Summarize and organize 39 PHP interview questions (summary sharing)

This article brings you relevant knowledge about PHP, which mainly introduces PHP interview questions and summarizes thirty-nine common There are many types of PHP interview questions, but they are all inseparable from the basic and common PHP interview questions. I hope it will be helpful to everyone.

## Recommended study: "

PHP Tutorial"

PHP Common interview questions

1. Detail a complete HTTP request process

The core of this question is domain name resolution and server (nginx) parsing these two parts. Basically, these two parts can be explained in detail.

Step 1. Parse the URL

The browser will parse the current URL data to determine whether the URL is a legal link. If it is a legitimate link, proceed to the next step normally. If it is not a legal link, the search function will be executed, such as Baidu, 360, Google search, etc.

Step 2, resolve the domain name

The server exists in the form of IP. The domain name needs to be resolved to IP. There are three small steps to resolve IP:

1), parse the domain name data from the browser's own cache

2), from the local computer's cache Resolve the domain name in the HOST file

3), resolve the domain name through the DNS server

Step 3, get the information

In this step we got the URL information, mainly the IP and port information.

Step 4. Packet and perform three-way handshake

The browser packages the request information and transmits the data to the server through TCP's three-way handshake.

Step 5. Server parses, processes, and returns data

The server obtains the passed data through various levels and methods, analyzes and processes the data, and finally returns response MIME type data. The normal status code is 200, and the abnormal error codes are 404, 500, 501, etc.

Step 6. The browser obtains, renders, and displays the data

The browser obtains the data from the server. Display the page to the user by loading resources, rendering the page and other operations.

2. What is the difference between SESSION and COOKIE? Please explain the reasons and functions of the protocol?

1), http stateless protocol, cannot distinguish users Whether they come from the same website, the same user requesting different pages cannot be regarded as the same user.

2), SESSION is stored on the server side, and COOKIE is stored on the client side. Session is relatively secure. Cookies can be modified by certain means and are not safe. Session relies on cookies for delivery.

After disabling cookies, the session cannot be used normally. Disadvantages of Session: It is saved on the server side, and each read is read from the server, which consumes resources on the server. Session is saved in a file or database on the server side. It is saved in a file by default. The file path is specified by session.save_path in the PHP configuration file. Session files are public.

3. What are the meanings of 302, 403, and 500 codes in HTTP status?

Principle of one, two, three, four and five: 1. Message series 2, success series 3. Redirect series 4. Request error series 5. Server-side error series

302: Temporary transfer successful , the requested content has been moved to a new location 403: Access Forbidden 500: Server Internal Error 401 represents unauthorized.

4. The command to create a compressed package and decompress the package under Linux

Tar.gz:

Packaging: tar czf file.tar.gz file.txt

Extract: tar xzf file.tar.gz

Bz2:

Package: bzip2 [-k] File

Extract: bunzip2 [ -k] File

Gzip (only files, not original files)

Package: gzip file1.txt

Decompress: gunzip file1.txt.gz

Zip: -r Pack the directory

: zip file1.zip file1.txt

Decompress: unzip file1.zip

5. Please write down the meaning of data type (int char varchar datetime text); what is the difference between varchar and char?

Int Integer char Fixed-length character Varchar Variable-length character Datetime Datetime type Text Text type The difference between Varchar and char char is a fixed-length character type. How much space is allocated will occupy as much space. Varchar is a variable-length character type. It takes up as much space as the content is, which can effectively save space. Since the varchar type is variable, the server has to perform additional operations when the data length changes, so the efficiency is lower than that of the char type.

6. What are the basic differences between MyISAM and InnoDB? How is the index structure implemented?

The MyISAM type does not support transactions and table locks, and is prone to fragmentation. It needs to be optimized frequently and has faster reading and writing speeds, while the InnoDB type supports transactions, row locks, and has crash recovery capabilities. Read and write speeds are slower than MyISAM.

