How do prepared statements help prevent SQL injection?
Prepared statements separate SQL logic from data by using placeholders for values. The database treats these values as data rather than part of the SQL command, preventing injection attacks. Values are automatically escaped, and the query structure remains constant, improving security and performance.
What is database transaction and how is it implemented in PHP?
A transaction is a sequence of operations that must be executed as a single unit. In PHP, transactions are implemented using beginTransaction(), commit(), and rollback() methods. If any operation fails, rollback() ensures all operations are undone, maintaining data integrity.
Explain the difference between mysql_real_escape_string() and prepared statements.
mysql_real_escape_string() escapes special characters in strings, but is deprecated and can be bypassed. Prepared statements are more secure as they separate SQL from data, handle different data types automatically, and are more efficient due to query preparation and caching.
What are the different fetch modes in PDO?
PDO offers several fetch modes: FETCH_ASSOC (returns associative array), FETCH_NUM (returns numeric array), FETCH_BOTH (returns both), FETCH_OBJ (returns object), FETCH_CLASS (returns instance of specified class), and FETCH_LAZY (allows property access of all three).
What are database seeders and when should they be used?
Database seeders are scripts that populate a database with initial or test data. They're useful for development environments, testing, and providing default data. Seeders help ensure consistent data across different environments and make testing more reliable.
What are database indexes and when should they be used?
Indexes are data structures that improve the speed of data retrieval operations. They should be used on columns frequently used in WHERE clauses, JOIN conditions, and ORDER BY statements. However, they add overhead to write operations and consume storage space.
What are database triggers and how are they used with PHP?
Triggers are special procedures that automatically execute when certain database events occur (INSERT, UPDATE, DELETE). In PHP, triggers are defined at database level but can be created and managed through PHP code. They help maintain data integrity and automate actions.
What are stored procedures and how are they called in PHP?
Stored procedures are pre-compiled SQL statements stored in the database. In PHP, they're called using CALL statement with PDO or MySQLi. They can improve performance, reduce network traffic, and encapsulate business logic at database level.
What is database connection lazy loading?
Lazy loading delays database connection initialization until it's actually needed. This saves resources by not establishing connections unnecessarily. It's implemented by wrapping connection logic in methods that are called only when database access is required.
What are database views and how are they used in PHP?
Views are virtual tables based on result sets of SQL statements. In PHP, they're queried like regular tables but provide benefits like data abstraction, security through limited access, and simplified complex queries. They help maintain clean application architecture.
How do you implement database backup and recovery in PHP?
Database backup can be implemented using PHP functions to execute system commands, dedicated backup libraries, or framework tools. Important aspects include scheduling backups, compression, secure storage, verification, and testing recovery procedures.
What are database events and how are they handled in PHP?
Database events are notifications of database changes that can trigger PHP code execution. They can be handled using event listeners, message queues, or polling mechanisms. This enables real-time updates and maintaining data consistency across systems.
How do you implement database connection retry logic in PHP?
Connection retry logic involves implementing exponential backoff, maximum retry attempts, proper error handling, and logging. It helps handle temporary connection issues and improves application reliability. Implementation typically uses try-catch blocks with sleep intervals.
What are the security considerations when working with sessions?
Key security considerations include: using session_regenerate_id() to prevent session fixation, setting secure and httponly flags, implementing session timeout, validating session data, proper session destruction, and securing session storage location.
How do you implement session timeout in PHP?
Session timeout can be implemented by: setting session.gc_maxlifetime in php.ini, storing last activity timestamp in session, checking elapsed time on each request, and destroying session if timeout exceeded. Also consider implementing sliding expiration.
How do you implement remember me functionality using cookies?
Remember me involves: generating secure token, storing hashed token in database, setting long-lived cookie with token, validating token on subsequent visits. Implementation should include token rotation, secure storage, and proper expiration handling.
What are the limitations of cookies and how to work around them?
Cookie limitations include: size (4KB), number per domain, browser settings blocking cookies. Workarounds include: using local storage for larger data, implementing fallback mechanisms, splitting data across multiple cookies, server-side storage alternatives.
What is the purpose of session_cache_limiter() and its options?
session_cache_limiter() controls HTTP caching of pages with sessions. Options include: nocache, private, public, private_no_expire. Affects how browsers and proxies cache session pages. Important for security and proper page caching.
How do SameSite cookies work and why are they important?
SameSite cookie attribute controls how cookie is sent with cross-site requests. Values: Strict, Lax, None. Helps prevent CSRF attacks and protects against cross-site request attacks. Important for modern web security compliance.
What are session configuration options in php.ini?
Key options include: session.save_handler, session.save_path, session.gc_maxlifetime, session.cookie_lifetime, session.cookie_secure, session.cookie_httponly. These control session behavior, storage, lifetime, and security settings.
What is session garbage collection and how does it work?
