.
  • Explain what revision control is.
  • Show basic knowledge about phpDocumentor. Use the most basic tags in phpDocumentor and produce generated documentation for your code.
  • Explain what bug tracking is. List a few well known bug trackers.
  • (Most assignments will touch upon these concepts in some way.)
  • Final assignment.
  • Final exam.
Programming concepts
  • Explain the concept of identifiers and list some identifier names one is not allowed to use in PHP.
  • Explain the concept of sigils.
  • Explain the consept of data types and compare strong and weak typing. Demonstrate type checking and type juggling.
  • Recognize that all user-submitted data, and all data-base results, are strings to PHP. Demonstrate how to check for numeric values in strings.
  • Explain the null value, and describe the difference between variables that are null and variables that have not been set.
  • Demonstrate how to use the isset() and empty() functions. Explain what values in PHP that convert to false, when used in a boolean check.
  • Demonstrate usage of variables and constants, using best practice naming conventions.
    • Recognize the different kinds of constants in PHP (built in, magic, user defined; global, class).
    • Demonstrate different syntaxes for setting constants (define and const - also for global constants since PHP 5.3)
  • Explain the concept of statements. Demonstrate correct usage of statements and block statements.
  • Explain the concept of expressions. Demonstrate correct usage of expressions.
  • Explain what operators are and demonstrate correct usage of all common operators.
  • Explain the concept of functions and all associated terminology and demonstrate how to write and use functions.
  • Explain and use assignment by value and assignment by reference.
  • Explain what arrays are in PHP and contrast the implementation to a few other programming languages. Demonstrate how to create and manipulate arrays and how to access individual items in arrays.
  • Recognize all error levels in PHP and explain the difference between an error and an exception. Demonstrate how to handle errors appropriately.
(Modules with exercises are appreciated.)
  • Final assignment.
  • Final exam.
HTTP
  • Explain the most commonly used HTTP methods (get, post, head)
  • Demonstrate how to fetch information from the client using $_SERVER.
  • Explain MIME-types, and demonstrate how to set MIME-types using PHP’s header-function.
  • Module 2 (a): Emulate HTTP-connections with netcat or telnet
  • Module 2 (b): Analyze HTTP-traffic using Firebug or a similar tool.
  • Final assignment.
  • Final exam.
Character encoding

Note: For any audience using non ascii-characters (almost everybody outside the USA and UK) this is essential!

  • Describe the basics of character encodings and compare the terminology used by Unicode to the terminology used in HTTP-headers encoding vs. charset.
  • Demonstrate how to specify the encoding used in a script (the setting on your editor or IDE).
  • Explain the difference between multi-byte encodings and single-byte encodings.
  • Demonstrate how to use multi-byte string functions in PHP 5.x.
  • Recognize problems that might occur in PHP because of misinterpreted character encodings.
  • Demonstrate how to set character encoding in HTTP-headers, using the http-server tools and PHP.
  • List the characters that have a highest potential for abuse (e.g. “null” and “eof”) and demonstrate how to filter input to avoid them using ctype functions.
  • Demonstrate how to set the encoding (and collation) in a MySQL table or field, using PhpMyAdmin or a similar tool.
  • Demonstrate how to convert text between different encodings.
  • Assignment 3.
  • Final assignment
  • Final exam

Extra questions for SS 2:

  • Explain what a BOM is and how it can cause problems for PHP scripts.
  • What is the difference between little endian and big endian UTF-16?
  • What is Unicode normalization?
Locales, timezones and time functions.
  • Explain the concept of locales.
  • Demonstrate how to set timezones for PHP scripts.
  • Demonstrate how to set locale for PHP scripts.
  • Explain the concept of collation and demonstrate how to use locale aware string and array comparison and sorting.
  • Demonstrate how locale and timezone information affects date and time functionality in PHP. Use the basic date and time functions.

(Modules with exercises are appreciated.)