Create index: alert table tablename add index (`field name`)

7. Send a cookie to the client without using cookies.

Understanding: When session_start() is turned on, a constant SID is generated. When COOKIE is turned on, this constant is empty. When COOKIE is turned off, the value of PHPSESSID is stored in this constant. By adding a SID parameter after the URL to pass the value of SESSIONID, the client page can use the value in SESSION. When the client opens COOKIE and the server opens SESSION. When the browser makes the first request, the server will send a COOKIE to the browser to store the SESSIONID. When the browser makes the second request, the existing

8. isset() and empty( ) Difference

Isset determines whether the variable exists. You can pass in multiple variables. If one of the variables does not exist, it returns false. empty determines whether the variable is empty and false. Only one variable can be passed. If Returns true if empty or false.

9. How many ways are there to persist redis?

Answer: There are two main ways:

1) Snapshot persistence

has been automatically enabled in the redis configuration file,

The format is: save N M

means that within N seconds, if redis is modified at least M times, redis will take a snapshot to the disk.

Of course we can also manually execute the save or bgsave (asynchronous) command to make a snapshot

2) append only file AOF persistence

There are three modes in total, such as

appendfsync The default of everysec is to force writing to the disk once per second

appendfsync always Force to write to the disk every time a write operation is performed

appendfsync no completely depends on the OS and performance The best but persistence cannot be guaranteed

The third mode is the best. Redis also adopts the third mode by default.

10.mysql storage engine

Answer: There are two commonly used ones, one is innodb and the other is myisam. The main difference between the two is

1) myisam does not support transaction processing, but innoDB supports transaction processing

2) myisam does not support foreign keys, innoDB supports foreign keys

3) myisam supports full-text retrieval, and innoDB only supports full-text search after MySQL version 5.6

4) The storage form of data is different. The mysiam table is stored in three files: structure, index, and data. InnoDB storage stores the structure as a file and index. And the data is stored as a file

5) myisam has better performance than innoDB in querying and adding data, and innoDB has higher performance in batch deletion.

6) myisam supports table locks, while innoDB supports row locks

11. What is sql injection and how to prevent sql injection?

Answer: SQL injection attacks refer to users or hackers passing in special inputs as parameters to our web application. Most of these inputs are some combinations in SQL syntax. By executing The SQL statement then performs the operation desired by the attacker. The main reason is that the programmer did not carefully filter the data entered by the user, causing illegal data to invade the system. Therefore, we must prevent sql injection during the development process, mainly from two aspects:

1) The placeholder method is to preprocess the sql statement and then execute the sql statement

2) Use addslashes or mysql_real_escape_string to escape the values ​​entered by the user and escape some special characters.

12. Is there any preprocessing used?

Answer: I have used it before. In the PDO class, there is a prepare method that can implement preprocessing. The exclude method in the PDOStament class can perform preprocessing. There are two types of preprocessing parameters. One is :String placeholder, the other is ? placeholder, :string placeholder passes in an associative array when performing preprocessing and passing parameters, while ? placeholder passes in an index array. The two cannot be mixed, but it is generally recommended to use: string placeholder.

13. Do you need to use your own processing when using a framework?

Answer: Generally, mature open source frameworks take data security into consideration, but sometimes we When some native SQL statements may be used, we need to consider preprocessing the SQL statements ourselves. Of course, sometimes we don't want to use the filtering method in the framework. For example, when using a text editor, we can use our own filtering method.

14.How to optimize mysql?

Answer: MySQL optimization is mainly achieved from the following aspects:

1) Design perspective: selection of storage engine, field type selection, paradigm

2 ) Functional perspective: You can make use of MySQL's own features, such as indexing, query caching, defragmentation, partitioning, sub-tables, etc.

3) Optimization of SQL statements: Try to simplify the query statement and use as few query fields as possible Reduce query fields, optimize paging statements, grouping statements, etc.