Garbage collection removes expired session data. Controlled by session.gc_probability, session.gc_divisor, and session.gc_maxlifetime settings. Process runs randomly based on probability settings. Important for server resource management.
How do you implement session-based authentication?
Session authentication involves: validating credentials, storing user data in session, implementing session security measures, handling remember me functionality, implementing proper logout, and managing session expiration.
What is flash session data and how is it implemented?
Flash data persists for only one request cycle, commonly used for temporary messages. Implementation involves storing data in session, checking for data existence, displaying data, and removing after use. Often used for success/error messages.
What are the best practices for session security in PHP?
Best practices include: using HTTPS, setting secure/httponly flags, implementing proper session timeout, regenerating session IDs, validating session data, secure storage, proper destruction, and implementing CSRF protection.
What are domain cookies and their use cases?
Domain cookies are accessible across subdomains. Set using domain parameter in setcookie(). Used for maintaining user state across subdomains, implementing single sign-on, sharing necessary data between related sites. Requires careful security consideration.
How do you handle file uploads securely in PHP?
Secure file uploads require: validating file types, checking MIME types, setting upload size limits, using move_uploaded_file(), scanning for malware, storing files outside web root, using random filenames, setting proper permissions, and validating file contents.
How do you manage file permissions in PHP?
File permissions are managed using chmod() function, umask() for default permissions. Functions like is_readable(), is_writable() check permissions. Important for security. Permissions should follow principle of least privilege.
How do you implement file download functionality securely?
Secure file downloads require: validating file paths, checking permissions, setting proper headers (Content-Type, Content-Disposition), implementing rate limiting, scanning files, and using readfile() or fpassthru() for streaming.
How do you handle temporary files in PHP?
Temporary files managed using tmpfile() for automatic cleanup, tempnam() for custom temp files. Important to implement proper cleanup, set secure permissions, use system temp directory, and handle concurrent access properly.
How do you handle CSV file operations in PHP?
CSV operations use fgetcsv()/fputcsv() for reading/writing, handling different delimiters and enclosures. Consider character encoding, handling large files, validating data, and implementing proper error handling.
What are symbolic links and how are they handled in PHP?
Symbolic links managed with symlink(), readlink(), and is_link() functions. Security considerations include proper validation, handling recursive links, and implementing access controls. Important for file system organization.
How do you handle file compression in PHP?
File compression using zlib functions (gzopen, gzwrite, gzread) or ZIP extension. Important considerations include compression ratio, memory usage, handling large files, and proper error handling.
How do you handle file type detection in PHP?
File type detection using: finfo_file(), mime_content_type(), pathinfo(), checking file extensions. Important for security in file uploads. Should not rely solely on file extensions for validation.
How do you handle file path manipulation securely?
Secure path manipulation using realpath(), basename(), dirname(). Prevent directory traversal, validate paths against whitelist, use proper encoding, and implement access controls. Important for security.
What are memory considerations in file operations?
Memory considerations include: using streaming for large files, proper chunk sizes, clearing file handles, implementing garbage collection, monitoring memory usage, and setting appropriate memory limits. Important for performance.
How do you handle file encoding issues?
Encoding issues handled using mb_* functions, setting proper encoding in fopen(), handling BOM, implementing conversion functions. Important for international character support and data integrity.
What are file ownership operations in PHP?
File ownership managed using chown(), chgrp() functions. Important for security and permissions management. Consider system-level permissions, proper error handling, and security implications.
How do you implement file cleanup routines?
File cleanup includes: implementing age-based deletion, handling temporary files, proper permission checking, implementing logging, and error handling. Consider automated scheduling and resource management.
How do you handle file system errors and exceptions?
Error handling includes: try-catch blocks, checking return values, implementing logging, proper user feedback, and recovery mechanisms. Consider different error types and appropriate response strategies.
How does routing work in modern PHP frameworks?
Routing maps URLs to controller actions. Features include: route parameters, middleware, route groups, named routes, resource routing. Frameworks handle request parsing, parameter binding, and response generation. Supports RESTful routing patterns.
What is Symfony and its component-based architecture?
Symfony is a framework and component library. Key features: reusable components, dependency injection, event dispatcher, console tools, security system. Components can be used independently in other projects. Follows SOLID principles.
Explain middleware in PHP frameworks.
Middleware processes HTTP requests/responses before reaching controllers. Used for: authentication, CSRF protection, logging, request modification. Can be global or route-specific. Implements pipeline pattern for request handling.
What are ORMs and how are they used in PHP frameworks?
Object-Relational Mappers (ORMs) like Eloquent or Doctrine map database tables to objects. Features: relationship handling, query building, migrations, model events. Simplifies database operations and provides abstraction layer.
How do template engines work in PHP frameworks?
