Summary of the interview in PHP

This article introduces the content of the interview summary of PHP, has a certain reference value, now share to everyone, the need for friends can refer to

PHP has collected some common basic and advanced questions.

Basic Article # # #

-the difference between Get and POST
-the difference between single and double quotation marks
-the difference between isset and empty
-the difference between echo, Print_r, print, Var_dump
-What is MVC?
-What is the difference between a pass and a reference?
-the difference between the Cookie and the Session and the relationship

> 1. Cookie on client (browser), Session on server side
> 2. Session is more secure than Cookie
> 3. A single Cookie cannot hold more than 4K of data
> 4. The session is Cookie-based and will fail if the browser disables cookie,session (but can be implemented in other ways, such as passing the Session ID in the URL)

# # # Advanced Article

-Brief introduction of S.O.L.I.D design principles

\- | - | -
--- | --- | ---
SRP | Single Responsibility Principle | The reason that a class has and only one change
OCP | Opening and Closing principle | The ability to extend the behavior of a class without changing the class
LSP | Richter Replacement Principle | A derived class can replace a base class using the
ISP | Interface Isolation Principles | Use client-specific fine-grained interfaces
DIP | Dependency Reversal Principle | Rely on abstraction rather than concrete implementation

-What are the differences between PHP7 and PHP5, and what are the new features?

> 1. Twice-fold performance improvement
> 2. Added a combined comparison operator (<=>)
> 3. Added scalar type declaration, return type declaration
> 4. ' Try...catch ' increases multi-conditional judgment, more error errors can be handled with exception
> 5. Added anonymous class, now 2018/3/5 8:45:53 by using the new class to instantiate an anonymous class, this can be used instead of some "burn after" full class definition

-Why PHP7 performance improved compared to PHP5?

> 1. Variable storage byte reduced, memory consumption reduced, variable operation speed increased
> 2. Improved array structure, array elements and hash mapping tables are allocated in the same piece of memory, reducing memory footprint and increasing CPU cache hit ratio
> 3. The mechanism of function invocation is improved, and some instructions are reduced to improve the efficiency of execution by optimizing the transfer of parameters.

-Summarize PHP garbage collection mechanism (GC)

> PHP 5.3 Before the use of reference counting to manage memory, PHP all the variables there is a variable called ' zval ' in the container, when the variable is referenced, the reference count will be +1, the variable reference count becomes 0 o'clock, PHP will destroy the variable in memory.
>
> However, a circular reference in the reference count, which does not reduce the reference count to 0, causes a memory leak.
>
> After the 5.3 release, these optimizations were made:
>
> 1. Not every time the reference count decreases, it goes into the recycle cycle, and only the root buffer is up after the garbage collection begins;
> 2. can solve the circular reference problem;
> 3. Memory leaks can always be kept below a threshold value.

Learn more about the PHP manual, [garbage collection mechanism] (http://docs.php.net/manual/zh/features.gc.performance-considerations.php).

-How to troubleshoot PHP memory overflow issues

> 1. Increase memory allocation for PHP scripts
> 2. Timely destruction after variable references
> 3. Batching data into batches

-What is the difference between Redis and memecached?

> 1. Redis supports richer types of data storage, String, Hash, List, set, and Sorted set. The Memcached supports only simple key-value structures.
> 2. Memcached Key-value Storage is more memory efficient than Redis uses a hash structure to make key-value storage.
> 3. Redis provides transactional functionality to guarantee the atomicity of a series of commands
> 4. Redis supports data persistence to keep in-memory data on disk
> 5. Redis uses only single cores, and Memcached can use multicore, so on average, Redis has a higher performance than Memcached for storing small data on each core.

-How does Redis achieve persistence?

> 1. RDB persistence, which saves Redis in-memory state to the hard disk, is equivalent to backing up the database state.
> 2. AOF Persistence (append-only-file), AOF persistence records the database by saving the write state of the Redis server lock execution. Equivalent to the command received by the backup database, all commands written to AOF are saved in the Redis protocol format.

# # # Web security guard

-What is CSRF? How to prevent?

> CSRF (Cross-site request forgery) is often referred to as "cross-site solicitation forgery", so it can be understood that an attacker steals a user's identity and thus deceives the server to complete the attack request.

Precautionary measures:

1. Using the Verification code
2. Add token tokens to each request and verify

-What is XSS? How to prevent?

> XSS (Cross Site Scripting), an attacker who inserts malicious script code into a Web page, and when the user browses to the page, the script code embedded inside the Web is executed to achieve the purpose of malicious attacks on the user.

There are many ways to prevent XSS attacks, the core essence of which is: Never trust the user's input data, always keep the user's data filtering.

-What is SQL injection? How to prevent?

> SQL injection is an attacker who deceives the server in some way, and executes some SQL that should not be executed.

Common scenarios for SQL injection

1. The database is injected with a large amount of garbage data, causing the server to run slowly and crash.
2. Exposing the application's privacy data with SQL injection

Precautionary measures:

1. Maintain the filtering of user data
2. Do not use dynamically assembled SQL
3. Add input validation, such as verification code
4. Encrypt the privacy data, prohibit the plaintext storage

# # Extended Reading

-[Phper Interview summary for 3 years] (http://coffeephp.com/articles/4?utm_source=laravel-china.org)
-[garbage collection mechanism] (http://docs.php.net/manual/zh/features.gc.performance-considerations.php)
-[S.O.L.I.D object-oriented design] (https://laravel-china.org/articles/4160/ solid-object-oriented-design-and-programming-oodoop-notes?order_by=created_at&)
-[Brief talk on ioc--What IOC is] (http://www.cnblogs.com/DebugLZQ/archive/2013/06/05/3107957.html)
-[The difference between Redis and memcached] (https://www.biaodianfu.com/redis-vs-memcached.html)
-[CSRF Attack and Defense] (https://www.cnblogs.com/phpstudy2015-6/p/6771239.html)
-[XSS Cross-site scripting attack] (HTTPS://WWW.CNBLOGS.COM/PHPSTUDY2015-6/P/6767032.HTML#_LABEL9)

Related recommendations:

2017php Classic Face question

2017 Latest PHP Classic interview topics Summary

Summary of PHP interview questions