  • Final exam
  • Final assignment
Strings
  • Explain the concept of a string.
  • Compare the two types of strings there is in PHP 6. Demonstrate how to set them and convert between them.
  • Demonstrate how to get the length of a string and access its characters by index
  • Demonstrate how to handle single and double quotes in strings with variables.
  • Demonstrate how to concatenate strings.
  • Demonstrate how to use heredoc and nowdoc. Recognize the two syntaxes that exist for heredoc as of PHP 5.3.
  • Demonstrate how to escape characters in strings.
  • Demonstrate correct usage of basic string functions, e.g. strlen, substr, strstr, strpos, trim, strtolower, with variants.
  • Demonstrate how to compare strings, using operators and comparison functions like strcmp or strcoll.
  • Demonstrate how to check the integrity of string contents using the ctype-functions.
  • Explain the concept of regular expressions, exemplify when they can be used and demonstrate simple usage.
  • Assignment 3.
  • Final exam.
  • Final assignment.
Array usage and array functions
  • Demonstrate how to iterate over an array using the foreach function.
  • Demonstrate how to sort arrays.
  • Demonstrate how to perform a function call on each value in an array.
    • Specifically, demonstrate how to remove magic quotes from GPC-data.
  • Explain what the cursor is in an array and demonstrate how to walk through arrays.
  • Demonstrate how to use assign multiple variables from array values using the list() language construct.
  • Demonstrate how to check for the existence of specific keys or values within an array.
  • Demonstrate how to attach and how to delete values at both the bottom and top of an array.
  • Assignment 3.
  • Final exam.
  • Final assignment.
Objects and classes (simple overview)
  • Explain some benefits of Object Oriented programming compared to procedural programming.
  • Explain basic OO terminology.
  • Demonstrate how to define and instantiate classes in PHP. Explain constructors and destructors, how to name constructors in PHP 4 and 5+ and how to use constructors.
  • Demonstrate how to use the $this pseudovariable.
  • Explain the concept of inheritance och demonstrate how to use the extends keyword.
  • Explain the concept of polymorfism and demonstrate how to use interfaces and abstract classes in PHP.
  • Briefly explain the differences in the object model between PHP 4 and PHP 5.
  • Explain visibility of properties and methods.
  • Explain class constants, static properties and methods and demonstrate how to use the scope resolution operator (Paamayim Nekudotayim).

(Modules with exercises are appreciated.)

  • Final exam
  • Final assignment
Error handling and exceptions
  • Recognize the types of errors in PHP.
  • Handle interaction errors e.g. GET-data does not match DB-record might produce a 404.
  • Use good error handling strategies. E.g:
    • Differentiate between development servers (show on page) vs. production servers (log errors).
    • Make usable error pages and understandable error messages.
    • Send the correct HTTP status code for error pages.
  • Recognize exceptions and handle them using try and catch.

(Modules with exercises are appreciated.)

