BudiBaduQuiziBadu

PHP Superglobals Quiz

PHP
0 Passed
0% acceptance

A 30-question PHP quiz on superglobals, balancing code walkthroughs and review scenarios about $_GET, $_POST, $_SERVER, $_COOKIE, $_SESSION, $_FILES, $_ENV, and $GLOBALS usage.

30 Questions
~60 minutes
1

Question 1

What is the primary reason reviewers warn against accessing $_GET values directly inside deeply nested logic?

A
It hides the data dependency, making inputs harder to validate or mock.
B
$_GET is slower than reading a config file.
C
Superglobals cannot be used in functions.
D
PHP automatically clears $_GET after one access.
2

Question 2

What does this snippet echo when visiting /page.php?name=Nova?

php
<?php
echo htmlspecialchars($_GET['name'] ?? 'Guest', ENT_QUOTES, 'UTF-8');
?>
A
Nova
B
Guest
C
D
name
3

Question 3

Why do security guides discourage merging $_GET and $_POST via $_REQUEST for sensitive endpoints?

A
$_REQUEST mixes multiple sources, making it unclear which transport delivered the data and opening alternative injection paths.
B
$_REQUEST is deprecated in PHP 8.
C
$_REQUEST cannot be sanitized.
D
$_REQUEST only exists for CLI.
4

Question 4

What does this POST-handling snippet echo when $_POST["email"] is missing?

php
<?php
$email = filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL);
echo $email === null ? 'no field' : ($email === false ? 'invalid' : 'ok');
?>
A
no field
B
invalid
C
ok
D
NULL
5

Question 5

Why should $_SERVER["HTTP_REFERER"] never be used directly for authorization decisions?

A
Clients control the header and can spoof any value, so it is not a trustworthy signal.
B
The header is always empty on HTTPS.
C
Using it triggers PHP warnings.
D
PHP hashes the value automatically.
6

Question 6

What will this script echo if the request method is POST?

php
<?php
echo $_SERVER['REQUEST_METHOD'] === 'POST' ? 'process' : 'skip';
?>
A
process
B
skip
C
POST
D
7

Question 7

Why does $_FILES require checking both error codes and mime type rather than trusting user-provided filenames?

A
Filenames can be spoofed, while error codes and verified mime types confirm whether the upload succeeded and matches expectations.
B
PHP automatically deletes filename metadata.
C
$_FILES only supports JPG files.
D
MIME types cannot be read from $_FILES.
8

Question 8

What does this upload check output if $_FILES["avatar"]["error"] equals UPLOAD_ERR_NO_FILE?

php
<?php
$file = $_FILES['avatar'] ?? null;
if (!$file || $file['error'] === UPLOAD_ERR_NO_FILE) {
    echo 'missing';
} else {
    echo 'got file';
}
?>
A
missing
B
got file
C
UPLOAD_ERR_NO_FILE
D
9

Question 9

Why should $_SESSION writes happen before output buffering is flushed?

A
Session handlers often rely on headers or locking; flushing output too early might send headers before session data is persisted.
B
Sessions do not work on HTTPS.
C
Output buffering encrypts session data automatically.
D
$_SESSION cannot be used after echo statements.
10

Question 10

What does this session snippet echo on first load?

php
<?php
session_start();
if (!isset($_SESSION['visits'])) {
    $_SESSION['visits'] = 0;
}
$_SESSION['visits']++;
echo $_SESSION['visits'];
?>
A
1
B
0
C
undefined
D
Notice
11

Question 11

Why do hardening guides discourage writing arbitrary keys into $GLOBALS?

A
It bypasses scope boundaries, making code unpredictable and increasing risk of collisions or overwriting critical globals.
B
$GLOBALS is read-only.
C
$GLOBALS cannot store arrays.
D
PHP forbids $GLOBALS in CLI scripts.
12

Question 12

What does this $GLOBALS access echo?

php
<?php
$token = 'abc';
function showToken() {
    echo $GLOBALS['token'] ?? 'none';
}
showToken();
?>
A
abc
B
none
C
$token
D
Error
13

Question 13

Why is putenv/getenv usage typically wrapped in helper functions instead of scattered throughout the app?

A
Centralizing environment access documents required variables, simplifies testing, and prevents typos or case mismatches.
B
getenv is deprecated.
C
putenv only works with arrays.
D
Environment variables cannot be read after 50 requests.
14

Question 14

What does this getenv snippet echo if MY_FLAG is missing?

php
<?php
$flag = getenv('MY_FLAG');
echo $flag === false ? 'unset' : $flag;
?>
A
unset
B
C
false
D
MY_FLAG
15

Question 15

Why should developers use filter_input instead of raw $_GET/$_POST when sanitizing numerical query parameters?

