Interview Prep | PHP
PHP Interview Questions

Entry, Mid, and Advanced PHP questions with short answers. Use search to filter questions quickly.

Entry Mid Advanced
🔍
• Entry Level

PHP Entry Level Q&A

Back to Top ↑
💻
Q1. include vs require?
A. require is fatal if missing; include warns and continues. Use require for critical files.
Entry
💻
Q2. What are superglobals?
A. Arrays like $_GET, $_POST, $_SERVER, $_SESSION, $_COOKIE, $_FILES, $_ENV, $GLOBALS.
Entry
💻
Q3. == vs === in PHP?
A. == does type juggling; === compares value and type strictly. Prefer ===.
Entry
💻
Q4. What is a session?
A. Server-side state identified by a session id (usually stored in a cookie).
Entry
💻
Q5. How do you start a session?
A. Call session_start() before output, then use $_SESSION.
Entry
💻
Q6. echo vs print?
A. Both output strings; echo can take multiple args; print returns 1.
Entry
💻
Q7. What are arrays in PHP?
A. Ordered maps supporting numeric and string keys (used like lists or dictionaries).
Entry
💻
Q8. What is a function in PHP?
A. Reusable block of code defined with function name() { ... } and callable by name.
Entry
• Mid Level

PHP Mid Level Q&A

Back to Top ↑
⚙️
Q1. What are namespaces used for?
A. They prevent name collisions and organize code (e.g., Vendor\Package\Class).
Mid
⚙️
Q2. What is autoloading?
A. Automatically loading class files when referenced (commonly Composer PSR-4).
Mid
⚙️
Q3. What is PDO and why use it?
A. A DB access layer supporting prepared statements; helps prevent SQL injection.
Mid
⚙️
Q4. How do you prevent XSS?
A. Use htmlspecialchars for HTML output, escape by context, and validate inputs.
Mid
⚙️
Q5. What is a trait?
A. A mechanism for code reuse across classes without inheritance.
Mid
⚙️
Q6. Error vs Exception?
A. Exceptions are throwable/catchable. Errors represent serious issues; both implement Throwable in modern PHP.
Mid
⚙️
Q7. Visibility modifiers?
A. public/protected/private control where properties/methods are accessible.
Mid
⚙️
Q8. How do you handle file uploads safely?
A. Validate mime/size, store outside web root, randomize names, and never execute uploaded files.
Mid
• Advanced Level

PHP Advanced Level Q&A

Back to Top ↑
🚀
Q1. How to prevent SQL injection?
A. Use prepared statements with bound parameters (PDO/mysqli). Never concatenate user input into SQL.
Advanced
🚀
Q2. What is CSRF and how to mitigate it?
A. Cross-site request forgery. Mitigate with CSRF tokens, SameSite cookies, and origin checks.
Advanced
🚀
Q3. How should passwords be stored?
A. Use password_hash (bcrypt/argon2) and password_verify. Never store plaintext or MD5/SHA1 hashes.
Advanced
🚀
Q4. What is OPCache?
A. Caches compiled PHP bytecode to speed up performance and reduce CPU overhead.
Advanced
🚀
Q5. What is dependency injection?
A. Passing dependencies into classes/functions instead of creating them inside; improves testability.
Advanced
🚀
Q6. What is a middleware pattern?
A. A pipeline that processes requests/responses in steps (common in frameworks).
Advanced
🚀
Q7. How to handle errors in production?
A. Disable display_errors, log errors, use centralized error handlers, and show user-friendly pages.
Advanced
🚀
Q8. What is XSS?
A. Injecting scripts into pages. Prevent with escaping, sanitization, and strict CSP.
Advanced