24.6     Answers to Chapter 7

This is NOT the latest copy of this book; click here for the latest version.

1. "What is the reason that register_globals is disabled by default in PHP" Because it's massively insecure - it mixes up $_GET, $_POST, $_SESSION, and other variables without any way to tell where they came from.

2. "Which of the following superglobals are not contained inside of $_REQUEST" The answer is "b", but it's a trick question: $_COOKIE is included in $_REQUEST, but $_COOKIES I just made up - sorry!

3. "Give one advantage of using POST to send form data, and one advantage of using GET" There are a selection to choose from: POST is more secure ans allows more data to be sent. GET is easier to edit directly (for more advanced users) and also is remembered by browsers because it's just in the URL, whereas POST brings up messages like "Are you sure you want to resubmit this form?"

4. "Why is the is_numeric() function a better choice for form validation than the is_int() function" Because all form data is sent as strings, and is_numeric() returns true if a variable is an integer or a string containing an integer.

5. "Which PHP function will automatically strip any HTML tags out of a variable" Strip_tags(), of course.

6. "Why might the CTYPE functions be the preferred method for data validation" They are capable of more advanced things, but do keep in mind they are less well-known than traditional validation techniques.

7. "Client-side validation should be avoided at all times: true or false" The answer is "false", because it can help lower server resource usage. Of course, you should never rely on client-side validation to be working.