4) Deploy a heavy load architecture system: the database server is separated. When the load is heavy, master-slave replication and read-write separation mechanism can be used for design

5) Upgrade the database server from the hardware.

15. Please explain the difference between passing by value and passing by reference in PHP. When to pass by value and when to pass by reference?

Pass by value: Any changes to the value within the function scope will be ignored outside the function

Pass by reference: Any change to the value within the function scope will also be ignored outside the function Reflecting these modifications

Pros and Cons: When passing by value, PHP must copy the value. Especially for large strings and objects, this can be a costly operation. Passing by reference does not require copying the value, which is good for improving performance.

16. What is the function of error_reporting in PHP?

Set PHP's error reporting level and return the current level.

17. Use PHP to describe the quick sort algorithm. Can the object be an array?

Principle: Quick sort uses the divide-and-conquer strategy to divide the data sequence to be sorted into Two subsequences, the specific steps are:

(1) Pick an element from the sequence, call this element "baseline".

(2) Scan the array once, and arrange all the elements smaller than the "base" in front of the base, and all the elements larger than the "base" in the back of the base.

(3) Through recursion, divide each subsequence into smaller sequences until the subarray of elements smaller than the reference value and the subarray of elements greater than the reference value are sorted.

//快速排序（数组排序）
function QuickSort($arr){
 $num = count($arr);
 $l=$r=0;
 for($i=1;$i<$num;$i++){
  if($arr[$i] < $arr[0]){
   $left[] = $arr[$i];
   $l++;
  }else{
   $right[] = $arr[$i];
   $r++;
  }
 }
 if($l > 1){
  $left = QuickSort($left);
 }
 $new_arr = $left;
 $new_arr[] = $arr[0];
 if($r > 1){
  $right = QuickSort($right);
 }
 for($i=0;$i<$r;$i++){
  $new_arr[] = $right[$i];
 }
 return $new_arr;
}

18. Use PHP to describe sequential search and binary search (also called half search) algorithms. Sequential search must consider efficiency, and the object can be an ordered array

//二分查找（数组里查找某个元素）
function bin_sch($array, $low, $high, $k){
 if ($low <= $high){
  $mid = intval(($low+$high)/2);
  if ($array[$mid] == $k){
   return $mid;
  }elseif ($k < $array[$mid]){
   return bin_sch($array, $low, $mid-1, $k);
  }else{
   return bin_sch($array, $mid+1, $high, $k);
  }
 }
 return -1;
}
//顺序查找（数组里查找某个元素）
function seq_sch($array, $n, $k){
 $array[$n] = $k;
 for($i=0; $i<$n; $i++){
  if($array[$i]==$k){
   break;
  }
 }
 if ($i<$n){
  return $i;
 }else{
  return -1;
 }
}

19. Write a two-dimensional array sorting algorithm function that can be universal. You can call the PHP built-in function (array_multisort())

//二维数组排序， $arr是数据，$keys是排序的健值，$order是排序规则，1是升序，0是降序
function array_sort($arr, $keys, $order=0) {
 if (!is_array($arr)) {
  return false;
 }
 $keysvalue = array();
 foreach($arr as $key => $val) {
  $keysvalue[$key] = $val[$keys];
 }
 if($order == 0){
  asort($keysvalue);
 }else {
  arsort($keysvalue);
 }
 reset($keysvalue);
 foreach($keysvalue as $key => $vals) {
  $keysort[$key] = $key;
 }
 $new_array = array();
 foreach($keysort as $key => $val) {
  $new_array[$key] = $arr[$val];
 }
 return $new_array;
}

20. For the user to input a string String $string, it is required that $string can only contain numbers greater than 0 and English commas. Please use regular expressions to verify. If $string does not meet the requirements, an error message will be returned.

class regx { 
 public static function check($str) { 
 if(preg_match("/^([1-9,])+$/",$str)) { 
  return true; 
 } 
 return false; 
 } 
} 
$str="12345,6"; 
if(regx::check($str)) { 
echo "suc"; 
} else { 
echo "fail"; 
}

21. Singleton mode, create a singleton object linked to the mysqli database

class Db { 
 private static $instance; 
 public $handle; 
 Private function __construct($host,$username,$password,$dbname) { 
  $this->handle=NULL; 
  $this->getcon($host,$username,$password,$dbname); 
 } 
 public static function getBb() { 
  self::$instance=new Db(); 
  return self::$instance; 
 } 
 private function getcon($host,$username,$password,$dbname) { 
  if($this->handle!=NULL){ 
   return true; 
  } 
  $this->handle=mysqli_connect($host,$username,$password,$dbname); 
 } 
}

22. Where does the PHP session extension store session data by default? D

A ) SQLite Database

B) MySQL Database

C) Shared Memory

D) File System

E) Session Server

23. PHP's strtolower() and strtoupper() functions may cause Chinese characters to be converted into garbled characters when installing a server with a non-Chinese system. Please write two alternative functions to implement characters compatible with Unicode text. String case conversion

Answer: The reason is: Chinese is composed of multi-bytes, and only a single English character in the English system has only one byte, so the system converts each byte of Chinese All have been processed by strtolower(), and the changed Chinese characters will become garbled when spliced ​​together (the characters corresponding to the newly generated encoding map may not be Chinese)

Manual solution: use str_split(string string , intstring, intsplit_length = 1) Cut by each byte, like Chinese can be cut into three bytes. If the recognized bytes are English letters, they will be converted.

<?php  
function mystrtoupper($a){  
    $b = str_split($a, 1);  
    $r = &#39;&#39;;  
    foreach($b as $v){  
        $v = ord($v);  
        if($v >= 97 && $v<= 122){  
            $v -= 32;  
        }  
        $r .= chr($v);  
    }  
    return $r;  
}  
 
 
$a = &#39;a中你继续F@#$%^&*(BMDJFDoalsdkfjasl&#39;;  
echo &#39;origin string:&#39;.$a."\n";  
echo &#39;result string:&#39;;  
$r = mystrtoupper($a);  
var_dump($r);

24. PHP's is_writeable() function has a bug and cannot accurately determine whether a directory/file is writable. Please write a function to determine whether the directory/file is absolutely writable

Answer: The bug exists in two aspects,
1) In winddowns, when the file only has a read-only attribute, the is_writeable() function returns false. When true is returned, the file is not necessarily writable. of.
If it is a directory, create a new file in the directory and check by opening the file;
If it is a file, you can test whether the file is writable by opening the file (fopen).

2) In Unix, when safe_mode is turned on in the php configuration file (safe_mode=on), is_writeable() is also unavailable.
Read the configuration file to see if safe_mode is enabled.

/**
* Tests for file writability
*
* is_writable() returns TRUE on Windows servers when you really can't write to
* the file, based on the read-only attribute. is_writable() is also unreliable
* on Unix servers if safe_mode is on.
*
* @access   private
* @return   void
*/
if ( ! function_exists('is_really_writable'))
{
    function is_really_writable($file)
    {
    // If we're on a Unix server with safe_mode off we call is_writable
    if (DIRECTORY_SEPARATOR == '/' AND @ini_get("safe_mode") == FALSE)
    {
        return is_writable($file);
    }
 
    // For windows servers and safe_mode "on" installations we'll actually
    // write a file then read it. Bah...
    if (is_dir($file))
    {
        $file = rtrim($file, '/').'/'.md5(mt_rand(1,100).mt_rand(1,100));
 
        if (($fp = @fopen($file, FOPEN_WRITE_CREATE)) === FALSE)
        {
            return FALSE;
        }
 
        fclose($fp);
        @chmod($file, DIR_WRITE_MODE);
        @unlink($file);
        return TRUE;
    } elseif ( ! is_file($file) OR ($fp = @fopen($file, FOPEN_WRITE_CREATE)) === FALSE) {
        return FALSE;
    }
 
    fclose($fp);
    return TRUE;
    }
}

25.PHP处理上传文件信息数组中的文件类型$_FILES[‘type’]由客户端浏览器提供，有可能是黑客伪造的信息，请写一个函数来确保用户上传的图像文件类型真实可靠

答：用getimagesize来判断上传图片的类型比$_FILES函数的type更可靠
同一个文件，使用不同的浏览器php返回的type类型是不一样的，由浏览器提供type类型的话，
就有可能被黑客利用向服务器提交一个伪装撑图片后缀的可执行文件。
可以通过getimagesize()函数来判断上传的文件类型，如果是头像文件 会返回这样的一个数组

Array
(
    [0] => 331
    [1] => 234
    [2] => 3
    [3] => width="331" height="234"
    [bits] => 8
    [mime] => image/png
)；

26.如何实现PHP的安全最大化？怎样避免SQL注入漏洞和XSS跨站脚本攻击漏洞？

答：基本原则：不对外界展示服务器或程序设计细节（屏蔽错误），不相信任何用户提交的数据（过滤用户提交） 

1）屏蔽错误，将display_errors 设置为off 
2）过滤用户提交参数，这里需要注意的是不能仅仅通过浏览器端的验证，还需要经过服务器端的过滤

这里是需要注意最多的地方，因为所有用户提交的数据入口都在这里，这是过滤数据的第一步。
      1 考虑是否过滤select,insert,update,delete,drop,create等直接操作数据的命令语句
      2 使用addslashes 将所有特殊字符过滤
      3 打开magic_quotes_gpc，开启该参数数后自动将sql语句转换，将 ' 转换成  \'

3）可以考虑设置统一入口，只允许用户通过指定的入口访问，不能访问未经许可的文件等内容 
4）可以考虑对安全性要求高的文件进行来源验证，比如要想执行b.php必须先执行a.php，可以在b.php中判断来自a.php的referer,避免用户直接执行b.php

27.请写出让PHP能够在命令行下以脚本方式执行时安装PHP所必须指定的configure参数，并说明如何在命令行下运行PHP脚本（写出两种方式）同时向PHP脚本传递参数？

答：由于 –enable-cli 和 –enable-cgi 同时默认有效，因此，不必再配置行中加上 –enable-cli 来使得 CLI 在 make install 过程中被拷贝到 {PREFIX}/bin/php

php -f “index.php” 
php -r “print_r(get_defined_constants());”

28.PHP的垃圾收集机制是怎样的？

说明： 
１）如果，你熟悉PHP源码，那么请从源码入手，回答些问题，会获得额外加分 
２）如果，你不熟悉PHP源码，那么尽你所能，多写点东西，包括利用自己的编程直觉得到的信息，都可以。 
３）对，则有分，错误不扣，不写无分。

答：PHP可以自动进行内存管理，清除不再需要的对象。PHP使用了引用计数(referencecounting)这种单纯的垃圾回收(garbagecollection)机制。每个对象都内含一个引用计数器，每个reference连接到对象，计数器加1。当reference离开生存空间或被设为NULL，计数器减1。当某个对象的引用计数器为零时，PHP知道你将不再需要使用这个对象，释放其所占的内存空间。

29.get和post的区别?

