1.Do you know about Cross site Scripting?

Cross-site scripting (XSS) is a security exploit in which the attacker inserts malicious coding into an link that appears to be from a trustworthy source. When someone clicks on the link, the embedded programming is submitted as part of the client's Web request and can execute on the user's computer, typically allowing the attacker to steal information.

       Web forms that dynamically return an error message including user input data make it possible for attackers to alter the HTML that controls the behavior of the form and/or the page. Attackers do this in a number of ways, for example by inserting coding into a link in a forum message or in a spam message. The attacker may use e-mail spoofing to pretend to be a trusted source.

2.What is session hijacking?

Session hijacking, also known as TCP session hijacking, is a method of taking over a Web user session by surreptitiously obtaining the session ID and masquerading as the authorized user. Once the user's session ID has been accessed (through session prediction), the attacker can masquerade as that user and do anything the user is authorized to do on the network.

        The session ID is normally stored within a cookie or URL. For most communications, authenticationprocedures are carried out at set up. Session hijacking takes advantage of that practice by intruding in real time, during a session. The intrusion may or may not be detectable, depending on the user's level of technical knowledge and the nature of the attack. If a Web site does not respond in the normal or expected way to user input or stops responding altogether for an unknown reason, session hijacking is a possible cause.

3.Authentication – General Definition

Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be. In private and public computer networks (including the Internet), authentication is commonly done through the use of logon passwords. Knowledge of the password is assumed to guarantee that the user is authentic. Each user registers initially (or is registered by someone else), using an assigned or self-declared password. On each subsequent use, the user must know and use the previously declared password. The weakness in this system for transactions that are significant (such as the exchange of money) is that passwords can often be stolen, accidentally revealed, or forgotten.

4.What is smarty?

Smarty is a template engine written in PHP. Typically, these templates will include variables —such as {$variable}— and a range of logical and loop operators to allow adaptability within of the template.

5.What is Model-view-controller (MVC)

Model-view-controller (MVC) is a design pattern used in software engineering. In complex computer applications that present lots of data to the user, one often wishes to separate data (model) and user interface (view) concerns, so that changes to the user interface do not impact the data handling, and that the data can be reorganized without changing the user interface. The model-view-controller design pattern solves this problem by decoupling data access and business logic from data presentation and user interaction, by introducing an intermediate component: the controller.

What is the difference between mysql_fetch_object and mysql_fetch_array?

Returns an object with properties that correspond to the fetched row and moves the internal data pointer ahead.

mysql_fetch_object() example

<?php
mysql_connect("hostname"localhost "user", " ");
mysql_select_db("mydb");
$result = mysql_query("select * from mydata");
while ($row = mysql_fetch_object($result)) {
echo $row->user_id;
echo $row->fullname;
}
mysql_free_result($result);
?>

6.How can we submit a from without a submit button?

We can use a simple JavaScript code linked to an event trigger of any form field. In the JavaScript code, we can call the document.form.submit() function to submit the form

7,What is difference between GET and POST methods in from submitting? Give the cases where we can use GET and POST methods?

In GET Method we can bookmark the URLs where as in POST method its not possible

In GET Method there is a limit for passing the data from one page to another(ie 256 characters according to w3c standards)
But in POST we can send large amount of data

Compared to POST get is Faster

POST is more secure than get method

If you refersh the page , POST method shows an annoying alert box

Some firewalls doesnt allow POST methods.

All the informations which is passed by GET method will be stored in webserver(log file) but in POST we can not

8.What is difference between stristr() and stristr()?

strstr -- Find first occurrence of a string

strstr() example

<?php
$email = ' This e-mail address is being protected from spam bots, you need JavaScript enabled to view it ';
$domain = strstr($email, '@');
echo $domain; // prints @example.com
?>
stristr -- Case-insensitive strstr()

9.what is meant by PEAR in php?

PEAR PHP Extension and Application Repository
PEAR is the next revolution in PHP. This repository is bringing higher level programming to PHP. PEAR is a framework and distribution system for reusable PHP components. It eases installation by bringing an automated wizard, and packing the strength and experience of PHP users into a nicely organised OOP library.

---