Codeguru Posted May 7, 2009 Share Posted May 7, 2009 First I'd like to know if it is truly worth it to get the certifications from this site or are there other places to get them that are more credible? Maybe it's just the ease of the information being organized so well on the tutorials and examples and then boom right into being able to get certified but I thought there would be more to it than that. Also, as for picking a supervisor. Would anyone have a suggestion for someone like me who has graduated college already with no access to a professor and also does not have a boss willing to supervise?... Codeguru Link to comment Share on other sites More sharing options...
jeffman Posted May 7, 2009 Share Posted May 7, 2009 Telephone Human Resources at web development companies large enough to have Human Resources departments. Tell the HR person you are NOT looking for a job, but would be interested in knowing how much weight these certifications might have as part of an application. Even if HR is not a developer, HR will know what kinds of things show up on the resumes of people they hire. Link to comment Share on other sites More sharing options...
RyanReese Posted May 8, 2009 Share Posted May 8, 2009 Well I took the CSS one.75 questions or so...took me 10 minutes and 4 seconds with 0 wrong...most worthless test ever.I'll still put it on resumes...though I would not recommend doing it. Link to comment Share on other sites More sharing options...
Codeguru Posted May 8, 2009 Author Share Posted May 8, 2009 Wow, I'd expect a more solid answer considering how official this site is and how long it's been around. I guess that means it's not as official as I thought. I guess I will look for other avenues of certification... Codeguru Link to comment Share on other sites More sharing options...
fabs Posted May 9, 2009 Share Posted May 9, 2009 Link to comment Share on other sites More sharing options...
Ingolme Posted May 9, 2009 Share Posted May 9, 2009 Why do you contiue to post pointless responses to topics? It doesn't contribute to the forum and it takes extra space in the database. Link to comment Share on other sites More sharing options...
thescientist Posted May 11, 2009 Share Posted May 11, 2009 i genuinally lol'ed at the sight of that fabs post. my first thread read outside of HTML & CSS forums! priceless. Link to comment Share on other sites More sharing options...
Synook Posted May 12, 2009 Share Posted May 12, 2009 Wow, I'd expect a more solid answer considering how official this site is and how long it's been around. I guess that means it's not as official as I thought. I guess I will look for other avenues of certification...Official? Link to comment Share on other sites More sharing options...
chibineku Posted May 12, 2009 Share Posted May 12, 2009 Official?Given that the W3C set the standards that browsers (supposedly) adhere to and effectively govern the development of web languages, it seems like they should have more clout. Don't get me wrong, I constantly use the tutorial pages and the forum is great, but the quizzes and exams could do with an overhaul. If they were tougher and more widely recognized then a certificate from W3C would be a real feather in your cap. I think by official he just means more weighty. Link to comment Share on other sites More sharing options...
Ingolme Posted May 12, 2009 Share Posted May 12, 2009 This is not the W3C. This is W3Schools. The two aren't affiliated in any way.Here's a link to the official W3C site: http://www.w3.orgThis is the URL for W3Schools: http://www.w3schools.com Link to comment Share on other sites More sharing options...
chibineku Posted May 12, 2009 Share Posted May 12, 2009 Oh, I thought they had to be related, given the names. I feel ever so slightly cheated Link to comment Share on other sites More sharing options...
Codeguru Posted May 12, 2009 Author Share Posted May 12, 2009 Well then that explains it, I thought they were one in the same. Looks like I should definately look elsewhere for certifications. This is a great site for reference and learning, just wish I could take all that and get certified in a more proper way through here. I can't speak for employers but an online certification with multiple choice answers is probably either a step up or down from a correspondence course... Codeguru Link to comment Share on other sites More sharing options...
Jonas Posted May 14, 2009 Share Posted May 14, 2009 Well then that explains it, I thought they were one in the same. Looks like I should definately look elsewhere for certifications. This is a great site for reference and learning, just wish I could take all that and get certified in a more proper way through here. I can't speak for employers but an online certification with multiple choice answers is probably either a step up or down from a correspondence course... CodeguruNo need to go elsewhere really, w3schools just stands for www-schools, and while it's understandable to find it confusing with the W3C, it doesn't negate the learning you can do on this site, particularly the forum. As for certifications, the only real, heavy-weight certification you get is from universities, and that costs lots of money, both for books and lectures/courses. A good portfolio speaks volumes more than a paper certification anyhow. Start taking small assignments for little pay, build up a portfolio of sites showing you can actually employ the techniques, not just read the theory. Try to implement different serverside technologies, guestbooks, content management systems, online shops and payment systems etc. and make them secure from server attacks. If you can combine serverside technologies with a functioning interface and even graphical design, you've got lots of cards to play. Link to comment Share on other sites More sharing options...
