default_diffused
asked on
Difficult PHP Interview Questions
I will be interviewing a PHP developer this week, and although myself have only worked briefly in PHP, only to the extent of building my own shopping cart application and general basic stuff. We usually write in JSP/Servlets.
We have a inhouse requirement to give the candidate a written exam, small 15mins - 30 minutes, to test their knowledge and weed out the casual/basic users.
I have had a look around on the web and found many PHP Interview questions, but majority of them are quite easy.
Does anybody have any suggestions on what i can ask a potential candidate, and to be included in a written examination.
I have already included general logic questions, but would like to ask something PHP specific, that somebody could complete within the above timeframe, without access to google etc.
Apoliges i have been lacking, interview is tommorow so i will mark this as high point value.
Thanks.
We have a inhouse requirement to give the candidate a written exam, small 15mins - 30 minutes, to test their knowledge and weed out the casual/basic users.
I have had a look around on the web and found many PHP Interview questions, but majority of them are quite easy.
Does anybody have any suggestions on what i can ask a potential candidate, and to be included in a written examination.
I have already included general logic questions, but would like to ask something PHP specific, that somebody could complete within the above timeframe, without access to google etc.
Apoliges i have been lacking, interview is tommorow so i will mark this as high point value.
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Oh, this goes back to talking about security, cookies, POST, etc. (which I've only started playing with more myself the past 3-6 mos...), but how to write a secure form of some sort is always good. Give them an abstracted access to MySQL of some sort, does the person know to take variables that are known to be numbers (or other data) and do SOME filtering on it before passing along in a query? Sanity checking is for someone who has probably done more PHP than I have, lots of form processing, data in and out of a database, etc. use of XX_escape_quotes functions or the like.
Again, I don't like to test (or be tested!) on remembering particular intrinsics, so long as you can get across the point in pseudo-code that the person knows about the topic areas you want to test (which, web programming + php you can test some standard things that a web programmer should have dealt with, OR at least a SMART programmer will give you ideas of how they might deal with a new area...).
-d
Again, I don't like to test (or be tested!) on remembering particular intrinsics, so long as you can get across the point in pseudo-code that the person knows about the topic areas you want to test (which, web programming + php you can test some standard things that a web programmer should have dealt with, OR at least a SMART programmer will give you ideas of how they might deal with a new area...).
-d
For PHP, the basics are web interface and database access. If you aren't doing those two things, you don't need to be using PHP.
A 15-30 minute test isn't going to give you much. Push for a solid 30-60.
Then ask them to code a form that shows the last 10 (or fewer) comments entered, and lets the user type a comment into a text box and add it to the database.
This tests PHP/HTML integration, knowledge of standard PHP program structures, and knowledge of database interaction.
=Austin
A 15-30 minute test isn't going to give you much. Push for a solid 30-60.
Then ask them to code a form that shows the last 10 (or fewer) comments entered, and lets the user type a comment into a text box and add it to the database.
This tests PHP/HTML integration, knowledge of standard PHP program structures, and knowledge of database interaction.
=Austin
Personally speaking, as a web developer who has being using php for the past 1 and a half years, I seriously think that online tools are crutial to enabling the person to code up what you want within the time frames. For example, firewall the pc that the user will use to do their test and allow them to use php.net (or any of it's mirrors) and nothing else. If they have their brains in order they will be able to use all the resources available to perform the tasks that you want them to fulfill.
Reason why I say this is because although I have used php for the past 1.5 years, it's constantly evolving, becoming more secure, and functions are becoming easier to use when used in combination with logic, changes in syntax etc.
I think if the candidate can successfully connect to a database, insert records correctly depending on datatype, update those records, delete a record and return a full set of results using forms (all of which functionality you will test to ensure that the application works) then he's on the way to providing you with a good foundation to base your assessment on. Additionally the user must secure the application so that you need to login to the system before you can gain access to it. Have 2 levels of access and ensure that the different usernames filter out the results. E.g:
if($grouplevel == 2) { $useradministrator = 1;} else{ $useradministrator = 0;}
And then in the page the form that enables you to add/update/delete user records (used in the authentication process) will either be visable if 1, or hidden and filtered out of 0.
If he can get this basic system into place within 1 hour then you know you have a winner. Another point to ensure that he gets if he's thought really seriously about the security of the application is how the database stores the password. I ALWAYS md5 hash encrypt my passwords before they are inserted into the database. So look out for really long hashed strings stored in the databases and the function md5($_POST['password']) when the record is being inserted or updated.
Lets face it, we always use snippets, or code repositories when developing our applications so absolute specific syntax when doing a database connection is just too time consuming to always type from scratch. If the candidate has access to php.net then he has enough tools available to him to replace his code repository. It also shows initiative that he is able to look up information and find solutions when the pressure is on.
Other than these basic tasks you could change the requirements to read the file contents from a directory, write an xml file for each file, and display these results on screen. The xml file gets created when a browser uploads a file so this will then enable you to see whether he understands the fundamentals of system access, and file writing. Not easy tasks to acomplish when pushed for time such as an hour.
Hope this helps.
Reason why I say this is because although I have used php for the past 1.5 years, it's constantly evolving, becoming more secure, and functions are becoming easier to use when used in combination with logic, changes in syntax etc.
