What is routing in Laravel?
Routing in Laravel refers to defining URL paths that users can access and mapping them to specific controller actions or closure callbacks. Routes are defined in files within the routes directory, primarily in web.php and api.php.
What are the basic HTTP methods supported in Laravel routes?
Laravel supports common HTTP methods: GET for retrieving data, POST for creating new resources, PUT/PATCH for updating existing resources, DELETE for removing resources. These can be defined using Route::get(), Route::post(), Route::put(), Route::patch(), and Route::delete().
What is a controller in Laravel?
A controller is a PHP class that handles business logic and acts as an intermediary between Models and Views. Controllers group related request handling logic into a single class, organizing code better than closure routes.
How do you create a basic controller in Laravel?
Controllers can be created using the Artisan command: php artisan make:controller ControllerName. This creates a new controller class in app/Http/Controllers directory with basic structure and necessary imports.
What is a route parameter?
Route parameters are dynamic segments in URLs that capture and pass values to controller methods. They are defined using curly braces in route definitions, like '/user/{id}' where {id} is the parameter.
How do you name a route in Laravel?
Routes can be named using the name() method: Route::get('/profile', [ProfileController::class, 'show'])->name('profile'). Named routes provide a convenient way to generate URLs or redirects using route('profile').
What is the purpose of web.php vs api.php routes?
web.php contains routes for web interface and includes session state and CSRF protection. api.php is for stateless API routes, includes rate limiting, and is prefixed with '/api'. api.php routes don't include session or CSRF middleware.
How do you access request data in a controller?
Request data can be accessed using the Request facade or by type-hinting Request in controller methods. Example: public function store(Request $request) { $name = $request->input('name'); }
What is route grouping?
Route grouping allows you to share route attributes (middleware, prefixes, namespaces) across multiple routes. Routes can be grouped using Route::group() or using the Route::prefix() method.
How do you redirect from a route?
Redirects can be performed using redirect() helper or Route::redirect(). Examples: return redirect('/home') or Route::redirect('/here', '/there'). You can also redirect to named routes using redirect()->route('name').
What are resource controllers and how are they used?
Resource controllers handle CRUD operations for a resource. Created using 'php artisan make:controller ResourceController --resource', they provide methods like index(), create(), store(), show(), edit(), update(), and destroy(). They're bound to routes using Route::resource().
How do you implement route model binding in Laravel?
Route model binding automatically resolves Eloquent models from route parameters. It can be implicit (type-hint the model) or explicit (define in RouteServiceProvider). Example: Route::get('/users/{user}', function (User $user) { return $user; }).
What are controller middleware and how are they implemented?
Controller middleware filter HTTP requests before they reach controllers. They can be assigned using the middleware method in controllers or in route definitions. They're defined in app/Http/Kernel.php and can be applied to specific methods using 'only' and 'except'.
How do you handle file uploads in Laravel controllers?
File uploads are handled using the $request->file() method. Files can be stored using Storage facade or move() method. Example: if($request->hasFile('photo')) { $path = $request->file('photo')->store('uploads'); }
What are route constraints and how are they used?
Route constraints limit how route parameters may be matched using regex patterns. They can be applied using where() method or globally in RouteServiceProvider. Example: Route::get('user/{id}')->where('id', '[0-9]+').
How do you handle CORS in Laravel routes?
CORS can be handled using the cors middleware and configuration in config/cors.php. Laravel provides built-in CORS support through the fruitcake/laravel-cors package. Headers and allowed origins can be configured as needed.
What is dependency injection in controllers and how does it work?
Dependency injection in controllers automatically resolves class dependencies in constructor or method parameters through Laravel's service container. This enables better testing and loose coupling of components.
How do you handle API versioning in Laravel routes?
API versioning can be implemented using route prefixes, subdomains, or headers. Common approaches include using route groups with prefixes like 'api/v1/' or namespace-based versioning in different controllers.
What are signed routes and when should they be used?
Signed routes are URLs with a signature hash to verify they haven't been modified. Created using URL::signedRoute(), they're useful for email verification, temporary access links, or public sharing of protected resources.
How do you handle rate limiting in Laravel routes?
Rate limiting is implemented using throttle middleware. It can be configured in RouteServiceProvider and customized using the RateLimiter facade. Limits can be set per minute/hour and customized per user or IP.
How do you implement custom route model binding resolution?
Custom route model binding can be implemented by overriding the resolveRouteBinding() method in models or by defining custom binders in RouteServiceProvider's boot method using Route::bind().
How do you implement domain routing and subdomain routing in Laravel?
Domain routing is implemented using Route::domain(). Subdomains can capture parameters: Route::domain('{account}.example.com')->group(function () {}). Wildcard subdomains and pattern matching are supported.
How do you implement custom response macros?
Custom response macros extend Response functionality using Response::macro() in a service provider. Example: Response::macro('caps', function ($value) { return Response::make(strtoupper($value)); });
How do you implement route caching in production?
Route caching improves performance using 'php artisan route:cache'. It requires all route closures to be converted to controller methods. Route cache must be cleared when routes change using 'route:clear'.
How do you implement custom middleware parameters?
Custom middleware parameters are implemented by adding additional parameters to handle() method. In routes: ->middleware('role:admin,editor'). In middleware: handle($request, $next, ...$roles).
How do you implement route fallbacks and handle 404 errors?
Route fallbacks are implemented using Route::fallback(). Custom 404 handling can be done by overriding the render() method in App\Exceptions\Handler or creating custom exception handlers.
How do you implement conditional middleware application?
Conditional middleware can be implemented using middleware() with when() or unless() methods. Can also be done by logic in middleware handle() method or by creating custom middleware classes with conditions.
How do you implement API resource collections with conditional relationships?
API resource collections with conditional relationships use whenLoaded() method and conditional attribute inclusion. Custom collection classes can be created to handle complex transformations and relationship loading.
How do you implement route model binding with multiple parameters?
Multiple parameter binding can be implemented using explicit route model binding in RouteServiceProvider, or by implementing custom resolution logic in resolveRouteBinding(). Supports nested and dependent bindings.
How do you implement route-model binding with soft deleted models?