Codeguru Posted May 18, 2009 Author Share Posted May 18, 2009 No need to go elsewhere really, w3schools just stands for www-schools, and while it's understandable to find it confusing with the W3C, it doesn't negate the learning you can do on this site, particularly the forum. As for certifications, the only real, heavy-weight certification you get is from universities, and that costs lots of money, both for books and lectures/courses. A good portfolio speaks volumes more than a paper certification anyhow. Start taking small assignments for little pay, build up a portfolio of sites showing you can actually employ the techniques, not just read the theory. Try to implement different serverside technologies, guestbooks, content management systems, online shops and payment systems etc. and make them secure from server attacks. If you can combine serverside technologies with a functioning interface and even graphical design, you've got lots of cards to play.Yeah that brings something up, is there a good tutorial anywhere for making site secure? I've thought about trying to make a login system to use with websites or something like that using MySQL but how do you secure the information? I know that POSTing instead of GETing is a main way but is that even what you mean by server attacks?... Codeguru Link to comment Share on other sites More sharing options...
Ingolme Posted May 18, 2009 Share Posted May 18, 2009 You use mysql_real_escape_string() on the value of the strings, intval() on integers and floatval() on floating point numbers before putting them into a query. That will make sure it's secure.If you don't want people to modify the HTML of your page with database entries, you'll have to use htmlspecialchars() or htmlentities().Except for intval() and floatval() (You can see them at http://php.net) , they are all on the W3Schools' PHP reference. Link to comment Share on other sites More sharing options...
justsomeguy Posted May 18, 2009 Share Posted May 18, 2009 It's also up to you to validate that a user actually has permission to do whatever they're trying to do. If you get a request to update the database, in addition to sanitizing the data, you need to make sure that the user actually has permission to do whatever they're trying to do. Link to comment Share on other sites More sharing options...
jeffman Posted May 18, 2009 Share Posted May 18, 2009 Don't let unregistered users upload files. Make sure registered users upload files within specific, reasonable size requirements, and only up to a limited number. (Otherwise, your drive space will fill up on day one.) Link to comment Share on other sites More sharing options...
justsomeguy Posted May 18, 2009 Share Posted May 18, 2009 Speaking of files, if you're opening a file name based on user-submitted input, you really need to validate that. You need to make sure the file you're opening is something that you should actually be opening. Failure to validate things like include files or whatever can open up major security holes.And never let users upload PHP or any other shell-executable files. Never. Not Ever.Also, get a book about PHP security practices. PHP security is a lot more involved than mysql_real_escape_string. Link to comment Share on other sites More sharing options...
Codeguru Posted May 19, 2009 Author Share Posted May 19, 2009 If you don't want people to modify the HTML of your page with database entries, you'll have to use htmlspecialchars() or htmlentities().Can you specify how that works? Looking at the commands it just edits the html source to include special code characters that represent the odd characters or quotes. How do they edit html with database entries?The other commands are just used like "x= mysql_real_escape_string(x);" and it's that way every single time you have to jam a variable into an SQL query? And that even doing that does nothing according to justsomeguy? This is what freaks me out about trying to build a website, if I use a template, they could come with backdoors all nice and coded to screw me, and if I do it myself I could miss something easily. I guess it's worth buying a book on, but it would be nice if it came with a CD full of examples... Codeguru Link to comment Share on other sites More sharing options...
justsomeguy Posted May 19, 2009 Share Posted May 19, 2009 And that even doing that does nothing according to justsomeguy?I said no such thing, I just said that securing a site requires more than mysql_real_escape_string. Using mysql_real_escape_string is required to sanitize string data going into a MySQL query, but website security is about more than sanitizing strings going into MySQL queries. That's all I meant.Another thing to consider would be email contact forms, if you let any user data into the headers it might be vulnerable. This would be exploitable by a spammer:mail('me@domain.com', 'website feedback', $_POST['comments'], 'From: ' . $_POST['email']);You can read about why here:http://w3schools.invisionzone.com/index.php?showtopic=16773Security isn't something you need to be scared about, just aware of. You'll learn a lot of it through experience, whether you want to or not. If you scroll backwards through the PHP forum and look at some of the old threads, you'll see a lot of information there. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.