W3school Certifications

[Codeguru]

First I'd like to know if it is truly worth it to get the certifications from this site or are there other places to get them that are more credible? Maybe it's just the ease of the information being organized so well on the tutorials and examples and then boom right into being able to get certified but I thought there would be more to it than that. Also, as for picking a supervisor. Would anyone have a suggestion for someone like me who has graduated college already with no access to a professor and also does not have a boss willing to supervise?... Codeguru

[jeffman]

Telephone Human Resources at web development companies large enough to have Human Resources departments. Tell the HR person you are NOT looking for a job, but would be interested in knowing how much weight these certifications might have as part of an application. Even if HR is not a developer, HR will know what kinds of things show up on the resumes of people they hire.

[RyanReese]

Well I took the CSS one.75 questions or so...took me 10 minutes and 4 seconds with 0 wrong...most worthless test ever.I'll still put it on resumes...though I would not recommend doing it.

[Codeguru]

Wow, I'd expect a more solid answer considering how official this site is and how long it's been around. I guess that means it's not as official as I thought. I guess I will look for other avenues of certification... Codeguru

[fabs]

[Ingolme]

Why do you contiue to post pointless responses to topics? It doesn't contribute to the forum and it takes extra space in the database.

[thescientist]

i genuinally lol'ed at the sight of that fabs post. my first thread read outside of HTML & CSS forums! priceless.

[Synook]

Wow, I'd expect a more solid answer considering how official this site is and how long it's been around. I guess that means it's not as official as I thought. I guess I will look for other avenues of certification...

Official?

[chibineku]

Official?

Given that the W3C set the standards that browsers (supposedly) adhere to and effectively govern the development of web languages, it seems like they should have more clout. Don't get me wrong, I constantly use the tutorial pages and the forum is great, but the quizzes and exams could do with an overhaul. If they were tougher and more widely recognized then a certificate from W3C would be a real feather in your cap. I think by official he just means more weighty.

[Ingolme]

This is not the W3C. This is W3Schools. The two aren't affiliated in any way.Here's a link to the official W3C site: http://www.w3.orgThis is the URL for W3Schools: http://www.w3schools.com

[chibineku]

Oh, I thought they had to be related, given the names. I feel ever so slightly cheated

[Codeguru]

Well then that explains it, I thought they were one in the same. Looks like I should definately look elsewhere for certifications. This is a great site for reference and learning, just wish I could take all that and get certified in a more proper way through here. I can't speak for employers but an online certification with multiple choice answers is probably either a step up or down from a correspondence course... Codeguru

[Jonas]

Well then that explains it, I thought they were one in the same. Looks like I should definately look elsewhere for certifications. This is a great site for reference and learning, just wish I could take all that and get certified in a more proper way through here. I can't speak for employers but an online certification with multiple choice answers is probably either a step up or down from a correspondence course... Codeguru

No need to go elsewhere really, w3schools just stands for www-schools, and while it's understandable to find it confusing with the W3C, it doesn't negate the learning you can do on this site, particularly the forum. As for certifications, the only real, heavy-weight certification you get is from universities, and that costs lots of money, both for books and lectures/courses. A good portfolio speaks volumes more than a paper certification anyhow. Start taking small assignments for little pay, build up a portfolio of sites showing you can actually employ the techniques, not just read the theory. Try to implement different serverside technologies, guestbooks, content management systems, online shops and payment systems etc. and make them secure from server attacks. If you can combine serverside technologies with a functioning interface and even graphical design, you've got lots of cards to play.

[Codeguru]

No need to go elsewhere really, w3schools just stands for www-schools, and while it's understandable to find it confusing with the W3C, it doesn't negate the learning you can do on this site, particularly the forum. As for certifications, the only real, heavy-weight certification you get is from universities, and that costs lots of money, both for books and lectures/courses. A good portfolio speaks volumes more than a paper certification anyhow. Start taking small assignments for little pay, build up a portfolio of sites showing you can actually employ the techniques, not just read the theory. Try to implement different serverside technologies, guestbooks, content management systems, online shops and payment systems etc. and make them secure from server attacks. If you can combine serverside technologies with a functioning interface and even graphical design, you've got lots of cards to play.

Yeah that brings something up, is there a good tutorial anywhere for making site secure? I've thought about trying to make a login system to use with websites or something like that using MySQL but how do you secure the information? I know that POSTing instead of GETing is a main way but is that even what you mean by server attacks?... Codeguru

[Ingolme]

You use mysql_real_escape_string() on the value of the strings, intval() on integers and floatval() on floating point numbers before putting them into a query. That will make sure it's secure.If you don't want people to modify the HTML of your page with database entries, you'll have to use htmlspecialchars() or htmlentities().Except for intval() and floatval() (You can see them at http://php.net) , they are all on the W3Schools' PHP reference.

[justsomeguy]

It's also up to you to validate that a user actually has permission to do whatever they're trying to do. If you get a request to update the database, in addition to sanitizing the data, you need to make sure that the user actually has permission to do whatever they're trying to do.

[jeffman]

Don't let unregistered users upload files. Make sure registered users upload files within specific, reasonable size requirements, and only up to a limited number. (Otherwise, your drive space will fill up on day one.)

[justsomeguy]

Speaking of files, if you're opening a file name based on user-submitted input, you really need to validate that. You need to make sure the file you're opening is something that you should actually be opening. Failure to validate things like include files or whatever can open up major security holes.And never let users upload PHP or any other shell-executable files. Never. Not Ever.Also, get a book about PHP security practices. PHP security is a lot more involved than mysql_real_escape_string.

[Codeguru]

If you don't want people to modify the HTML of your page with database entries, you'll have to use htmlspecialchars() or htmlentities().

Can you specify how that works? Looking at the commands it just edits the html source to include special code characters that represent the odd characters or quotes. How do they edit html with database entries?The other commands are just used like "x= mysql_real_escape_string(x);" and it's that way every single time you have to jam a variable into an SQL query? And that even doing that does nothing according to justsomeguy? This is what freaks me out about trying to build a website, if I use a template, they could come with backdoors all nice and coded to screw me, and if I do it myself I could miss something easily. I guess it's worth buying a book on, but it would be nice if it came with a CD full of examples... Codeguru

[justsomeguy]

And that even doing that does nothing according to justsomeguy?

I said no such thing, I just said that securing a site requires more than mysql_real_escape_string. Using mysql_real_escape_string is required to sanitize string data going into a MySQL query, but website security is about more than sanitizing strings going into MySQL queries. That's all I meant.Another thing to consider would be email contact forms, if you let any user data into the headers it might be vulnerable. This would be exploitable by a spammer:mail('me@domain.com', 'website feedback', $_POST['comments'], 'From: ' . $_POST['email']);You can read about why here:http://w3schools.invisionzone.com/index.php?showtopic=16773Security isn't something you need to be scared about, just aware of. You'll learn a lot of it through experience, whether you want to or not. If you scroll backwards through the PHP forum and look at some of the old threads, you'll see a lot of information there.