Soft deleted models in route binding can be included using withTrashed() scope. Custom resolution logic can be implemented in resolveRouteBinding() to handle different scenarios of soft deleted models.
What is Blade templating engine in Laravel?
Blade is Laravel's templating engine that combines PHP with HTML templates. It provides convenient shortcuts for common PHP control structures, template inheritance, and component features while being compiled into plain PHP code for better performance.
How do you display variables in Blade templates?
Variables in Blade templates are displayed using double curly braces syntax {{ $variable }}. The content within braces is automatically escaped to prevent XSS attacks. For unescaped content, use {!! $variable !!}.
What is Blade template inheritance?
Blade template inheritance allows creating a base layout template (@extends) with defined sections (@section) that child templates can override or extend. Child templates use @extends('layout') to inherit and @section to provide content.
How do you include sub-views in Blade?
Sub-views can be included using @include('view.name') directive. You can also pass data to included views: @include('view.name', ['data' => $data]). For performance, use @includeIf, @includeWhen, or @includeUnless.
What are Blade control structures?
Blade provides convenient directives for control structures: @if, @else, @elseif, @endif for conditionals; @foreach, @while for loops; @switch, @case for switch statements. These compile to regular PHP control structures.
How do you create loops in Blade templates?
Blade supports loops using @foreach, @for, @while directives. The $loop variable is available inside foreach loops, providing information like index, iteration, first, last, and depth for nested loops.
What is the purpose of @yield directive in Blade?
The @yield directive displays content of a specified section. It's typically used in layout templates to define places where child views can inject content. It can also specify default content if section is not defined.
How do you handle assets in Laravel?
Laravel provides the asset() helper function to generate URLs for assets. Assets are stored in the public directory and can be referenced using asset('css/app.css'). For versioning, use mix() with Laravel Mix.
What are Blade comments?
Blade comments are written using {{-- comment --}} syntax. Unlike HTML comments, Blade comments are not included in the HTML rendered to the browser, making them useful for developer notes.
What are Blade Components and how are they used?
Blade Components are reusable template pieces with isolated logic. Created using 'php artisan make:component', they combine a class for logic and a view for markup. Used with x- prefix: <x-alert type='error'>Message</x-alert>.
How do you implement stack functionality in Blade?
Stacks in Blade allow pushing content to named locations using @push and @stack directives. Multiple @push calls can add to same stack. Useful for scripts and styles that need to be included at specific points in layout.
What are Blade Service Injection and how does it work?
Blade Service Injection allows injecting services into views using @inject directive. Example: @inject('metrics', 'App\Services\MetricsService'). The service is resolved from container and available in view.
How do you handle form validation errors in Blade?
Form validation errors are available through $errors variable. Common patterns include @error directive for specific fields and $errors->any() to check for any errors. Errors persist for one redirect via session.
What is Laravel Mix and how is it used with Blade?
Laravel Mix is a webpack wrapper that simplifies asset compilation. It's configured in webpack.mix.js and provides features for compiling, versioning, and combining CSS/JS. Used with mix() helper in templates.
How do you create custom Blade directives?
Custom Blade directives are created in a service provider using Blade::directive(). They transform template syntax into PHP code. Example: Blade::directive('datetime', function ($expression) { return "<?php echo date('Y-m-d', $expression); ?>"; });
What are Blade Component Slots?
Slots allow passing content to components. Default slot uses <x-slot> tag, named slots use name attribute. Components can have multiple slots and default content. Useful for flexible component layouts.
How do you implement authentication directives in Blade?
Blade provides @auth and @guest directives for authentication checks. Additional directives like @can, @cannot for authorization. Can be combined with roles/permissions: @can('update', $post).
What are View Composers and how are they used?
View Composers bind data to views whenever they're rendered. Registered in service providers using View::composer(). Useful for sharing data across multiple views without passing from controllers.
How do you implement localization in Blade templates?
Localization uses @lang directive or __() helper for translations. Supports string replacement, pluralization, and JSON language files. Configure locale in config/app.php or change dynamically.
How do you implement dynamic component rendering?
Dynamic components can be rendered using <x-dynamic-component :component="$componentName">. Component name can be determined at runtime. Useful for flexible UIs and plugin systems.
How do you implement Component Attributes Bag?
Attributes Bag ($attributes) manages additional attributes passed to components. Supports merging, filtering, and getting first/last. Example: <div {{ $attributes->merge(['class' => 'default']) }}>.
How do you implement anonymous components?
Anonymous components are created without class files using single Blade templates. Stored in resources/views/components. Support props through variables defined at top of template using @props directive.
How do you implement Component Namespacing?
Components can be organized in subdirectories and namespaced. Configure component namespaces in service provider using Blade::componentNamespace(). Allows package vendors to register component namespaces.
How do you implement lazy loading for components?
Components support lazy loading using wire:init or defer loading until needed. Useful for performance optimization. Can combine with placeholder loading states and transitions.
How do you implement custom if statements in Blade?
Custom if statements are added using Blade::if() in service provider. Can encapsulate complex conditional logic in reusable directives. Example: Blade::if('env', function ($environment) { return app()->environment($environment); });
How do you implement component method injection?
Component methods can use dependency injection through method parameters. Laravel automatically resolves dependencies from container. Useful for accessing services within component methods.
How do you implement advanced component rendering cycles?
Components have rendering lifecycle hooks like mount(), rendering(), rendered(). Can modify component state and attributes during render cycle. Useful for complex component behavior.
How do you implement component autoloading and registration?
Components can be autoloaded using package discovery or manual registration in service providers. Support for component aliases, custom paths, and conditional loading based on environment.
How do you implement advanced template compilation?
Custom template compilation can be implemented by extending Blade compiler. Add custom compilation passes, modify existing directives, or add preprocessing steps. Requires understanding of Laravel's compilation process.
What is Eloquent ORM in Laravel?
Eloquent ORM (Object-Relational Mapping) is Laravel's built-in ORM that allows developers to interact with database tables using elegant object-oriented models. Each database table has a corresponding Model that is used for interacting with that table.
How do you create a model in Laravel?