A
It bundles retrieval and validation, avoids undefined index notices, and supports PHP's filter system in one call.
B
$_GET cannot hold numeric strings.
C
filter_input automatically hashes the value.
D
filter_input is required for arrays.
16

Question 16

What does this CLI-focused script echo when run as php task.php foo bar?

php
<?php
echo $_SERVER['argv'][1] ?? 'none';
?>
A
foo
B
task.php
C
bar
D
none
17

Question 17

Why do documentation templates remind developers to check $_SERVER["HTTPS"] or $_SERVER["REQUEST_SCHEME"] carefully before enforcing redirects?

A
These keys vary by server setup; relying on one without a fallback can mis-detect HTTPS and cause redirect loops.
B
HTTPS detection only works on Apache.
C
REQUEST_SCHEME always equals ftp.
D
$_SERVER cannot be used for redirects.
18

Question 18

What does this HTTPS check echo on a secure request with $_SERVER["HTTPS"]="on"?

php
<?php
$isSecure = !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off';
echo $isSecure ? 'secure' : 'plain';
?>
A
secure
B
plain
C
on
D
19

Question 19

Why does $_COOKIE access typically pair with isset checks even if default values are provided elsewhere?

A
Cookies may not exist or might be blocked by the browser; checking prevents undefined index notices and clarifies fallbacks.
B
Cookies cannot store strings.
C
isset automatically encrypts cookie data.
D
Cookies expire immediately after reading.
20

Question 20

What does this cookie snippet echo if "lang" is not set?

php
<?php
$lang = $_COOKIE['lang'] ?? 'en';
echo $lang;
?>
A
en
B
C
lang
D
null
21

Question 21

Why is it unsafe to trust $_SERVER["REMOTE_ADDR"] for rate limiting behind reverse proxies?

A
Proxy setups often present the proxy IP unless you honor forwarded headers, so REMOTE_ADDR alone may throttle multiple users incorrectly.
B
REMOTE_ADDR only exists in CLI.
C
REMOTE_ADDR comes base64 encoded.
D
Forwarded headers are immutable.
22

Question 22

What does this snippet echo when REMOTE_ADDR is 192.0.2.1?

php
<?php
$ip = $_SERVER['REMOTE_ADDR'] ?? '0.0.0.0';
echo $ip;
?>
A
192.0.2.1
B
0.0.0.0
C
D
REMOTE_ADDR
23

Question 23

Why should $_FILES["file"]["tmp_name"] be passed to move_uploaded_file rather than copying the original name?

A
The temp name points to the actual upload on disk; copying by original name risks reading a file that was never uploaded.
B
move_uploaded_file only works with .tmp extensions.
C
tmp_name stores the mime type.
D
Files remain in tmp forever without move_uploaded_file.
24

Question 24

What does this file-move snippet echo when the upload succeeds?

php
<?php
$file = $_FILES['avatar'] ?? null;
if ($file && $file['error'] === UPLOAD_ERR_OK) {
    echo move_uploaded_file($file['tmp_name'], __DIR__ . '/uploads/' . basename($file['name'])) ? 'saved' : 'failed';
} else {
    echo 'invalid';
}
?>
A
saved
B
failed
C
invalid
D
25

Question 25

Why should $_SERVER["HTTP_HOST"] be sanitized before embedding into redirects or HTML titles?

A
Attackers can supply arbitrary Host headers, so using the value blindly can enable XSS or open redirects.
B
HTTP_HOST is limited to lowercase letters only.
C
Sanitizing reduces bandwidth.
D
HTTP_HOST cannot be read during CLI runs.
26

Question 26

What does this host validation snippet echo for a trusted host list ["app.test","admin.test"] if HTTP_HOST is admin.test?

php
<?php
$allowed = ['app.test', 'admin.test'];
$host = $_SERVER['HTTP_HOST'] ?? '';
echo in_array($host, $allowed, true) ? 'trusted' : 'reject';
?>
A
trusted
B
reject
C
admin.test
D
27

Question 27

Why is $_ENV typically populated only when variables_order includes "E" in php.ini?

A
PHP builds the $_ENV array based on the variables_order directive; omitting "E" keeps it empty to save resources.
B
$_ENV only works on Windows.
C
$_ENV automatically mirrors $_SERVER regardless of config.
D
variables_order affects only $_GET and $_POST.
28

Question 28

What does this script echo if variables_order omits "E" and $_ENV is empty while getenv works?

php
<?php
$env = $_ENV['MODE'] ?? getenv('MODE') ?? 'default';
echo $env;
?>
A
Value of getenv(MODE) if set; otherwise default
B
C
MODE
D
Always default regardless of getenv
29

Question 29

Why do tests often seed $_SERVER, $_GET, and $_POST manually before including controller files?

