In Depth Guide : Acquia Certified Developer Drupal
  • IN DEPTH GUIDE: ACQUIA CERTIFIED DEVELOPER - DRUPAL 8 EXAM
  • Test Format
  • Domain 1.0: Fundamental Web Development Concepts
    • 1.1 Demonstrate knowledge of HTML and CSS
    • 1.2 Identify Javascript and jQuery programming concepts
    • 1.3 Demonstrate the use of Git for version control
  • Domain 2.0: Site Building
    • 2.1 Demonstrate ability to create and configure Content Types with appropriate fields and field sett
    • 2.2 Demonstrate ability to configure Display Modes for building custom form and view modes for core
    • 2.3 Demonstrate ability to create and use Taxonomy vocabularies and terms for classification and org
    • 2.4 Demonstrate ability to configure Block types, manage Blocks library and configure Block layouts
    • 2.5 Demonstrate ability to build main and alternative navigation systems by using Menus
    • 2.6 Demonstrate ability to create and configure Views for building content list pages, blocks and fe
    • 2.7 Demonstrate ability to use Configuration Management capabilities for exporting site configuratio
    • 2.8 Demonstrate ability to build multilingual websites using core multilingual capabilities
    • 2.9 Demonstrate ability to build RESTful web application using core Web Services capabilities
  • Domain 3.0: Front end development (theming)
    • 3.1 Given a scenario, demonstrate ability to create a custom theme or sub theme.
    • 3.2 Demonstrate knowledge of theming concepts
    • 3.3 Demonstrate ability to use Twig syntax
    • 3.4 Demonstrate ability to build or override Twig templates for defining layout content
    • 3.5 Demonstrate ability to write template pre-process functions for overriding custom output
  • Domain 4.0: Back end development (coding)
    • 4.1 Demonstrate ability to write code using core and Object Oriented PHP
    • 4.2 Demonstrate ability to develop Custom Modules using Drupal API for extending Drupal functionalit
    • 4.3 Demonstrate ability to store and retrieve data using code
    • 4.4 Demonstrate ability to work with other essential APIs
    • 4.5 Demonstrate ability to write code using Drupal Coding Standards
    • 4.6 Demonstrate ability to analyze and resolve site performance issues arising from site configurati
    • 4.7 Demonstrate ability to analyze and resolve security issues arising from site configuration or cu
  • Other Resources
Powered by GitBook
On this page
  1. Domain 4.0: Back end development (coding)

4.7 Demonstrate ability to analyze and resolve security issues arising from site configuration or cu

Previous4.6 Demonstrate ability to analyze and resolve site performance issues arising from site configuratiNextOther Resources

Last updated 6 years ago

Review SQL injection and more specifically examples of correct SQL injection syntax.

Examples from . Use the database abstraction layer to avoid SQL injection attacks.

Use the database layer correctly. For example, never concatenate data directly into SQL queries.

Don't do this:

db_query('SELECT foo FROM {table} t WHERE t.name = '. $_GET['user']);

Instead, use proper argument substitution with db_query. The DB layer works on top of PHP PDO and uses an array of named placeholders:

Do This:

db_query("SELECT foo FROM {table} t WHERE t.name = :name", [':name' => $_GET['user']]);

For a variable number of argument, use an array of arguments or use db_select():

$users = ['joe', 'poe', $_GET['user']];
db_query("SELECT t.s FROM {table} t WHERE t.field IN (:users)",  [':users' => $users]);
$users = ['joe', 'poe', $_GET['user']];
$result = db_select('table', 't')
  ->fields('t', ['s'])
  ->condition('t.field', $users, 'IN')
  ->execute();

db_query is deprecated and will be removed in Drupal 9 - instead you should use a database connection object and call the query method on it (the parameters are the same).

Another example of proper syntax.

$sql = "SELECT uid FROM users WHERE name = :name"; 
\Drupal::database->query($sql, [':name' => $_GET['name']]);

Other Resources

https://www.drupal.org/node/2489544
Drupal.org Security
Writing secure code for Drupal 8
Top 10 2013-Top 10
AJAX Security Cheat Sheet
Secure Coding Cheat Sheet