1. What is difference between GET/POST?
GET method makes a long URL string include variables and values. But the sending content is limited and the value could be modified by the user. And the web server maybe response result from cache because this method send data by URL.
POST method can handle data with multiple types include non-ASCII character. Browser send date which enclose after HTTP header in the package, and web server receives the data by standard input stream (stdin) in POST method.
2. How do you keep state using Web forms?
To add input box into web form, then change the type field to be "hidden". When user enters data and hidden fields have kept the same values. But this method is not safely, user could modify hidden fields to send error state if it want to confuse the server-side programs.
3. Given a line of text $string, how do you use "regular expression" to strip all html tags from it?
#!/usr/bin/php
$handle = fopen("http://tw.yahoo.com/", "rb");
while (!feof($handle)) {
$string .= fread($handle, 8192);
}
fclose($handle);
echo preg_replace("/<[^>]*>/","",$string);
?>
4. Describe UNIX IPC's ?
Inter-Process Communication (IPC) is a set of solutions for the exchange of data among two or more threads in one or more processes. Generally, it includes signal, pipes and sockets. In System V R4, it realizes these mechanisms include semaphores, messages queues, and shared memory. Except for System V IPC, most forms of IPC are half-duplex whose data flow in only one direction.
5. Write an algorithm to reverse the order of words within a string, i.e. given char *string = "The cow jumped over the moon" becomes "moon the over jumped cow The". Use as little memory space as possible, time is not a factor.
#include "stdio.h"
#include "string.h"void ReverseWord(char *begin,char *end){
if ((begin==NULL) || (end==NULL)) return;
if (end < begin) return;
char *b = begin;
char *e = end;
char tmp;
while(b < e){
tmp = *b;
*b = *e;
*e = tmp;
b++;
e--;
}
}int main(){
char str[] = "The cow jumped over the moon";
ReverseWord(str, str+(strlen(str)-1));
char *m,*n;
m = n = str;
while(*m!=0){
if (*m==' '){
ReverseWord(n,m - 1);
while((*m==' ')&&(*m!=0))
m++;
if (*m!=0){
n = m;
m++;
}
} else {
m++;
}
}
ReverseWord(n,m - 1);
printf("%s\n",str);
return 0;
}
6. In C, please write a program to print out an integer number 12345 without using printf?
fprintf(stdout, "%d\n", 12345);
7. Given an array in
PHP :
$ list = array('apple'=>300, 'orange'=>150, 'banana'=>100, 'mango'=>330)
Perl :
%list = ( 'apple'=>300, 'orange'=>150, 'banana'=>100, 'mango'=>330 ) ;
C++:
typdef map< string, int, less
array_type m;
m.insert(array_type::value_type("apple", 300));
m.insert(array_type::value_type("orange", 150));
m.insert(array_type::value_type("banana", 100));
m.insert(array_type::value_type("mango", 330));
Please choose one language above and write a program to sort the array by the order of key and value respectively with your own sorting algorithm.
Please don't use the sorting functions provided by language.
#!/usr/bin/php$list = array('apple'=>300, 'orange'=>150, 'banana'=>100, 'mango'=>330);
print_r(selection_sort($list, 'key', True));
print_r(selection_sort($list, 'value'));function compare($a, $b){
if (is_numeric($a)) {
return $a > $b;
} else {
return strcmp($a, $b) > 0;
}
}function selection_sort($array, $orderby = 'value', $asc = True){
if (empty($array)) {
return array();
}if ($orderby == 'key') { // keys are unique
$array_keys = array_keys($array);
$array_keys = selection_sort($array_keys,'',$asc);foreach ($array_keys as $key) {
$result[$key] = $array[$key];
}return $result;
}$result = array();
foreach ($array as $v) {
$min = NULL;
$min_key;
$min_value;foreach ($array as $key => $value) {
if ($min == NULL || compare($min, $value) == $asc) {
$min = $value;
$min_key = $key;
$min_value = $value;
}
}if (!is_int($min_key)) {
$result[$min_key] = $min_value;
} else {
$result[] = $min_value;
}
unset($array[$min_key]);
}return $result;
}
?>
8. What sort of things do you need to worry about from a security perspective when writing a web application?
(1) Who uses?
Who are the stakeholders, or users, of this application? If the application that is used in intranet must has Authority and Authentication mechanism. Otherwise, what can they do if user is in internet? So, this is first isolation issue before writing a web application.
(2) Sanitize browser input
All input from web browsers, such as user data from HTML forms and cookies, should be stripped of special characters and HTML tags. Input containing special characters such as ! and & could cause the web server to execute an operating system command or have other unexpected behavior, like SQL Injection. User input stored on the server, such as comments posted to a web discussion program, could contain malicious HTML tags and scripts. When another user views the input, that user's web browser could execute the HTML and scripts, like Cross-site scripting.
(3) Don't use "hidden" fields
A better way of preserving state information and settings is to store data in a file or database on the server then use an HTTP cookie or unique URL ID to reference the file. This is more difficult to program, but important data stays on your server.
(4) Use POST instead of GET
Even though POST information is generally not logged, like all other plain text information sent from a browser it can still be sniffed as it passes across the Internet. However, sniffing must be done in real time as information is sent across the Internet and requires the attacker to have physical access to the data lines between the web browser and web server. The risk of information being sniffed is far less than the risk of information being gathered from log files.
(5) Software Engineering
All of the above, they must follow methodology of software develop, etc. eXtreme Programming, Rapid Development... If don't develop the application in accordance with those rule, you will fall into fix and bugs whirlpool.
