Skip to main content

Questions for mid-level PHP developer candidates


I often get CV's from developers applying for positions. Some colleges give people a certificate without really giving the candidate any problem solving skills or real understanding of theory. Here are some standard questions that I ask candidates to complete with pen and paper without access to Google. They cover basic OOP theory, logic, basic PHP syntax, and try to get some idea of the candidates passion for learning.

In the rare occasion that a candidate actually bothers to investigate the company and finds my blog they will naturally be expected to do well on this quiz.  I guess that's bonus marks for being prepared :p

PHP quiz
========

1)  Explain what SQL injection is and give TWO ways to combat it
2)  If you type hint an interface name in a function argument what sort of variables can you pass?
3)  What is an abstract class?
4)  How would you call the construct method of a parent class inside 
a child of that class?
5)  Given two variables $a and $b which contain integer numbers.  
Swap the values of $a and $b without declaring a third variable and using 
only the mathematical functions +,*,-,/
6)  Define a class called House that has an owner property and a method 
called sell that accepts a string parameter which changes the owner
7)  Explain call by value and call by reference.  Which method does PHP5 
use when passing primitive variable types and objects?
8)  What does AJAX stand for?  Write a jQuery AJAX call to 'weather.php' 
which updates the contents of with the results from that file
9)  What is the safest PHP function to use to filter output to prevent XSS?
10) What is the difference between GET and POST?
11) What is your approach to unit and integration testing?
12) What are traits used for and how would you include one in your class?
13) What design patterns are you familiar with?  What do you think about 
the use of the Singleton pattern in PHP?
14) Write a program to roll two six-sided dice 10,000 times.  Sum the two
values on each roll.  At the end of the program run output the average sum 
of all the rolls.
15) What is the value of $a if $a = ( '42' === 42 ) ? 'answer one' : 'answer two';

Feel free to use any or all of these questions if you like them.  They're awkwardly formatted on the blog because of the template I'm using.  I have shared a raw copy on Google Docs.

I have seen question number 5 done in a single line by the way (usually it takes three).
Labels:

Comments

  1. Unknown25 August 2014 at 10:00

    good help but i have never worked with php on any project yet seem to know\meet almost every question. Does it mean that i can be middle php programmer? :D

    also, if not too hard, could you explain what should junior php developer know? what should middle php developer know? I am largely confused about this. hope you read this...

    ReplyDelete
    Replies
    1. Andrew Beak25 August 2014 at 10:34

      I didn't focus on syntax questions because Google and php.net are available while you code. Also you get taught this stuff in college and I've found that some people I interview who have done a college course in PHP don't really know how to program even if they do know basic syntax.

      I don't think many PHP developers will claim to know the syntax of every single command. In my opinion it's more important that you show general programming ability rather than specific syntax knowledge. When judging the answers provided it should be clear whether the person actually knows PHP as a language and will be proficient enough to code in it.

      If you know the answers to the questions then I'm guessing you're already a programmer in another language. Syntactically PHP is similar to C and so if you know any of the C type languages you'll pick PHP up quite quickly. Translating your existing programming knowledge to PHP should be a question of answering the question "how do I do this in PHP" because you've already answered the question of "how do I do this".

      There are of course a number of best practices and important security considerations that you have to know before coding in PHP. I would argue that if a mid-level developer knows both ways of securing a SQL statement then you can verbally go through some of the other issues ( CSRF, XSS, and other attack vectors ) to make sure they won't code sloppily.

      Programming languages are just tools and not every tool is best for every job. If you already know a couple of languages then adding PHP for web development won't be a stretch for you.

      For me the difference between a junior developer and a mid-level developer is their ability to problem-solve or debug. Mid-level PHP developers will of course be more familiar with PHP and its syntax but I expect them to be more proficient in their ability to analyze and solve problems.

      Delete

Post a Comment

Popular posts from this blog

Separating business logic from persistence layer in Laravel

There are several reasons to separate business logic from your persistence layer.  Perhaps the biggest advantage is that the parts of your application which are unique are not coupled to how data are persisted.  This makes the code easier to port and maintain. I'm going to use Doctrine to replace the Eloquent ORM in Laravel.  A thorough comparison of the patterns is available  here . By using Doctrine I am also hoping to mitigate the risk of a major version upgrade on the underlying framework.  It can be expected for the ORM to change between major versions of a framework and upgrading to a new release can be quite costly. Another advantage to this approach is to limit the access that objects have to the database.  Unless a developer is aware of the business rules in place on an Eloquent model there is a chance they will mistakenly ignore them by calling the ActiveRecord save method directly. I'm not implementing the repository pattern in all its glory in this demo.  
Post a Comment
Read more

Fixing puppet "Exiting; no certificate found and waitforcert is disabled" error

While debugging and setting up Puppet I am still running the agent and master from CLI in --no-daemonize mode.  I kept getting an error on my agent - ""Exiting; no certificate found and waitforcert is disabled". The fix was quite simple and a little embarrassing.  Firstly I forgot to run my puppet master with root privileges which meant that it was unable to write incoming certificate requests to disk.  That's the embarrassing part and after I looked at my shell prompt and noticed this issue fixing it was quite simple. Firstly I got the puppet ssl path by running the command   puppet agent --configprint ssldir Then I removed that directory so that my agent no longer had any certificates or requests. On my master side I cleaned the old certificate by running  puppet cert clean --all  (this would remove all my agent certificates but for now I have just the one so its quicker than tagging it). I started my agent up with the command  puppet agent --test   whi
Post a Comment
Read more

Redirecting non-www urls to www and http to https in Nginx web server

Image: Pixabay Although I'm currently playing with Elixir and its HTTP servers like Cowboy at the moment Nginx is still my go-to server for production PHP. If you haven't already swapped your web-server from Apache then you really should consider installing Nginx on a test server and running some stress tests on it.  I wrote about stress testing in my book on scaling PHP . Redirecting non-www traffic to www in nginx is best accomplished by using the "return" verb.  You could use a rewrite but the Nginx manual suggests that a return is better in the section on " Taxing Rewrites ". Server blocks are cheap in Nginx and I find it's simplest to have two redirects for the person who arrives on the non-secure non-canonical form of my link.  I wouldn't expect many people to reach this link because obviously every link that I create will be properly formatted so being redirected twice will only affect a small minority of people. Anyway, here's
Post a Comment
Read more