Scribd
Upload
5 views2 pages

Quiz 4 Spring 2024

This document is a quiz for CMSC 424, consisting of 10 questions related to PHP, SQL, and web security concepts. It covers topics such as data passing methods, PHP classes for MySQL connections, SQL query processing, and SQL injection vulnerabilities. Each question is designed to test the understanding of PHP scripting and database interactions.

Uploaded by

Jose Cruz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
5 views2 pages

Quiz 4 Spring 2024

This document is a quiz for CMSC 424, consisting of 10 questions related to PHP, SQL, and web security concepts. It covers topics such as data passing methods, PHP classes for MySQL connections, SQL query processing, and SQL injection vulnerabilities. Each question is designed to test the understanding of PHP scripting and database interactions.

Uploaded by

Jose Cruz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

CMSC 424 02 – QUIZ # 4 – April 9, 2024 – NAME and UID below

1 – One method to pass data to the server from a client is GET; name another method (10
points)

2 – What is the name of the PHP class that we use to establish a connection to mysql on
the server and to execute SQL queries (10 points)

3 – We are processing the result of an SQL query.


while( $row = $result-> fetch_assoc( ) ) {
// Assign the value found at the column email for $row to $email (10 points)

$email =

4 – We are coding an HTML file that will be included in a PHP script in which the
variable $price will be assigned a value. Include a PHP expression below that will
evaluate to whatever the value of $price is. (10 points)

5 – Inside a PHP script, we want to include an HTML file named Hi.html that includes a
few PHP expressions. What is true about the statement that includes that file? (10 points)

o Place the statement include( "Hi.html" ); at the end of the script


o Place the statement include( "Hi.html" ); at the beginning of the script
o Place the statement import( "Hi.html" ); at the end of the script
o Place the statement import( "Hi.html" ); at the beginning of the script
6 – Assuming a website has no defense against SQL injection, an attacker can only
successfully perform an SQL injection attack if the expected user input is a number, i.e.
the attacker cannot successfully perform an SQL injection attack if the expected user
input is a string. (10 points)

o True
o False

7 – SQL injection question: user input is expected to be an integer. You know that below
100, there is no result but there are results if the input is 100 or higher. What input would
use to find out if there is a table named test? Your input should be as generic as possible.
DO NOT use the keyword UNION. (10 points)

8 – When connecting to mysql using the constructor of the class in question 2, three
parameters are the server url, the user's login name and the user's password. What is the
4th parameter? (10 points)

9 – How would you characterize one-way encryption? (10 points)

o The key to decrypt is the same as the key to encrypt


o The key to decrypt is the different from the key to encrypt
o We can encrypt but cannot decrypt
o There is a public key to encrypt and a private key to decrypt

10 – If we have the class A in file A.php and A contains a constant named USER, how
would you access USER from another PHP file (assuming A.php is correctly imported).

$user =

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy