Difficult PHP Interview Questions

I will be interviewing a PHP developer this week, and although myself have only worked briefly in PHP, only to the extent of building my own shopping cart application and general basic stuff. We usually write in JSP/Servlets.

We have a inhouse requirement to give the candidate a written exam, small 15mins - 30 minutes, to test their knowledge and weed out the casual/basic users.

I have had a look around on the web and found many PHP Interview questions, but majority of them are quite easy.
Does anybody have any suggestions on what i can ask a potential candidate, and to be included in a written examination.

I have already included general logic questions, but would like to ask something PHP specific, that somebody could complete within the above timeframe, without access to google etc.

Apoliges i have been lacking, interview is tommorow so i will mark this as high point value.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I got into PHP as a lark.  I'm trained as a traditional software engineer, multiple languages.  My belief is that a good software engineer is one that can come up with algorithms and approaches regardless of language.  Thus, find a standard set of 'test' questions, and decide which would test well any particular skills you are looking for outside of PHP specifically.

What in PHP language constructs might you want to test in more detail?  Intrinsic function use, like strpos, substr?  Class declaration in PHP5? (which I haven't really gotten into despite being a C++ programmer for more than a decade... but I guess someone corely doing PHP stuff, and who had leaned toward OOP, would be able to craft objects and overloads...)  Proper interaction with things like cookies/sessions, maybe building a quick set of security handling (login page and per-page security checks)?  Interesting use of PHP variable indexed arrays?  (I use them for fast reverse-lookups, or secondary keys, for a given dataset...).  Use of classic HTML forms, POST variables?  Hooking into MySQL?

Unfortunately, I'm also a programmer who will tap books, online resources, etc. constantly while coding.  I might have some things memorized due to frequent use, but I constantly forget say the order of operation of certain intrinsics (as some PHP intrinsics which would seem related actually have inverted parameter orders...).  You could test some of that if you are looking for someone who really works 40+ hours a week corely in PHP code and could know that all by heart...

Some other things beyond a really casual, basic user might be things like pass-by-reference parameters (which in earlier PHP versions had to be explicitly done as such), optional parameters with preset values, calling a function by string reference (again, I always forget how, but know it can be done and the rough approach) for say string-based tag processing in a custom template system, string based variable access (double-dollar, ie., $name = 'somevar'; $$name = 'foobar'; echo $somevar;).... stuff like that.

Just some random brainstorming for you,


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
This is a bit glib, but davebytes was right on target about algorithms and approaches.

Ask about encapsulation and data hiding.  It's one of the most fundamental concepts to good program design, and 9 out of 10 applications won't be able to come up with a good description.  This one weeds out a LOT of applicants.

Oh, this goes back to talking about security, cookies, POST, etc. (which I've only started playing with more myself the past 3-6 mos...), but how to write a secure form of some sort is always good.  Give them an abstracted access to MySQL of some sort, does the person know to take variables that are known to be numbers (or other data) and do SOME filtering on it before passing along in a query?  Sanity checking is for someone who has probably done more PHP than I have, lots of form processing, data in and out of a database, etc.  use of XX_escape_quotes functions or the like.

Again, I don't like to test (or be tested!) on remembering particular intrinsics, so long as you can get across the point in pseudo-code that the person knows about the topic areas you want to test (which, web programming + php you can test some standard things that a web programmer should have dealt with, OR at least a SMART programmer will give you ideas of how they might deal with a new area...).

Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

For PHP, the basics are web interface and database access. If you aren't doing those two things, you don't need to be using PHP.

A 15-30 minute test isn't going to give you much. Push for a solid 30-60.

Then ask them to code a form that shows the last 10 (or fewer) comments entered, and lets the user type a comment into a text box and add it to the database.

This tests PHP/HTML integration, knowledge of standard PHP program structures, and knowledge of database interaction.


Mark GilbertSenior Performance EngineerCommented:
Personally speaking, as a web developer who has being using php for the past 1 and a half years, I seriously think that online tools are crutial to enabling the person to code up what you want within the time frames.  For example, firewall the pc that the user will use to do their test and allow them to use php.net (or any of it's mirrors) and nothing else.  If they have their brains in order they will be able to use all the resources available to perform the tasks that you want them to fulfill.  

Reason why I say this is because although I have used php for the past 1.5 years, it's constantly evolving, becoming more secure, and functions are becoming easier to use when used in combination with logic, changes in syntax etc.

I think if the candidate can successfully connect to a database, insert records correctly depending on datatype, update those records, delete a record and return a full set of results using forms (all of which functionality you will test to ensure that the application works) then he's on the way to providing you with a good foundation to base your assessment on.  Additionally the user must secure the application so that you need to login to the system before you can gain access to it.  Have 2 levels of access and ensure that the different usernames filter out the results.  E.g:

if($grouplevel == 2) { $useradministrator = 1;} else{ $useradministrator = 0;}

And then in the page the form that enables you to add/update/delete user records (used in the authentication process) will either be visable if 1, or hidden and filtered out of 0.

If he can get this basic system into place within 1 hour then you know you have a winner.  Another point to ensure that he gets if he's thought really seriously about the security of the application is how the database stores the password.  I ALWAYS md5 hash encrypt my passwords before they are inserted into the database.  So look out for really long hashed strings stored in the databases and the function md5($_POST['password']) when the record is being inserted or updated.

Lets face it, we always use snippets, or code repositories when developing our applications so absolute specific syntax when doing a database connection is just too time consuming to always type from scratch.  If the candidate has access to php.net then he has enough tools available to him to replace his code repository.  It also shows initiative that he is able to look up information and find solutions when the pressure is on.

Other than these basic tasks you could change the requirements to read the file contents from a directory, write an xml file for each file, and display these results on screen.  The xml file gets created when a browser uploads a file so this will then enable you to see whether he understands the fundamentals of system access, and file writing.  Not easy tasks to acomplish when pushed for time such as an hour.

Hope this helps.
I'm glad ingwa echoed much of what I said last night.  good to know there's some agreement amongst brains around here. ;)  Oh, and btw I always MD5 passwords when I start shifting into production, but I don't during early development, especially if I don't have some kind of password-recovery method in place.  Makes forgetting PWs a bitch. ;)

Also remember you could have an adept PHP programmer who is NOT a database guru.  I can do much more than the average PHP coder I'm sure, but I still suck at some weird JOIN constructs.  If you >want< an SQL person, then definitely worth testing further there, if not stick with some abstraction.

I still think some of the 'unique' features of the PHP language can show how much the person has pressed the language, as another data point.  Testing general skills overall is good.  And testing some kind of form, login, security, etc. combo is good.
Mark GilbertSenior Performance EngineerCommented:
Dave, just came across this question again as I was looking through all my open contributions and just wanted to mention regarding your md5 passwords that if you forget an md5 hashed password you could alsways just replace the database entery by echoing an md5 password.  For example:

<? echo md5("mynewpassword"); ?>

And then copy the string that has been printed into your database.  You can then use mynewpassword as the password and thereby saving you the trouble of having to update all your login/user modification scripts when staging the application.

Diffused, I noticed that you haven't replied to this question since you first asked it.  Are there any other issues you have regarding your situation that you would like us to address?  Were we able to help steer you in the right direction?  If not please don't hesitate to contact us so that we can assist you further.  

Hope this helps.
Yeah, that doesn't help when I've got N sample users as well, and need to remember their passwords (as sometimes the staging is 'testing' with real people, yet I need account access...).  Easier to just have it plaintext during development.  And there's no "having to update all [my] login/user modification scripts" -- one function is used for encryption/hiding, and during staging it does nothing, while it does MD5 (or other) for deployment.  Basically uncommenting one line switches the system to deploy-ready. ;)

Also, were I to want the MD5 on constantly, I'd sooner have a testing script (outside of the core code) that can 'poke' a password into a particular user account -- versus doing an echo of a string in a custom script, then pasting that string into the database. ;)

Mark GilbertSenior Performance EngineerCommented:
Sure, good points dave and a very interesting look into how your development process works.  I'll remember this post in the future as I may be able to speed up some of my own development.
default_diffusedAuthor Commented:
i wanted to give an assited answer to you ingwa, but have misplaced the button that performs this action, but thankyou for your responses also
Mark GilbertSenior Performance EngineerCommented:
No problem default, to accept an assist, I think it's done when you accept an answer but choose that it's assisted.  No matter anyhow, glad I was able to help.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.