Get the Preplance app for a seamless learning experience. Practice offline, get daily streaks, and stay ahead with real-time interview updates.
Get it on
Google Play
4.9/5 Rating on Store
Google · PHP
Practice PHP questions specifically asked in Google interviews – ideal for online test preparation, technical rounds and final HR discussions.
Questions
91
Tagged for this company + subject
Company
View company-wise questions
Subject
PHP
Explore topic-wise practice
Go through each question and its explanation. Use this page for targeted revision just before your Google PHP round.
To prevent CSRF, generate a random token, store it in the session, and include it as a hidden form field. Verify the token when the form is submitted. If it doesn’t match, reject the request.
// Generate token $_SESSION['token']=bin2hex(random_bytes(16));
For complete preparation, combine this company + subject page with full company-wise practice and subject-wise practice. You can also explore other companies and topics from the links below.
Cookies have attributes like name, value, expiry time, path, domain, and flags such as Secure and HttpOnly. The Secure flag ensures cookies are sent only over HTTPS, and HttpOnly prevents access from JavaScript for safety.
An abstract class cannot be instantiated directly. It can contain abstract methods that must be defined by child classes. Abstract classes are useful when creating a base class for related objects. Example: abstract class Animal { abstract function sound(); } class Dog extends Animal { function sound(){ echo 'Bark'; } }
abstract class Shape { abstract function area(); }Polymorphism means one interface, many implementations. In PHP, it allows different classes to define methods with the same name but different behaviors. It improves code flexibility. Example: interface Shape { public function draw(); } class Circle implements Shape { function draw(){ echo 'Drawing Circle'; } } class Square implements Shape { function draw(){ echo 'Drawing Square'; } }
interface Shape { function draw(); }String interpolation means embedding variables inside double-quoted strings. PHP replaces variables with their values. It doesn't work in single quotes.
$name='John'; echo "Hello $name"; // prints Hello John
You can extend the Exception class to make your own. Inside the catch block, you can handle it differently. Example: class InvalidAgeException extends Exception {} function checkAge($age){ if($age<18) throw new InvalidAgeException('Too young'); } try{ checkAge(15); } catch(InvalidAgeException $e){ echo $e->getMessage(); }
class MyException extends Exception {}A file pointer represents the current position in an open file. Each read or write operation moves the pointer forward. You can manually reposition it using functions like fseek and rewind.
fseek($handle,0);
CRUD stands for Create, Read, Update, and Delete. Create inserts new records, Read retrieves them, Update modifies existing ones, and Delete removes them. All four are performed using SQL queries with secure data handling practices.
During logout, destroy all session data using session_unset and session_destroy, remove authentication cookies if any, and redirect the user to a public page. This ensures that no residual session data can be reused.
cURL supports multiple protocols, handles headers and cookies, and allows sending data in different formats like JSON or form-data. It is flexible for interacting with REST APIs or external web services securely.
Unset large arrays after use, close database connections, use generators instead of arrays for iteration, and process files in chunks. Avoid loading unnecessary libraries or classes to keep memory consumption minimal.
Facades provide a static interface to classes registered in the Laravel service container. They make code cleaner and allow quick access to framework features like Cache, DB, and Route without creating objects manually.
Middleware ensures that requests meet specific conditions before processing. It enhances security and efficiency by handling authentication, role checking, and input validation at a centralized layer.
You can split the string into an array of words, reverse the array, and join it back into a string. This rearranges word order rather than individual letters.
$words = explode(' ', $str); echo implode(' ', array_reverse($words));A palindrome check can be done by comparing the string with its reversed version. If both are equal, the string is a palindrome.
if($str == strrev($str)) echo 'Palindrome';
Use caching for static data, load balancing across multiple servers, database optimization, asynchronous job queues, and CDNs for assets. Stateless design helps distribute load efficiently.
Tools like Xdebug and Laravel Telescope help inspect runtime errors, variable states, and queries. Logging with Monolog and using PHP’s built-in error_log also simplify debugging and monitoring in real projects.
Both are used to output data. Echo can take multiple parameters and is slightly faster. Print can take only one argument and always returns one, so it can be used in expressions.
echo 'Hi'; print 'Hello';
PHP has four main scopes: local, global, static, and parameter. Local variables exist inside functions. Global variables are declared outside functions and accessed with the global keyword. Static variables keep their value between function calls. Parameters are variables passed to functions.