A
Seeding superglobals mimics request state, allowing controllers to run in isolation without an actual web server.
B
Superglobals cannot be read inside PHPUnit.
C
Controllers require exec() to run.
D
PHP refuses to include files without superglobals.
30

Question 30

What does this test helper echo when $_POST["token"]="abc", $_SERVER["REMOTE_ADDR"]="127.0.0.1", and $_SERVER["HTTP_X_FORWARDED_FOR"] is unset?

php
<?php
$_POST['token'] = 'abc';
$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
unset($_SERVER['HTTP_X_FORWARDED_FOR']);
$token = $_POST['token'] ?? '';
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'] ?? $_SERVER['REMOTE_ADDR'] ?? '0.0.0.0';
echo $token . '@' . $ip;
?>
A
[email protected]
B
[email protected]
C
@127.0.0.1
D
token@forwarded

Other Quiz Categories

JavaScript
47 quizzes
Basics
Variables & Data Types
Operators & Expressions
Rust
30 quizzes
Cargo and Project Setup
Variables and Mutability
Data Types
Python
29 quizzes
Introduction & Core Fundamentals
Data Types Overview
Type Casting
Golang
29 quizzes
Basics & Syntax
Data Types & Zero Values
Operators & Expressions
C++
26 quizzes
Basics
Variables & Data Types
Operators & Expression
Java
22 quizzes
Java Basics & JVM Fundamentals
Variables, Data Types & Type Casting
Operators & Expressions
Matlab
21 quizzes
Basics & Environment
Variables and Data Type
Arrays and Matric
TypeScript
19 quizzes
Introduction and Overview
Installation and Configuration
Basic Types and Type Annotations
SQL Database
15 quizzes
Foundations and Basics
Basic Query Selection
Filter, Sort, and Alias Essentials
Linked List
11 quizzes
Introduction
Node Structure and Pointer Fundamentals
Singly Linked List

QUIZZES IN PHP

1

Syntax Building Blocks

35

A 35-question quiz that strengthens knowledge of PHP syntax, language structure, tags, statements, interpolation, and foundational control constructs before stepping into frameworks.

2

Variable Naming

35

A 35-question quiz devoted to PHP variables, naming conventions, scope rules, references, and the small habits that keep data easy to follow across templates, services, and background jobs.

3

Data Types Overview

40

A 40-question quiz covering how PHP represents scalars, arrays, objects, enums, and resources so teams can reason about conversions, validation, and storage when values move through an application.

4

Type Coversion

35

A 35-question quiz focused on PHP type conversion strategies so you can juggle user input, database values, and API payloads without letting silent coercion hide bugs or security issues.

5

Comparison Logic

30

A 30-question quiz on PHP comparison rules, strict versus loose equality, ordering operators, and guard-rail techniques so reviewers can trust every condition that protects data and features.

6

String Handling

30

A 30-question quiz on PHP string handling, covering interpolation, encoding, concatenation, formatting, searching, and multibyte safety so everyday text processing stays predictable.

7

Array Basics

35

A 35-question quiz on PHP arrays covering creation, indexing, iteration, built-in helpers, references, and defensive patterns so every list, map, and collection behaves predictably.

8

Control Flow and Iteration

50

A 50-question quiz entirely built around PHP control flow and iteration, using only code-based prompts to reinforce conditionals, loops, matches, early returns, and loop controls in real scenarios.

9

Superglobals

30

A 30-question PHP quiz on superglobals, balancing code walkthroughs and review scenarios about $_GET, $_POST, $_SERVER, $_COOKIE, $_SESSION, $_FILES, $_ENV, and $GLOBALS usage.

10

Input Handling

30

A 30-question quiz on PHP input handling that balances code review scenarios and short snippets covering validation, sanitization, filtering, and consistent error handling for web and CLI inputs.

11

Sessions Overview

40

A 40-question quiz on PHP session handling that blends policy questions and code snippets about session_start, storage, locking, regeneration, security flags, and lifecycle management.

12

Cookie Handling Essentials

35

A 35-question quiz that examines how PHP applications set, scope, secure, and debug cookies for personalization, analytics, and authentication touchpoints.

13

Dates and Times

50

A 50-question quiz that sharpens instincts around PHP dates, timezones, formatting, parsing, scheduling windows, and daylight-saving pitfalls, with 20 hands-on code checks.

14

Error Handling Levels

35

A 35-question quiz that demystifies PHP error reporting levels, display/log configuration, custom handlers, and production-safe diagnostics with 11 practical code checks.

15

Standard Library Strategies

35

A 35-question quiz exploring PHP SPL iterators, data structures, autoloading hooks, and stream helpers with 11 concise code walk-throughs for everyday review scenarios.