Template engines (Blade, Twig) provide syntax for views. Features: template inheritance, sections, partials, escaping, custom directives. Compiles templates to plain PHP for performance. Separates logic from presentation.
What are migrations and seeders in PHP frameworks?
Migrations version control database schema changes. Seeders populate databases with test/initial data. Features: rollback capability, timestamps, factory patterns. Essential for database version control and testing.
How is authentication handled in PHP frameworks?
Frameworks provide authentication systems with: user providers, guards, middleware, password hashing, remember me functionality, OAuth support. Includes session management, token authentication, and multiple authentication schemes.
How do PHP frameworks handle form validation?
Frameworks provide validation systems with: built-in rules, custom validators, error messaging, form requests, CSRF protection. Supports client and server-side validation, file validation, and complex validation scenarios.
How do PHP frameworks implement security features?
Security features include: CSRF protection, XSS prevention, SQL injection protection, authentication, authorization, encryption, password hashing. Frameworks provide middleware and helpers for common security needs.
What are artisan commands in Laravel and similar CLI tools?
CLI tools provide commands for common tasks: generating code, running migrations, clearing cache, scheduling tasks. Support custom commands, interactive mode. Essential for development and deployment workflows.
What is Lumen and when should it be used?
Lumen is Laravel's micro-framework for microservices and APIs. Features: fast routing, basic Laravel features, minimal overhead. Best for simple applications, APIs where full framework unnecessary.
How do PHP frameworks handle localization?
Localization features include: language files, translation helpers, plural forms, date/number formatting. Support multiple languages, language switching, fallback locales. Important for international applications.
How do PHP frameworks handle file storage?
File storage abstraction supports: local storage, cloud storage (S3, etc.), FTP. Features include: file uploads, storage drivers, file operations, URL generation. Provides consistent interface across storage systems.
What are collections in PHP frameworks?
Collections provide fluent interface for array operations. Features: mapping, filtering, reducing, sorting, grouping. Extends array functionality with object-oriented interface. Important for data manipulation.
How do you implement API authentication in PHP?
API authentication methods include: JWT tokens, OAuth 2.0, API keys, Basic Auth, Bearer tokens. Implementation involves token generation, validation, middleware for protection, and proper error handling. Consider security best practices like token expiration.
What are the best practices for API response formatting?
Best practices include: consistent response structure, proper HTTP status codes, clear error messages, pagination metadata, proper content type headers. Use envelope pattern when needed, handle nested resources, implement proper serialization.
How do you handle CORS in PHP APIs?
CORS (Cross-Origin Resource Sharing) handled through proper headers: Access-Control-Allow-Origin, Allow-Methods, Allow-Headers. Implementation includes preflight requests handling, proper middleware configuration, security considerations.
What are API resources and transformers?
Resources/transformers format API responses: converting models to JSON/arrays, handling relationships, hiding sensitive data. Features include conditional attributes, nested resources, custom transformations. Important for consistent response formatting.
How do you handle file uploads in APIs?
File upload handling includes: multipart form data, proper validation, secure storage, progress tracking. Consider chunked uploads for large files, implement proper error handling, use secure file operations.
How do you implement API documentation?
API documentation tools include: Swagger/OpenAPI, API Blueprint, automated documentation generation. Include: endpoints, parameters, responses, examples. Keep documentation updated, consider interactive documentation.
What are the common API security threats?
Common threats include: injection attacks, unauthorized access, MITM attacks, DoS/DDoS, data exposure. Implement: authentication, rate limiting, input validation, proper encryption, secure headers.
How do you handle API errors and exceptions?
Error handling includes: proper HTTP status codes, consistent error format, detailed messages, error logging. Implement global exception handler, format exceptions properly, consider security in error messages.
How do you implement API pagination?
Pagination methods include: offset/limit, cursor-based, page-based. Include metadata (total, next/prev links), handle large datasets, implement proper caching. Consider performance and use case requirements.
What are JSON Web Tokens (JWT)?
JWTs are encoded tokens containing claims. Structure: header, payload, signature. Used for authentication/authorization. Implementation includes token generation, validation, refresh mechanisms. Consider security implications.
How do you implement API request validation?
Request validation includes: input sanitization, schema validation, type checking, business rule validation. Implement validation middleware, proper error responses, custom validation rules. Consider performance impact.
How do you implement API search functionality?
Search implementation includes: query parameters, filtering, sorting, full-text search. Consider search engines integration, performance optimization, proper indexing. Implement relevance scoring.
How do you handle API deprecation?
Deprecation strategy includes: versioning, notification period, documentation updates, migration guides. Implement warning headers, monitoring deprecated usage, proper communication. Consider client impact.
How do you implement API analytics?
Analytics implementation includes: usage tracking, performance metrics, error rates, user behavior. Consider data collection, storage, visualization tools. Implement proper privacy measures.
Stark.ai
Instant Interviews