Models can be created using Artisan command: 'php artisan make:model ModelName'. Adding -m flag creates a migration file too. Models are placed in app/Models directory and extend Illuminate\Database\Eloquent\Model class.
What are migrations in Laravel?
Migrations are like version control for databases, allowing you to define and modify database schema using PHP code. They enable team collaboration by maintaining consistent database structure across different development environments.
What are the basic Eloquent operations?
Basic Eloquent operations include: Model::all() to retrieve all records, Model::find(id) to find by primary key, Model::create([]) to create new records, save() to update, and delete() to remove records.
How do you define relationships in Eloquent?
Relationships are defined as methods in model classes. Common types include hasOne(), hasMany(), belongsTo(), belongsToMany(). These methods specify how models are related to each other in the database.
What is the purpose of seeders in Laravel?
Seeders are used to populate database tables with sample or initial data. They are created using 'php artisan make:seeder' and can be run using 'php artisan db:seed'. Useful for testing and initial application setup.
How do you perform basic queries using Eloquent?
Eloquent provides methods like where(), orWhere(), whereBetween(), orderBy() for querying. Example: User::where('active', 1)->orderBy('name')->get(). Queries return collections of model instances.
What are mass assignment and fillable attributes?
Mass assignment allows setting multiple model attributes at once. $fillable property in models specifies which attributes can be mass assigned, while $guarded specifies which cannot. This prevents unintended attribute modifications.
How do you configure database connections in Laravel?
Database connections are configured in config/database.php and .env file. Multiple connections can be defined for different databases. The default connection is specified in .env using DB_CONNECTION.
What are model factories in Laravel?
Model factories generate fake data for testing and seeding. Created using 'php artisan make:factory'. They use Faker library to generate realistic test data. Factories can define states for different scenarios.
How do you implement eager loading in Eloquent?
Eager loading reduces N+1 query problems by loading relationships in advance using with() method. Example: User::with('posts')->get(). Can eager load multiple or nested relationships: with(['posts', 'profile']).
What are model events and observers?
Model events are triggered during various stages of a model's lifecycle (creating, created, updating, etc.). Observers group event listeners for a model in a single class. Created using 'php artisan make:observer'.
How do you implement soft deletes in Laravel?
Soft deletes add deleted_at timestamp instead of actually deleting records. Use SoftDeletes trait in model and add deleted_at column in migration. Provides withTrashed(), onlyTrashed() scopes for querying.
What are query scopes and how are they implemented?
Query scopes are reusable query constraints. Global scopes automatically apply to all queries. Local scopes are methods prefixed with 'scope' and can be chained. Example: public function scopeActive($query) { return $query->where('active', 1); }
How do you implement polymorphic relationships?
Polymorphic relationships allow a model to belong to multiple types of models. Uses morphTo(), morphMany(), morphToMany() methods. Requires type and ID columns in database. Common for comments, likes, tags scenarios.
What are accessors and mutators in Eloquent?
Accessors and mutators modify attribute values when retrieving or setting them. Defined using get{Attribute}Attribute and set{Attribute}Attribute methods. Useful for formatting dates, calculating values, or encoding data.
How do you implement database transactions?
Transactions ensure multiple database operations succeed or fail as a unit. Use DB::transaction() or beginTransaction(), commit(), rollback(). Can be nested. Important for maintaining data integrity.
What are pivot tables and how are they used?
Pivot tables implement many-to-many relationships. Created using createPivotTable migration method. Can have additional columns accessed via withPivot(). Pivot model can be customized using using() method.
How do you implement query caching?
Query results can be cached using remember() or rememberForever() methods. Cache duration and key can be specified. Useful for expensive queries. Example: User::remember(60)->get();
What are subquery selects and joins?
Subqueries can be used in selects and joins using addSelect() and joinSub(). Useful for complex queries involving aggregates or related data. Can improve performance over multiple queries.
How do you implement custom Eloquent collections?
Custom collections extend Illuminate\Database\Eloquent\Collection. Override newCollection() in model to use custom collection. Add methods for specialized collection operations specific to model type.
How do you implement model replication and cloning?
Models can be replicated using replicate() method. Specify which attributes to exclude. Handle relationships manually. Useful for creating similar records with slight modifications.
How do you implement custom model binding resolvers?
Custom model binding resolvers modify how models are resolved from route parameters. Defined in RouteServiceProvider using Route::bind() or by overriding resolveRouteBinding() in model.
How do you implement composite keys in Eloquent?
Composite keys require overriding getKeyName() and getIncrementing(). Additional configuration needed for relationships. Consider performance implications. May need custom query scopes.
How do you implement custom query builders?
Custom query builders extend Illuminate\Database\Eloquent\Builder. Override newEloquentBuilder() in model. Add methods for specialized query operations. Useful for complex, reusable queries.
How do you implement model serialization customization?
Customize toArray() and toJson() methods. Use hidden and visible properties. Implement custom casts for complex attributes. Handle relationship serialization. Consider API resource classes.
How do you implement database sharding with Eloquent?
Sharding requires custom connection resolvers. Override getConnection() in models. Implement logic for determining shard. Consider transaction and relationship implications across shards.
How do you implement real-time model observers?
Real-time observers can broadcast model changes using events. Implement ShouldBroadcast interface. Configure broadcast driver. Handle authentication and authorization for broadcasts.
How do you implement recursive relationships?
Recursive relationships use self-referential associations. Implement methods for traversing tree structures. Consider performance with nested eager loading. Use closure table pattern for complex hierarchies.
How do you implement custom model connection handling?
Custom connection handling requires extending Connection class. Implement custom query grammar and processor. Handle transaction management. Consider read/write splitting scenarios.
What is Laravel's built-in authentication system?
Laravel provides a complete authentication system out of the box using the Auth facade. It includes features for user registration, login, password reset, and remember me functionality. Can be scaffolded using laravel/ui or breeze/jetstream packages.
How do you implement basic authentication in Laravel?
Basic authentication can be implemented using Auth::attempt(['email' => $email, 'password' => $password]) for login, Auth::login($user) for manual login, and Auth::logout() for logging out. Session-based authentication is default.