When a user submits credentials, the system validates them against stored data. If valid, a new session is created with user details. On subsequent pages, PHP checks the session to maintain authentication until logout or session expiry.
Variables inside a function are local by default. To access global variables inside a function, you use the global keyword or the $GLOBALS array.
function show(){ global $x; echo $x; }Artisan automates repetitive development tasks like creating controllers, models, and migrations. It improves productivity, reduces manual errors, and helps with tasks like database seeding and clearing caches.
Eloquent supports relationships like one-to-one, one-to-many, and many-to-many. These allow models to access related data through readable methods, simplifying database joins and queries.
Laravel offers clean syntax, built-in authentication, robust routing, ORM with Eloquent, easy database migrations, Blade templates, and a large community. It enables rapid and secure web application development.
SQL injection occurs when untrusted input is directly used in SQL queries, allowing attackers to manipulate database commands. It can be prevented using prepared statements, parameter binding, and input validation before executing queries.
Always check return values from functions like fopen, fread, and fwrite. Use file_exists before accessing, and handle failures gracefully using try-catch with file operations or proper conditional checks.
MySQLi works only with MySQL, while PDO supports multiple databases like SQLite and PostgreSQL. PDO provides a consistent API and supports named parameters, while MySQLi offers both object-oriented and procedural styles.
You can check connection results and display user-friendly messages instead of system errors. For PDO, you can enable exceptions using error mode attributes to handle errors cleanly without exposing sensitive information.
A transaction is a sequence of SQL operations that execute as a single unit. It ensures data integrity. You can start a transaction, execute multiple queries, and either commit or roll back if something fails.
$pdo->beginTransaction(); $pdo->commit();
PDO can throw exceptions on errors when error mode is set to ERRMODE_EXCEPTION. This allows structured error handling through try-catch blocks instead of checking return values manually.
Use environment variables for credentials, close unused connections, use persistent connections only when needed, and always use prepared statements. Avoid hardcoding passwords or connection details directly in scripts.
GET sends data through the URL, has length limits, and is visible in the address bar. POST sends data in the request body, making it safer for confidential data like passwords.
You can validate data using functions like empty(), isset(), filter_var(), and regular expressions. Always sanitize inputs to prevent attacks like SQL injection.
if(empty($_POST['name'])) echo 'Name required';
To end a session, use session_unset() to remove variables and session_destroy() to delete the session file on the server.
session_unset(); session_destroy();
Use POST instead of GET for sensitive data, validate and sanitize inputs, use HTTPS, limit file types on upload, and use tokens to prevent CSRF. Also, escape outputs to prevent XSS.
You can cast a string to an integer using (int) or the intval() function. Example: intval('25') returns 25. Type casting helps in performing numeric operations safely.
$num = (int)'25';
PHP is an interpreted language. The server reads PHP files, processes the code through the PHP interpreter, and sends the resulting HTML to the client browser. This means users never see the actual PHP code.
You can prevent CSRF by generating a unique token stored in the session and embedding it in each login form. When the form is submitted, the server verifies that the token matches the one stored, ensuring the request is genuine.
A constructor (__construct) runs automatically when an object is created, often to initialize values. A destructor (__destruct) runs when an object is destroyed or the script ends, used for cleanup like closing database connections. Example: class FileHandler { function __construct(){ echo 'Opening file'; } function __destruct(){ echo 'Closing file'; } }
class Demo { function __construct(){} function __destruct(){} }Nested loops are loops inside another loop. The inner loop runs completely for each iteration of the outer loop. They are often used for multidimensional arrays or patterns.
for($i=0;$i<3;$i++){ for($j=0;$j<3;$j++){ echo $i.$j; } }An associative array uses named keys instead of numeric indexes. It is useful for mapping data like name to value pairs.
$user = array('name'=>'John','age'=>25);Recursion means a function calls itself until a condition is met. It is used in problems like factorial or tree traversal. Care must be taken to avoid infinite loops.
function fact($n){ if($n==1) return 1; return $n*fact($n-1); }A multidimensional array contains one or more arrays inside it. It helps represent complex data like tables. Access elements using multiple indexes.
$matrix = [[1,2,3],[4,5,6]]; echo $matrix[1][2];
Common string functions include strlen for length, strtolower and strtoupper for case conversion, str_replace for replacement, and strpos for searching a substring.
strpos('hello world','world');You can loop through arrays using foreach or for loops. foreach is best for associative arrays. You can access both key and value easily.
foreach($arr as $key=>$val){ echo $key.'='.$val; }Anonymous functions are functions without a name. They are used as arguments to other functions or stored in variables. Closures can access variables from their parent scope using the use keyword.