I think if the candidate can successfully connect to a database, insert records correctly depending on datatype, update those records, delete a record and return a full set of results using forms (all of which functionality you will test to ensure that the application works) then he's on the way to providing you with a good foundation to base your assessment on. Additionally the user must secure the application so that you need to login to the system before you can gain access to it. Have 2 levels of access and ensure that the different usernames filter out the results. E.g:
if($grouplevel == 2) { $useradministrator = 1;} else{ $useradministrator = 0;}
And then in the page the form that enables you to add/update/delete user records (used in the authentication process) will either be visable if 1, or hidden and filtered out of 0.
If he can get this basic system into place within 1 hour then you know you have a winner. Another point to ensure that he gets if he's thought really seriously about the security of the application is how the database stores the password. I ALWAYS md5 hash encrypt my passwords before they are inserted into the database. So look out for really long hashed strings stored in the databases and the function md5($_POST['password']) when the record is being inserted or updated.
Lets face it, we always use snippets, or code repositories when developing our applications so absolute specific syntax when doing a database connection is just too time consuming to always type from scratch. If the candidate has access to php.net then he has enough tools available to him to replace his code repository. It also shows initiative that he is able to look up information and find solutions when the pressure is on.
Other than these basic tasks you could change the requirements to read the file contents from a directory, write an xml file for each file, and display these results on screen. The xml file gets created when a browser uploads a file so this will then enable you to see whether he understands the fundamentals of system access, and file writing. Not easy tasks to acomplish when pushed for time such as an hour.
Hope this helps.
I'm glad ingwa echoed much of what I said last night. good to know there's some agreement amongst brains around here. ;) Oh, and btw I always MD5 passwords when I start shifting into production, but I don't during early development, especially if I don't have some kind of password-recovery method in place. Makes forgetting PWs a bitch. ;)
Also remember you could have an adept PHP programmer who is NOT a database guru. I can do much more than the average PHP coder I'm sure, but I still suck at some weird JOIN constructs. If you >want< an SQL person, then definitely worth testing further there, if not stick with some abstraction.
I still think some of the 'unique' features of the PHP language can show how much the person has pressed the language, as another data point. Testing general skills overall is good. And testing some kind of form, login, security, etc. combo is good.
Also remember you could have an adept PHP programmer who is NOT a database guru. I can do much more than the average PHP coder I'm sure, but I still suck at some weird JOIN constructs. If you >want< an SQL person, then definitely worth testing further there, if not stick with some abstraction.
I still think some of the 'unique' features of the PHP language can show how much the person has pressed the language, as another data point. Testing general skills overall is good. And testing some kind of form, login, security, etc. combo is good.
Dave, just came across this question again as I was looking through all my open contributions and just wanted to mention regarding your md5 passwords that if you forget an md5 hashed password you could alsways just replace the database entery by echoing an md5 password. For example:
<? echo md5("mynewpassword"); ?>
And then copy the string that has been printed into your database. You can then use mynewpassword as the password and thereby saving you the trouble of having to update all your login/user modification scripts when staging the application.
Diffused, I noticed that you haven't replied to this question since you first asked it. Are there any other issues you have regarding your situation that you would like us to address? Were we able to help steer you in the right direction? If not please don't hesitate to contact us so that we can assist you further.
Hope this helps.
<? echo md5("mynewpassword"); ?>
And then copy the string that has been printed into your database. You can then use mynewpassword as the password and thereby saving you the trouble of having to update all your login/user modification scripts when staging the application.
Diffused, I noticed that you haven't replied to this question since you first asked it. Are there any other issues you have regarding your situation that you would like us to address? Were we able to help steer you in the right direction? If not please don't hesitate to contact us so that we can assist you further.
Hope this helps.
Yeah, that doesn't help when I've got N sample users as well, and need to remember their passwords (as sometimes the staging is 'testing' with real people, yet I need account access...). Easier to just have it plaintext during development. And there's no "having to update all [my] login/user modification scripts" -- one function is used for encryption/hiding, and during staging it does nothing, while it does MD5 (or other) for deployment. Basically uncommenting one line switches the system to deploy-ready. ;)
Also, were I to want the MD5 on constantly, I'd sooner have a testing script (outside of the core code) that can 'poke' a password into a particular user account -- versus doing an echo of a string in a custom script, then pasting that string into the database. ;)
-d
Also, were I to want the MD5 on constantly, I'd sooner have a testing script (outside of the core code) that can 'poke' a password into a particular user account -- versus doing an echo of a string in a custom script, then pasting that string into the database. ;)
-d
Sure, good points dave and a very interesting look into how your development process works. I'll remember this post in the future as I may be able to speed up some of my own development.
ASKER
i wanted to give an assited answer to you ingwa, but have misplaced the button that performs this action, but thankyou for your responses also
No problem default, to accept an assist, I think it's done when you accept an answer but choose that it's assisted. No matter anyhow, glad I was able to help.
Ask about encapsulation and data hiding. It's one of the most fundamental concepts to good program design, and 9 out of 10 applications won't be able to come up with a good description. This one weeds out a LOT of applicants.
Travis