What is the auth middleware in Laravel?
Auth middleware (auth) protects routes by ensuring users are authenticated. Can be applied to routes or controllers using middleware('auth'). Redirects unauthenticated users to login page or returns 401 for API routes.
How do you check if a user is authenticated?
Use Auth::check() to verify authentication status, Auth::user() to get current user, or @auth/@guest Blade directives in views. Request object also provides auth()->user() helper.
What are guards in Laravel authentication?
Guards define how users are authenticated for each request. Laravel supports multiple authentication guards (web, api) configured in config/auth.php. Each guard specifies provider and driver for authentication.
How do you implement password reset functionality?
Laravel includes password reset using Password facade. Uses notifications system to send reset links. Requires password_resets table. Can customize views, expiration time, and throttling.
What is the remember me functionality?
Remember me allows users to stay logged in across sessions using secure cookie. Implemented by passing true as second parameter to Auth::attempt() or using remember() method. Requires remember_token column.
How do you implement email verification?
Email verification uses MustVerifyEmail interface and VerifiesEmails trait. Sends verification email on registration. Can protect routes with verified middleware. Customizable verification notice and email.
What is Laravel Sanctum?
Sanctum provides lightweight authentication for SPAs and mobile applications. Issues API tokens, handles SPA authentication through cookies. Supports multiple tokens per user with different abilities.
What are policies in Laravel?
Policies organize authorization logic around models or resources. Created using make:policy command. Methods correspond to actions (view, create, update, delete). Used with Gate facade or @can directive.
How do you implement role-based authorization?
Role-based authorization can use Gates, Policies, or packages like Spatie permissions. Define roles and permissions in database. Check using can() method or middleware. Support multiple roles per user.
How do you implement API authentication using Passport?
Passport provides OAuth2 server implementation. Install using composer, run migrations, generate encryption keys. Supports password grant, authorization code grant, and personal access tokens.
What are Gates and how are they used?
Gates are Closures that determine if user can perform action. Registered in AuthServiceProvider using Gate::define(). Can use Gate::allows() or $user->can() to check authorization. Support custom parameters.
How do you implement custom authentication guards?
Custom guards extend Guard contract. Register in AuthServiceProvider using Auth::extend(). Implement user() and validate() methods. Configure in auth.php. Useful for specialized authentication needs.
How do you implement multi-authentication?
Multi-authentication uses different guards for different user types. Configure multiple providers and guards in auth.php. Use guard() method to specify guard. Support separate sessions and authentication logic.
What is policy auto-discovery?
Policy auto-discovery automatically registers policies based on naming conventions. Can be disabled in AuthServiceProvider. Override getPolicyFor() for custom mapping. Supports policy discovery in packages.
How do you implement authentication events?
Authentication events (Login, Logout, Failed, etc.) are dispatched automatically. Can be listened to using Event facade or subscribers. Useful for logging, notifications, or additional security measures.
How do you implement resource authorization?
Resource authorization combines CRUD actions with policies. Use authorizeResource() in controllers. Maps controller methods to policy methods. Supports automatic authorization using middleware.
What are policy filters?
Policy filters run before other policy methods. Define before() method in policy. Can grant or deny all abilities. Useful for super-admin scenarios or global authorization rules.
How do you implement token abilities in Sanctum?
Token abilities define permissions for API tokens. Specified when creating token. Check using tokenCan() method. Support multiple abilities per token. Can be combined with other authorization methods.
How do you implement advanced policy responses?
Policy responses can return Response objects instead of booleans. Use response() helper in policies. Support custom messages and status codes. Useful for detailed authorization feedback.
How do you implement custom user providers?
Custom user providers implement UserProvider contract. Register in AuthServiceProvider using Auth::provider(). Implement retrieveById, retrieveByToken, updateRememberToken methods. Support non-database authentication.
How do you implement authentication rate limiting?
Rate limiting uses ThrottlesLogins trait or custom middleware. Configure attempts and lockout duration. Support IP-based and user-based throttling. Can customize decay time and storage.
How do you implement OAuth2 authorization code grant?
Authorization code grant requires client registration, authorization endpoint, token endpoint. Handle redirect URI, state parameter, PKCE. Support refresh tokens and token revocation. Implement scope validation.
How do you implement contextual authorization?
Contextual authorization considers additional parameters beyond user and model. Pass context to policy methods. Support complex authorization rules. Can use additional services or external APIs.
How do you implement passwordless authentication?
Passwordless auth uses signed URLs or tokens sent via email/SMS. Implement custom guard and provider. Handle token generation and verification. Support expiration and single-use tokens.
How do you implement hierarchical authorization?
Hierarchical authorization handles nested permissions and inheritance. Implement tree structure for roles/permissions. Support permission propagation. Handle circular dependencies and performance.
How do you implement session authentication customization?
Session authentication can be customized by extending guard, implementing custom user provider. Handle session storage, regeneration. Support custom session drivers and authentication logic.
How do you implement cross-domain authentication?
Cross-domain authentication requires coordinating sessions across domains. Handle CORS, shared tokens. Implement single sign-on. Support token forwarding and validation across domains.
How do you implement dynamic policy resolution?
Dynamic policy resolution determines policy class at runtime. Override getPolicyFor in AuthServiceProvider. Support multiple policy implementations. Handle policy resolution cache.
What is request handling in Laravel?
Request handling in Laravel manages HTTP requests using the Request class. It provides methods to access input data, files, headers, and server variables. Request handling is the foundation of processing user input in Laravel applications.
How do you access request input data?
Request input data can be accessed using methods like $request->input('name'), $request->get('email'), or $request->all(). For specific input types, use $request->query() for GET parameters and $request->post() for POST data.
What is Form Request Validation?
Form Request Validation is a custom request class that encapsulates validation logic. Created using 'php artisan make:request'. Contains rules() method for validation rules and authorize() method for authorization checks.
How do you validate request data in Laravel?
Request data can be validated using validate() method, Validator facade, or Form Request classes. Basic syntax: $validated = $request->validate(['field' => 'rule|rule2']). Failed validation redirects back with errors.
