PHP Interview Questions and answers

This is just a quick note about how you must prepare for your technical interview whether it’s a face to face or a written.
Before you prepare for a technical interview you must re-work on your basics in the first place. if you are not sure enough don’t go to the interview. Prepare well for your next interview. It will help you a lot 

For an instance at least work on following aspects,

• Client Server  – > What is client server architecture? Basic requesting methods to the server?
• Sessions  -> What is a session? Where sessions are stored? How session reference is carried in the browser(client) side?
• OOP     -> What is a class? what is overloading? what is overriding and how you do these with examples?
• XML    -> What is xml? and what’s the use of it?
• AJAX -> What is ajax? if you use 3rd party tool at least know the basic functions.
• Frameworks – > Design patterns used? MVC? Explain cakephp, zend etc
• CMS-> At least the knowledge of integrating a template. Joomla, Drupal, Magento

Face to face technical interviews, questions related to sessions and cookies will pop up regularly. Since most of the developers are familiar with these sort of basic php questions they tend to ask more tricky questions, but if you have the correct idea then it is easy to answer any of those tricky questions. Let’s have a look on potential questions,

Where is the sessions are stored?

Sessions are stored in server side and it is accessed by a unique id which is known as the session-id where each user/visitor is assigned when they access your website.

How the session-id is propagated within your website?

Basically, there are 2 methods either store it in a cookie or propagated in the URL.

Session security questions will not be asked in an entry level interviews but, if an advanced level candidate who has experience in developing robust and secured application must know about the vulnerabilities.

Leaking out an existing session-id to a third party is very risky if the session is filled with more important information.
Main two methods of vulnerabilities are,
- When the session-id is carrying in URLs
If an external link from your site, a URL with the id might be stored in the external site’s referrer log.

- Active attacker might listen to network traffic
While the session-id flows over the network and if it is not encrypted an active listener might grab it. The best solution is to implement SSL and make it a must for all the users.