0
0
PHPprogramming~20 mins

Why security is critical in PHP - Challenge Your Understanding

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
PHP Security Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
Predict Output
intermediate
2:00remaining
What is the output of this PHP code with SQL injection risk?
Consider this PHP code snippet that takes user input and queries a database. What will be the output if the input is 1 OR 1=1?
PHP
<?php
$user_input = "1 OR 1=1";
$query = "SELECT * FROM users WHERE id = $user_input";
echo $query;
?>
ASyntax error in query
BSELECT * FROM users WHERE id = '1 OR 1=1'
CSELECT * FROM users WHERE id = 1
DSELECT * FROM users WHERE id = 1 OR 1=1
Attempts:
2 left
💡 Hint
Look at how the variable is inserted directly into the query string.
🧠 Conceptual
intermediate
1:30remaining
Why is input validation important in PHP?
Which of the following best explains why input validation is critical in PHP applications?
AIt automatically encrypts user passwords.
BIt makes the website load faster by reducing input size.
CIt prevents malicious data from causing unexpected behavior or security breaches.
DIt allows users to enter any data without restrictions.
Attempts:
2 left
💡 Hint
Think about what happens if bad data is accepted without checks.
🔧 Debug
advanced
2:30remaining
Identify the security flaw in this PHP password handling code
What is the main security problem with this PHP code snippet for storing passwords?
PHP
<?php
$password = $_POST['password'];
$stored = md5($password);
// Store $stored in database
?>
AThe password is not encrypted before hashing.
BUsing md5 for passwords is insecure and can be easily cracked.
CThe code does not check if the password is empty.
DThe password is stored in plain text.
Attempts:
2 left
💡 Hint
Consider modern best practices for password hashing.
📝 Syntax
advanced
1:30remaining
What error does this PHP code produce?
What error will this PHP code cause?
PHP
<?php
if(isset($_GET['id'])) {
  $id = $_GET['id'];
  $query = "SELECT * FROM users WHERE id = '$id";
  // execute query
}
?>
ASyntax error due to missing closing quote in SQL query string.
BUndefined variable error for $id.
CParse error due to missing semicolon.
DNo error, code runs fine.
Attempts:
2 left
💡 Hint
Look carefully at the quotes inside the query string.
🚀 Application
expert
3:00remaining
How many items are in the resulting array after this PHP code runs?
Given this PHP code that filters user input, how many items will be in the $safe_inputs array?
PHP
<?php
$inputs = ['<script>', 'hello', '123', 'DROP TABLE users;', 'world'];
$safe_inputs = array_filter($inputs, function($item) {
  return !preg_match('/<|>|DROP|TABLE/i', $item);
});
echo count($safe_inputs);
?>
A3
B2
C4
D5
Attempts:
2 left
💡 Hint
Count how many items do NOT match the pattern.