What are Laravel's common validation rules?
Common validation rules include required, string, email, min, max, between, unique, exists, regex, date, file, image, and numeric. Rules can be combined using pipe (|) or array syntax.
How do you handle file uploads in requests?
File uploads are handled using $request->file() or $request->hasFile(). Files can be validated using file, image, mimes rules. Use store() or storeAs() methods to save uploaded files.
What are validation error messages?
Validation errors are automatically stored in session and can be accessed in views using $errors variable. Custom error messages can be defined in validation rules or language files.
How do you access old input data after validation fails?
Old input data is accessible using old() helper function or @old() Blade directive. Data is automatically flashed to session on validation failure. Useful for repopulating forms.
What is CSRF protection in Laravel?
CSRF protection prevents cross-site request forgery attacks. Laravel includes @csrf Blade directive for forms. VerifyCsrfToken middleware validates token. Can be disabled for specific routes.
How do you handle JSON requests in Laravel?
JSON requests can be handled using $request->json() method. Content-Type should be application/json. Use json() method for responses. APIs typically return JSON responses by default.
How do you implement custom validation rules?
Custom validation rules can be created using 'php artisan make:rule' command. Implement passes() method for validation logic. Can include custom error message. Register in service provider if needed.
How do you handle array validation?
Array validation uses dot notation or * wildcard. Example: 'items.*.id' => 'required|integer'. Can validate nested arrays and specific array keys. Supports array size validation.
What are conditional validation rules?
Conditional validation uses sometimes(), required_if, required_unless rules. Can be based on other field values or custom conditions. Supports complex validation scenarios based on input data.
How do you implement dependent field validation?
Dependent field validation checks fields based on other field values. Uses required_with, required_without rules or custom validation logic. Can implement complex dependencies between fields.
How do you handle validation after database transactions?
Use after database hooks in Form Requests or custom validation rules. Consider transaction rollback if validation fails. Handle unique rule with database transactions carefully.
How do you implement custom validation messages?
Custom messages can be defined in validation rules array, language files, or Form Request classes. Support placeholders for field names and values. Can be localized for different languages.
What are validation rule parameters?
Validation rules can accept parameters using colon syntax: 'field' => 'size:10'. Multiple parameters use comma separation. Can reference other field values or custom parameters.
How do you handle multiple file uploads validation?
Multiple files validated using array syntax and file rules. Can validate file count, size, type for each file. Support batch processing and individual file validation.
What is implicit validation?
Implicit validation rules (accepted, filled) validate only when field is present. Different from required rules. Useful for optional fields that need specific format when present.
How do you validate unique records with soft deletes?
Unique validation with soft deletes requires custom rule or withoutTrashed() scope. Consider restore scenarios. Handle unique constraints across active and deleted records.
How do you implement validation rule inheritance?
Validation rules can inherit from base Form Request classes. Use trait for shared rules. Support rule overriding and extension. Handle rule conflicts and dependencies.
How do you implement dynamic validation rules?
Dynamic rules generated based on input or conditions. Use closure rules or rule objects. Support runtime rule modification. Handle complex validation scenarios.
How do you implement validation rule caching?
Cache validation rules for performance. Consider cache invalidation strategies. Handle dynamic rules with caching. Support cache tags and versioning.
How do you implement validation pipelines?
Validation pipelines process rules sequentially. Support dependent validations. Handle validation state between steps. Implement rollback mechanisms.
How do you implement cross-request validation?
Cross-request validation compares data across multiple requests. Use session or cache for state. Handle race conditions. Support sequential validation steps.
How do you implement validation rule composition?
Compose complex rules from simple ones. Support rule chaining and grouping. Handle rule dependencies and conflicts. Implement custom rule factories.
How do you implement validation rule versioning?
Version validation rules for API compatibility. Support multiple rule versions. Handle rule deprecation and migration. Implement version negotiation.
How do you implement validation rule testing?
Test validation rules using unit and feature tests. Mock dependencies. Test edge cases and error conditions. Support test data providers.
How do you implement validation middleware?
Custom validation middleware for route-level validation. Support middleware parameters. Handle validation failure responses. Implement middleware groups.
How do you implement validation events?
Dispatch events before/after validation. Handle validation lifecycle. Support event listeners and subscribers. Implement custom validation events.
What is CSRF protection in Laravel?
CSRF (Cross-Site Request Forgery) protection in Laravel automatically generates and validates tokens for each active user session. It's implemented through the VerifyCsrfToken middleware and @csrf Blade directive in forms.
How does Laravel handle XSS protection?
Laravel provides XSS (Cross-Site Scripting) protection by automatically escaping output using {{ }} Blade syntax. HTML entities are converted to prevent script injection. Use {!! !!} for trusted content that needs to render HTML.
What is SQL injection prevention in Laravel?
Laravel prevents SQL injection using PDO parameter binding in the query builder and Eloquent ORM. Query parameters are automatically escaped. Never concatenate strings directly into queries.
How does Laravel handle password hashing?
Laravel automatically hashes passwords using the Hash facade and bcrypt or Argon2 algorithms. Never store plain-text passwords. Password hashing is handled by the HashedAttributes trait in the User model.
What are signed routes in Laravel?
Signed routes are URLs with a signature that ensures they haven't been modified. Created using URL::signedRoute() or URL::temporarySignedRoute(). Useful for email verification or temporary access links.
How does Laravel handle HTTP-only cookies?
Laravel sets HTTP-only flag on cookies by default to prevent JavaScript access. Session cookies are automatically HTTP-only. Config can be modified in config/session.php.
What is mass assignment protection?
Mass assignment protection prevents unintended attribute modification through $fillable and $guarded properties in models. Attributes must be explicitly marked as fillable to allow mass assignment.
How does Laravel handle secure headers?
Laravel includes security headers through middleware. Headers like X-Frame-Options, X-XSS-Protection, and X-Content-Type-Options are set by default. Additional headers can be added via middleware.
What is encryption in Laravel?
Laravel provides encryption using the Crypt facade. Data is encrypted using OpenSSL and AES-256-CBC. Encryption key is stored in .env file. All encrypted values are signed to prevent tampering.
How does session security work in Laravel?
Laravel secures sessions using encrypted cookies, CSRF protection, and secure configuration options. Sessions can be stored in various drivers (file, database, Redis). Session IDs are regularly rotated.
How do you implement rate limiting?
Rate limiting uses the throttle middleware with configurable attempt counts and time windows. Can limit by IP, user ID, or custom parameters. Supports Redis for distributed applications.
How do you handle file upload security?
Secure file uploads by validating file types, size limits, and scanning for malware. Store files outside webroot. Use Storage facade for safe file operations. Implement proper permissions.
What is API authentication in Laravel?
API authentication uses tokens, OAuth, or JWT. Laravel provides Passport and Sanctum for API auth. Supports multiple authentication guards and token abilities.
How do you implement two-factor authentication?
2FA can be implemented using packages or custom solutions. Support TOTP, SMS, or email verification. Handle backup codes and device remembering. Integrate with authentication flow.
How do you handle password policies?
Implement password policies using validation rules. Check length, complexity, history. Handle password expiration and rotation. Support password strength indicators.
What is role-based access control (RBAC)?
RBAC implements authorization using roles and permissions. Can use built-in Gates and Policies or packages like Spatie Permissions. Support hierarchical roles and permission inheritance.
How do you implement audit logging?
Audit logging tracks user actions and changes. Use model events, observers, or packages. Log authentication attempts, data modifications. Support audit trail review and reporting.
What is CORS handling in Laravel?
CORS (Cross-Origin Resource Sharing) is handled through middleware. Configure allowed origins, methods, headers. Support preflight requests. Handle credentials and caching.
How do you implement secure file downloads?
Secure downloads using signed URLs or tokens. Validate user permissions. Handle file streaming and range requests. Implement download tracking and rate limiting.
What is request validation security?
Request validation ensures input safety. Use Form Requests, validation rules. Handle file uploads securely. Prevent mass assignment vulnerabilities. Sanitize input data.
How do you implement API rate limiting strategies?
Advanced rate limiting using multiple strategies. Support token bucket, leaky bucket algorithms. Handle distributed rate limiting. Implement custom response headers.
How do you implement security headers management?
Custom security headers middleware. Configure CSP, HSTS policies. Handle subresource integrity. Implement feature policies. Support header reporting.
How do you implement custom encryption providers?
Create custom encryption providers. Support different algorithms. Handle key rotation. Implement encryption at rest. Support HSM integration.
How do you implement OAuth2 server?
Implement full OAuth2 server using Passport. Handle all grant types. Support scope validation. Implement token management. Handle client credentials.
How do you implement security monitoring?
Security event monitoring and alerting. Track suspicious activities. Implement IDS/IPS features. Handle security incident response. Support forensics.
How do you implement secure session handling?
Custom session handlers. Implement session encryption. Handle session fixation. Support session persistence. Implement session cleanup.
How do you implement API key management?
Secure API key generation and storage. Handle key rotation and revocation. Implement key permissions. Support multiple key types. Handle key distribution.
How do you implement security compliance?
Implement security standards compliance (GDPR, HIPAA). Handle data privacy requirements. Support security audits. Implement compliance reporting.
How do you implement secure WebSocket connections?
Secure WebSocket authentication and authorization. Handle connection encryption. Implement message validation. Support secure broadcasting.
How do you implement security testing?
Security testing framework implementation. Vulnerability scanning integration. Penetration testing support. Security test automation. Compliance testing.
What is Artisan in Laravel?
Artisan is Laravel's command-line interface that provides helpful commands for development. It's accessed using 'php artisan' and includes commands for database migrations, cache clearing, job processing, and other common tasks.
What are the basic Artisan commands?
Basic Artisan commands include: 'php artisan list' to show all commands, 'php artisan help' for command details, 'php artisan serve' to start development server, 'php artisan tinker' for REPL, and 'php artisan make' for generating files.
How do you create a custom Artisan command?
Custom commands are created using 'php artisan make:command CommandName'. This generates a command class in app/Console/Commands. Define command signature and description, implement handle() method for command logic.
What is the command signature?
Command signature defines command name and arguments/options. Format: 'name:command {argument} {--option}'. Required arguments in curly braces, optional in square brackets. Options prefixed with --.
How do you register custom commands?
Custom commands are registered in app/Console/Kernel.php in the commands property or commands() method. They can also be registered using $this->load() method to auto-register all commands in a directory.
What are command arguments and options?
Arguments are required input values, options are optional flags. Define using {argument} and {--option}. Access using $this->argument() and $this->option() in handle() method. Can have default values.
How do you output text in Artisan commands?
Use methods like line(), info(), comment(), question(), error() for different colored output. table() for tabular data, progressBar() for progress indicators. All methods available through Command class.
What are command schedules in Laravel?
Command scheduling allows automated command execution at specified intervals. Defined in app/Console/Kernel.php schedule() method. Uses cron expressions or fluent interface. Requires cron entry for schedule:run.
How do you run Artisan commands programmatically?
Use Artisan facade: Artisan::call('command:name', ['argument' => 'value']). Can queue commands using Artisan::queue(). Get command output using Artisan::output().
What is command isolation in Laravel?
Command isolation ensures each command runs independently. Use separate service providers, handle dependencies properly. Important for testing and avoiding side effects between commands.
How do you implement interactive commands?
Interactive commands use ask(), secret(), confirm() methods. Handle user input validation, provide choices using choice() method. Support default values and validation callbacks.
How do you handle command dependencies?
Use constructor injection or method injection in handle(). Laravel container automatically resolves dependencies. Can bind interfaces to implementations in service providers.
What are command hooks?
Command hooks run before/after command execution. Define in base command class. Use for setup/cleanup tasks. Support global hooks for all commands. Handle error cases.
How do you implement command error handling?
Use try-catch blocks, report errors using error() method. Set command exit codes. Handle graceful failures. Support retry logic. Implement proper cleanup on failure.
How do you implement command validation?
Validate arguments/options in handle() method. Use custom validation rules. Support interactive validation. Handle validation failures gracefully. Provide helpful error messages.
How do you implement command testing?