$add = function($a,$b){ return $a+$b; }; echo $add(2,3);When a variable is passed by reference, the function gets the original variable, not a copy. Changes inside the function affect the original. Use an ampersand before the parameter name.
function addOne(&$num){ $num++; } $x=5; addOne($x);PHP code usually starts with <?php and ends with ?>. Short tags <? and ?> are also supported if enabled in configuration. The long tag is preferred for portability.
<?php echo 'Hello'; ?>
Encapsulation means binding data and methods together while restricting direct access to some data. It is achieved using private and protected access modifiers. This helps maintain control over how data is accessed or changed. Example: class BankAccount { private $balance = 0; public function deposit($amount){ $this->balance += $amount; } public function getBalance(){ return $this->balance; } }
class BankAccount { private $balance; }Cloning creates a new object with the same properties as another object. PHP provides the clone keyword for this. You can also define a __clone() method to modify behavior after cloning. Example: class User { public $name; } $u1 = new User(); $u1->name = 'John'; $u2 = clone $u1; $u2->name = 'Sam'; Now $u1 and $u2 are separate objects.
$obj2 = clone $obj1;
Late static binding allows a child class to reference static methods or properties defined in the parent class using the static keyword instead of self. It ensures that methods refer to the class where they are actually called, not where they are defined. Example: class A { static function who(){ echo __CLASS__; } static function test(){ static::who(); } } class B extends A { static function who(){ echo __CLASS__; } } B::test(); // Outputs B
class Base { static function who(){} static function call(){ static::who(); } }You can define a custom function that handles errors and register it using set_error_handler(). This allows you to manage errors in your own way, such as logging or displaying user-friendly messages. Example: function myErrorHandler($errno, $errstr){ echo 'Error: '.$errstr; } set_error_handler('myErrorHandler');
set_error_handler('handlerFunction');All exceptions in PHP inherit from the Throwable interface. Throwable has two main classes: Error and Exception. The Exception class is for traditional exceptions, while Error represents fatal issues like memory or syntax problems.
An Exception object provides methods like getMessage(), getCode(), getFile(), and getLine(). They help identify the reason and location of an error. Example: try { throw new Exception('Missing file'); } catch (Exception $e) { echo $e->getMessage(); echo $e->getFile(); }
$e->getMessage(); $e->getFile();
Best practices include: 1. Using try-catch for predictable errors. 2. Logging errors using error_log(). 3. Displaying friendly error pages for users. 4. Keeping display_errors off in production. 5. Validating input to prevent runtime issues. 6. Using custom exceptions for modular handling. This ensures both developer clarity and user safety.
Fatal errors stop script execution immediately, like calling undefined functions. Exceptions, however, can be caught and handled with try-catch blocks. Example: Fatal: echo undefinedFunction(); Exception: throw new Exception('Handled safely');
fread requires a file handle and reads data in chunks, while file_get_contents reads the entire file directly. fread is suitable for large files or streaming, whereas file_get_contents is best for small files.
fread($handle, filesize('data.txt'));PHP stores uploaded files in a temporary directory using the $_FILES array. You can then move them to a permanent location using move_uploaded_file. Always validate the file type and size for security.
move_uploaded_file($_FILES['photo']['tmp_name'],'uploads/photo.jpg');
PHP provides mkdir to create a directory, rmdir to remove one, and opendir, readdir, closedir to loop through files inside a folder. scandir can also list all files quickly.
mkdir('uploads');Always check the MIME type and extension, limit maximum file size, rename uploaded files, and store them outside the web root. Never trust the file name sent by the user to avoid code injection.
Cookies store data on the client-side, while sessions store data on the server-side. Cookies persist even after the browser is closed unless expired, whereas sessions usually end when the browser closes. Sessions are safer because data is not directly accessible to users.
The 'Remember Me' feature stores a long-lived token in a secure cookie when a user logs in. On subsequent visits, the token is validated with the database to auto-login the user. It should always use encrypted tokens to prevent hijacking.
To secure sessions, use HTTPS to encrypt cookies, regenerate session IDs after login to prevent fixation, set session cookies with HttpOnly and Secure flags, and store minimal sensitive data in sessions.