  • Final exam.
  • Final assignment.
Server side architecture
  • Recognize what separation of concerns mean for PHP development.
  • Recognize the following concepts: Presentation logic and templates, business logic and data storage logic.
  • Demonstrate a secure and logical directory structure for PHP applictions.
  • Explain include paths. Demonstrate how to write an application that does not depend on being in a specific root directory.
  • Demonstrate a good strategy for filtering all untrusted data.
  • Demonstrate consistent and appropriate escaping of output data.
  • Implement usable, SEO-friendly and hackable URL:s.
  • Recognize rewrite rules.
  • Recognize the abbreviation MVC and briefly explain the rationale behind it.
  • Exercise 4.
  • Final exam.
  • Final assignment.
Handling posted data
  • Explain why client side checks only can be used to offload a server and provide better usability, never for security.
  • Explain why GPC-data might be quoted in PHP 4.x and 5.x. Explain what problems magic quotes were intended to solve, why they did not work properly and are being removed in PHP 6 and how they can be removed in a script.
  • Explain how the superglobal array $_POST relates to name attributes in HTML forms. Demonstrate handling posted data.
  • Recognize the usage of register globals and explain why it is a security hazard. Recognize the bad habit of manually making EGPCS-data into regular variables ($foo = $_POST[‘foo’] or extract($_POST)).
  • Recognize the usage of $_REQUEST and explain why it is considered bad practice to use it.
  • Recognize how sensitive data can be transmitted securily, using encryption. Recognize the abbreviations SSL and TLS.
  • Exercise 5.
  • Final exam.
  • Final assignment.
Sending email
  • Demonstrate simple usage of the mail() function in PHP.
  • Recognize the concept SMTP injection and demonstrate how to avoid it.
  • Exercise 5.
  • Final exam.
  • Final assignment.
Sessions and authentication
  • Recognize the sessionless nature of HTTP.
  • Recognize session fixation and session hijacking. Use session_regenerate_id and set session ID using cookies only.
  • Recognize HTTP-authentication in PHP.
  • Preventing multiple submits of a form.
  • Demonstrate how to prevent cross-posting using a session variable.
  • Final exam.
  • Final assignment.
Cookies
  • Explain the concept of cookies and how they are passed to the server from the browser.
  • Demonstrate how to set and read cookies.
  • Explain the security benefits of server side only cookies, and demonstrate how to set them.
  • Final exam.
  • Final assignment.
File handling and storing data in text files
  • Demonstrate how to read from and write to files.
  • Recognize the different flags used to control the opening of file sockets.
  • Recognize the most common security problems when usiing file functions.
  • Demonstrate how to safely handle files uploaded by the user.
  • Final exam.
  • Final assignment.
Relational Database concepts and MySQL fundamentals
  • List some common Database Management Systems (DBMS).
  • List some common alternatives to storing data in a relational database and briefly explain the merits and disadvantages of each option.
  • Explain how SQLite can be used from every modern PHP installation. (Note: SQLite is primarily included to provide a way to explain data access abstraction using PDO.)
  • Give an overview of how a relational database works.
  • Recognize the terminology used about databases (relation/table, tuple/row, attribute/field/column, default values, NULL, keys, etc).
  • Briefly explain the concept of normalization and recognize the related glossary (keys, functional dependency)
  • List the available data types in MySQL and demonstrate proper usage of the most common ones.
  • Explain the concept of indexes. Demonstrate how to use indexes in MySQL.
  • Recognize the concept of a storage engines in MySQL and briefly explain the main differences between MyISAM and InnoDB.
  • Demonstrate how to use PhpMyAdmin or a graphical tool to set up a database. Make a user with privileges suitable for PHP scripts. Demonstrate how to run queries in the tool.
  • Demonstrate how to backup/dump a MySQL database.
  • Question to reviewers: Is it possible to wait with constraints and referential integrity (foreign keys) until Server Side Scripting 2?
  • Final assignment
  • Final exam
SQL
  • Recognize the glossary of SQL (DDL, DML, CRUD)
  • Demonstrate how to access a MySQL DBMS from a CLI tool.
  • Demonstrate how to SELECT individual records and groups of records; SORT-ing and LIMIT-ing of the results.
  • Demonstrate how to use JOIN.
  • Demonstrate simple usage of SQL-functions (count!)
  • Demonstrate how to INSERT data into a table.
  • Demonstrate how to UPDATE a table and explain why one should always use the WHERE clause doing so.
  • Demonstrate how to DELETE data and explain why one should always use the WHERE clause doing so.
  • Final assignment
  • Final exam
PDO
  • Recognize all 3 built in API’s to access a MySQL database from PHP (mysql, mysqli, PDO). Discuss their strengths and downsides.
  • Demonstrate how to connect to a DBMS with PDO, prepare and execute statements, fetch single results and iterate over result sets.
  • Recognize how to access reults from a prepared statement as normal arrays, associative arrays, objects and objects belonging to a specific class.
  • Demonstrate safe usage of user submitted data in SQL.
  • Recognize how to manually quote user submitted data.
  • Discuss the benefits of prepared statements.
  • Demonstrate how to handle errors and unexpected results using PDO.
  • Demonstrate safe handling of database credentials.
  • Final assignment
  • Final exam
The mysql and the mysqli functions
  • Recognize how to use the mysql and the mysqli functions.
  • Discuss how to safely handle user submitted data using the mysql and the mysqli functions.
  • Final exam
SPL, PEAR and Frameworks
  • Recognize PEAR, PECL, SPL and the most well known PHP Component libraries?
  • Recognize the most common PHP Frameworks.
  • Recognize the most common PHP applications/Content Managament Systems.
  • Recognize the usage of PHP for extended functionality for some big websites (e.g. Facebook)
  • Final exam
Web Services, API’s, RSS, JSON and Ajax
  • Recognize the most common formats for data interchange.
  • Summarize the Ajax pattern for updating a web page.
  • Briefly describe the concepts of API’s and Web Services.
  • Final exam
Shared hosting
  • Recognize the most important technical considerations one must know when chosing a web host.
  • List the most important security considerations one must know about shared hosting.
  • Demonstrate usage of a web host control panel.
  • Final assignment
  • Final exam