Use Artisan::call() in tests. Assert command output and behavior. Mock dependencies. Test different argument combinations. Verify side effects.
What are command groups?
Group related commands using namespaces. Define command hierarchy. Support sub-commands. Register command groups in console kernel. Handle group-level options.
How do you implement command events?
Dispatch events before/after command execution. Listen for command events. Handle command lifecycle. Support event-driven command execution. Implement event listeners.
What are command mutexes?
Prevent concurrent command execution using mutexes. Implement locking mechanism. Handle timeout scenarios. Support distributed locks. Release locks properly.
How do you implement command queues?
Queue long-running commands using queue:work. Handle command queuing logic. Support job dispatching. Implement queue priorities. Handle failed queued commands.
How do you implement command middleware?
Create custom command middleware. Handle pre/post command execution. Implement middleware pipeline. Support middleware parameters. Register middleware globally or per command.
How do you implement command caching?
Cache command results and configuration. Handle cache invalidation. Support cache tags. Implement cache drivers. Handle distributed caching scenarios.
How do you implement command plugins?
Create pluggable command system. Support command discovery. Handle plugin registration. Implement plugin hooks. Support plugin configuration.
How do you implement command versioning?
Version commands for backwards compatibility. Handle version negotiation. Support multiple command versions. Implement version deprecation. Handle version migration.
How do you implement command monitoring?
Monitor command execution and performance. Track command usage. Implement logging and metrics. Support alerting. Handle monitoring in distributed systems.
How do you implement command rollbacks?
Implement rollback functionality for commands. Handle transaction-like behavior. Support partial rollbacks. Implement cleanup on failure. Handle distributed rollbacks.
How do you implement command generators?
Create custom generators for scaffolding. Handle template parsing. Support stub customization. Implement file generation logic. Handle naming conventions.
How do you implement command documentation?
Generate command documentation automatically. Support markdown generation. Implement help text formatting. Handle multilingual documentation. Support interactive help.
How do you implement command pipelines?
Chain multiple commands in pipeline. Handle data passing between commands. Support conditional execution. Implement pipeline recovery. Handle pipeline monitoring.
How do you implement command authorization?
Implement command-level authorization. Handle user permissions. Support role-based access. Implement policy checks. Handle authorization failures.
What is PHPUnit in Laravel testing?
PHPUnit is the default testing framework in Laravel. It provides a suite of tools for writing and running automated tests. Laravel extends PHPUnit with additional assertions and helper methods for testing applications.
How do you create a test in Laravel?
Tests are created using 'php artisan make:test TestName'. Two types available: Feature tests (--test suffix) and Unit tests (--unit flag). Tests extend TestCase class and are stored in tests directory.
What is the difference between Feature and Unit tests?
Feature tests focus on larger portions of code and test application behavior from user perspective. Unit tests focus on individual classes or methods in isolation. Feature tests typically test HTTP requests, while unit tests verify specific functionality.
How do you run tests in Laravel?
Tests are run using 'php artisan test' or './vendor/bin/phpunit'. Can filter tests using --filter flag. Support parallel testing with --parallel option. Generate coverage reports with --coverage flag.
What are test assertions in Laravel?
Assertions verify expected outcomes in tests. Common assertions include assertTrue(), assertEquals(), assertDatabaseHas(). Laravel adds web-specific assertions like assertStatus(), assertViewIs(), assertJson().
How do you test HTTP requests?
Use get(), post(), put(), patch(), delete() methods in tests. Can chain assertions like ->assertOk(), ->assertRedirect(). Submit forms using call() method with request data.
What is database testing in Laravel?
Database testing uses RefreshDatabase or DatabaseTransactions traits. Tests run in transactions to prevent test data persistence. Use factories to generate test data. Assert database state using assertDatabaseHas().
How do you use Laravel Tinker for debugging?
Tinker is an REPL for Laravel. Access using 'php artisan tinker'. Test code, interact with models, execute queries interactively. Useful for debugging and exploring application state.
What are test factories in Laravel?
Factories generate fake data for testing using Faker library. Created with 'php artisan make:factory'. Define model attributes and relationships. Support states for different scenarios.
How do you handle test environment configuration?
Use .env.testing file for test environment. Configure test database, mail settings, queues. Use config:clear before testing. Support different configurations per test suite.
How do you mock dependencies in Laravel tests?
Use Mockery for mocking objects. Mock facades using Facade::mock(). Bind mocks in service container. Support partial mocks and spy objects. Verify mock expectations.
How do you test authentication?
Use actingAs() for authenticated requests. Test login, logout, registration flows. Verify middleware protection. Test password reset functionality. Support multiple guards in tests.
How do you test API endpoints?
Use json() method for API requests. Assert response structure, status codes. Test authentication tokens. Verify API rate limiting. Support API versioning in tests.
How do you test queued jobs?
Use assertPushed(), assertNotPushed() for job verification. Test job execution and chain handling. Verify job delays and retries. Support queue-specific assertions.
How do you test events and listeners?
Use Event::fake() to mock events. Assert event dispatch and handling. Test event listeners in isolation. Verify event payload. Support conditional event assertions.
How do you test mail in Laravel?
Use Mail::fake() for mail testing. Assert mail sent and contents. Test mail templates. Verify attachments and recipients. Support markdown mail testing.
How do you test notifications?
Use Notification::fake(). Assert notification sending and channels. Test notification content. Verify notification queuing. Support custom channel testing.
How do you test file uploads?
Use UploadedFile class for fake files. Test file validation and storage. Verify file processing. Support multiple file uploads. Test file deletion.
How do you test cache functionality?
Use Cache::fake(). Test cache storage and retrieval. Verify cache tags and expiration. Support different cache drivers. Test cache clearing.
How do you test sessions?
Use withSession() method. Test session data persistence. Verify flash messages. Support session regeneration. Test session expiration.
How do you implement browser testing?
Use Laravel Dusk for browser testing. Test JavaScript interactions. Support multiple browsers. Handle authentication in browser tests. Test file downloads.
How do you implement test data seeding?
Create test-specific seeders. Handle complex data relationships. Support different seeding strategies. Implement seeder factories. Handle large dataset seeding.