A REST API response usually includes a status code, headers, and a body. The body often contains data in JSON format along with success or error messages. Headers describe content type and caching rules.
A PHP script reads the HTTP method (GET, POST, etc.), processes input data, performs logic like database operations, and returns a response with proper headers and status codes to the client.
JSON is lightweight, easier to read, and integrates naturally with JavaScript. It requires less bandwidth and simpler parsing compared to XML, making it ideal for fast web communication.
REST is based on stateless communication, resource-based URLs, standard HTTP methods, representation through JSON or XML, and the use of standard status codes for responses.
Headers like X-Frame-Options, Content-Security-Policy, and X-Content-Type-Options protect against attacks such as clickjacking, cross-site scripting, and MIME sniffing. Setting them correctly hardens PHP web apps against common exploits.
Token-based authentication verifies users using a unique token generated after login. The token is sent with each API request, and the server validates it before allowing access, eliminating the need to store credentials in every request.
Caching in PHP includes opcode caching, data caching, and page caching. Opcode caching stores compiled PHP code, data caching saves computed results in memory or files, and page caching stores whole rendered pages to speed up load times.
Namespaces prevent naming collisions between classes, functions, or constants from different parts of an application or external libraries. They make the codebase modular, organized, and easier to maintain.
Lazy loading delays object creation or resource initialization until it is actually needed. It reduces startup time and memory usage, improving overall performance in large systems.
Use caching like OPCache, minimize database queries, reuse database connections, enable output buffering, avoid unnecessary loops, and use modern PHP versions. Keeping code modular and using Composer dependencies efficiently also boosts performance.
The error suppression operator hides warnings and errors, making debugging difficult. It can also degrade performance because PHP must check and handle suppressed errors internally, even though they’re not shown.
Instead of file-based sessions, use database or in-memory stores like Redis for faster access. Regenerate session IDs periodically and use distributed session storage for load-balanced servers to maintain consistency.
Match is an expression that returns a value, uses strict comparison by default, and doesn’t require break statements. It’s more concise and avoids fall-through issues common in switch statements.
Attributes add metadata to code structures. They are commonly used in frameworks for routing, validation, or ORM configuration, replacing PHPDoc comments with structured syntax that can be parsed at runtime.
It simplifies null checks by allowing chained property or method calls without explicit if statements. If any object in the chain is null, the entire expression safely returns null instead of causing an error.
JIT compilation turns frequently executed PHP bytecode into native machine code at runtime. This reduces CPU overhead, leading to faster execution for computation-heavy scripts like data processing or graphics generation.
PHP 8 introduced faster performance with JIT, better type safety using union and mixed types, cleaner syntax through constructor property promotion, and improved developer experience with named arguments and match expressions. It also enhanced error handling and security consistency.
A request enters Laravel through public/index.php, is handled by middleware, routes to a controller via the router, executes business logic, and returns a response. Service providers and middleware play key roles in preparing the environment.
You can use array_unique to remove duplicate entries. It keeps only the first occurrence of each value and returns a new array with unique elements.
$unique = array_unique($arr);
PHP provides str_word_count to count how many words exist in a given string. This is often used for text analysis and content length checks.
str_word_count('Hello world!');You can use the built-in functions max and min to quickly retrieve the highest and lowest values in an array without manually looping through the data.
max($arr); min($arr);
The array_diff function compares two or more arrays and returns values from the first array that are not present in the others.
array_diff($arr1,$arr2);
You can use nested loops. The outer loop controls rows, and the inner loop prints spaces and stars in each row, creating a pyramid shape. This tests logical thinking and loop control understanding.
Use caching mechanisms like OPCache, minimize database queries, reuse database connections, avoid nested loops, and leverage built-in PHP functions instead of manual logic. Using the latest PHP version also improves execution speed.
Always sanitize user input, escape output, use prepared statements for database queries, hash passwords, disable display_errors in production, validate file uploads, and keep the PHP version updated for latest security patches.
If not validated, malicious files like PHP shells can be uploaded and executed. To secure uploads, restrict file types, limit file sizes, rename files on upload, and store them outside the public web root.
Always use environment variables for secrets, run composer install with optimized autoload, enable caching, compress assets, set correct file permissions, and monitor logs. Use CI/CD pipelines for safe, repeatable deployments.
Check PHP version differences, missing extensions, incorrect file permissions, or case-sensitive filenames on Linux. Reviewing logs and environment configuration usually reveals the mismatch causing failure.