How do you implement test suites?
Organize tests into suites. Configure suite-specific setup. Handle dependencies between suites. Support parallel suite execution. Implement suite-level fixtures.
How do you implement continuous integration testing?
Set up CI/CD pipelines. Configure test automation. Handle environment setup. Support different test stages. Implement test reporting.
How do you implement performance testing?
Measure application performance metrics. Test response times and throughput. Profile database queries. Monitor memory usage. Implement load testing.
How do you implement security testing?
Test security vulnerabilities. Implement penetration testing. Verify authentication security. Test authorization rules. Check input validation.
How do you implement API documentation testing?
Generate API documentation from tests. Verify API specifications. Test API versioning. Support OpenAPI/Swagger integration. Implement documentation automation.
How do you implement mutation testing?
Use mutation testing frameworks. Verify test coverage quality. Identify weak test cases. Support automated mutation analysis. Handle false positives.
How do you implement stress testing?
Test application under heavy load. Verify system stability. Monitor resource usage. Implement crash recovery. Handle concurrent requests.
How do you implement regression testing?
Maintain test suite for existing features. Automate regression checks. Handle backward compatibility. Support feature flags in tests. Implement version testing.
What are queues in Laravel?
Queues allow deferring time-consuming tasks for background processing. Laravel supports various queue drivers (database, Redis, SQS, etc.). Queues improve application response time by handling heavy tasks asynchronously.
How do you create a job in Laravel?
Jobs are created using 'php artisan make:job JobName'. Jobs implement ShouldQueue interface. Define handle() method for job logic. Jobs can be dispatched using dispatch() helper or Job::dispatch().
How do you run queue workers?
Queue workers are run using 'php artisan queue:work'. Can specify connection, queue name, and other options. Should be monitored using supervisor or similar process manager in production.
What is job dispatch in Laravel?
Job dispatch sends jobs to queue for processing. Can use dispatch() helper, Job::dispatch(), or DispatchesJobs trait. Supports delayed dispatch and customizing queue/connection.
What are failed jobs?
Failed jobs are tracked in failed_jobs table. Handle failures using failed() method in job class. Can retry failed jobs using queue:retry command. Support custom failure handling.
How do you handle job middleware?
Job middleware intercept job processing. Define middleware in job's middleware() method. Can rate limit, throttle, or modify job behavior. Support global and per-job middleware.
What are job chains?
Job chains execute jobs in sequence using Chain::with(). Later jobs run only if previous ones succeed. Can set chain catch callback for failure handling.
How do you configure queue connections?
Queue connections are configured in config/queue.php. Define driver, connection parameters. Support multiple connections. Can set default connection. Handle queue priorities.
What is job batching?
Job batching processes multiple jobs as group using Bus::batch(). Track batch progress. Handle batch completion and failures. Support adding jobs to existing batch.
How do you handle job events?
Job events track job lifecycle. Listen for job processed, failed events. Handle queue events in EventServiceProvider. Support custom event listeners.
How do you implement job rate limiting?
Rate limit jobs using middleware like RateLimited. Configure limits per minute/hour. Handle rate limit exceeded scenarios. Support custom rate limiting strategies.
How do you handle job timeouts?
Set job timeout using timeout property or through command. Handle timeout exceptions. Implement graceful shutdown. Support retry after timeout.
What are unique jobs?
Unique jobs prevent duplicate processing using ShouldBeUnique interface. Define uniqueness criteria. Handle lock timeout. Support unique job queuing strategies.
How do you implement job progress tracking?
Track job progress using batch processing or custom tracking. Update progress in database. Broadcast progress updates. Support progress monitoring interface.
How do you handle job dependencies?
Manage job dependencies using job chaining or custom logic. Handle dependent job failures. Support conditional job execution. Implement dependency resolution.
What are job lifecycle hooks?
Lifecycle hooks handle job events like preparing, processing, failed. Implement before/after processing logic. Support cleanup operations. Handle job cancellation.
How do you monitor queue health?
Monitor queue using Horizon or custom solutions. Track queue size, processing time. Set up alerts. Handle queue bottlenecks. Support queue metrics.
How do you implement job prioritization?
Prioritize jobs using multiple queues. Configure queue priorities. Handle high-priority job processing. Support dynamic prioritization. Monitor queue priorities.
What is supervisor configuration?
Configure supervisor to manage queue workers. Set up worker processes. Handle worker failures. Monitor worker status. Support automatic restart.
How do you implement queue scaling?
Scale queues using multiple workers. Handle worker balancing. Implement auto-scaling. Monitor queue performance. Support horizontal scaling.
How do you implement distributed job processing?
Process jobs across multiple servers. Handle job distribution. Implement job coordination. Support distributed locks. Monitor distributed processing.
How do you implement job versioning?
Version jobs for compatibility. Handle job upgrades. Support multiple versions. Implement version migration. Monitor version conflicts.
How do you implement job scheduling patterns?
Create complex scheduling patterns. Handle recurring jobs. Support conditional scheduling. Implement schedule dependencies. Monitor schedule execution.
How do you optimize queue performance?
Optimize job processing speed. Handle memory management. Implement queue sharding. Support batch optimization. Monitor performance metrics.
How do you implement job state management?
Manage job state across executions. Handle state persistence. Implement state recovery. Support state transitions. Monitor state changes.
How do you implement job error handling strategies?
Create robust error handling. Implement retry strategies. Handle permanent failures. Support error notification. Monitor error patterns.
How do you implement queue monitoring tools?
Build custom monitoring solutions. Track queue metrics. Implement alerting system. Support dashboard visualization. Monitor queue health.
How do you implement job testing strategies?
Test queue jobs effectively. Mock queue operations. Verify job behavior. Support integration testing. Monitor test coverage.
How do you implement queue security?
Secure queue operations. Handle job authentication. Implement authorization. Support encryption. Monitor security threats.
How do you implement queue disaster recovery?
Plan for queue failures. Implement backup strategies. Handle recovery procedures. Support failover mechanisms. Monitor recovery process.
Stark.ai
Instant Interviews