1. get是从服务器上获取数据，post是向服务器传送数据。
2. get是把参数数据队列加到提交表单的ACTION属性所指的URL中，值和表单内各个字段一一对应，在URL中可以看到。post是通过HTTP post机制，将表单内各个字段与其内容放置在HTML HEADER内一起传送到ACTION属性所指的URL地址。用户看不到这个过程。
3. get传送的数据量较小，不能大于2KB。post传送的数据量较大，一般被默认为不受限制。
4. get安全性非常低，post安全性较高。但是执行效率却比Post方法好。

30.如何修改会话的生存时间？

一：在php.ini中设置session.gc_maxlifetime = 1440 //默认时间
二：代码实现      $ lifeTime = 24 * 3600; //保存一天
    session_set_cookie_params（$ lifeTime）; 
    在session_start（）;

31.微信支付回调失败该如何处理？

他问的是已经支付成功后，但是回调失败了。

自己可以创建定时任务在每天的凌晨执行，去微信那边对账，然后更新数据库订单状态。

32.调用区块链接口的安全措施，有那些实现方法？

来自PHP技术交流群 群友分享

1. 使用MD5实现对接口加签，目的是为了防止篡改数据。
2. 基于网关实现黑明单与白名单拦截
3. 可以使用rsa非对称加密 公钥和私钥互换
4. 如果是开放接口的话，可以采用oath2.0协议
5. 使用Https协议加密传输,但是传输速度慢
6. 对一些特殊字符实现过滤 防止xss、sql注入的攻击
7. 定期使用第三方安全扫描插件
8. 接口采用dto、do实现参数转化 ，达到敏感信息脱敏效果
9. 使用token+图形验证码方法实现防止模拟请求
10. 使用对ip访问实现接口的限流,对短时间内同一个请求(ip)一直访问接口 进行限制。

33.服务器受到dos攻击，这个问题如何应付？

看看你的服务的访问日志，在防火墙中加过滤，或者在web服务器中加过滤吧。方法有以下几种。

• 对于特定的IP访问的情况，限制IP访问
• 限制同一IP在单位时间内的访问次数
• 上级服务器，提高吞吐能力

是消耗服务器资源为主还是纯流量攻击？消耗资源的可以通过配置防火墙过滤规则防御中小规模的攻击。如果是纯流量攻击，考虑你用的是linode真心无解。即便你封了IP封了端口也没用，人家不管你接不接受他的请求，他都会塞满你的带宽。linode必然认为你是被流量攻击或者消耗过多资源然后给你挂起。

34.简述Linux下安装Mysql的过程？

Groupadd mysql 添加一个用户组mysql
Useradd -g mysql mysql 添加一个mysql用户指定分组为mysql
Cd /lamp/mysql 进入mysql目录
./configure –prefix=/usr/local/mysql/ –with-extra-charsets=all
Make
Make all

35.对于大流量的网站,您采用什么样的方法来解决访问量问题?

优化程序，优化数据库，如果程序和数据库已经最优化，使用以下解决方法：

• 确定当前服务器设备是否满足流量需求。
• 使用Memcache缓存技术，把动态内容缓存到文件中，动态网页直接调用这些文件，而不必再访问数据库。
• 禁止外部盗链，图片和文件外部盗链会给服务器带来大量的负载压力，可以通过refer来禁止外部盗链，或者使用apache来配置禁止盗链。
• 控制大文件的下载，大文件的下载对于非SCSI硬盘来说会占用大量的资源，导致服务器的响应能力下降。
• 使用不同的主机分流主要流量，使服务器均衡负载。
• 使用流量统计软件统计分析网站流量，可以知道哪些地方耗费了大量的流量，哪些页面需要再进行优化。

36.对关系型数据库而言，索引是相当重要的概念，请回答有关索引几个问题:

1）索引的目的是什么?

• 快速访问数据表中的特定信息，提高检索速度
• 创建唯一性索引，保证数据库表中每一行数据的唯一性
• 加速表和表之间的连接
• 使用分组和排序子句进行数据检索时，可以显著减少查询中分组和排序的时间

2) 索引对数据库系统的负面影响是什么?

负面影响：创建索引和维护索引需要耗费时间，这个时间随着数据量的增加而增加；索引需要占用物理空间，不光是表需要占用数据空间，每个索引也需要占用物理空间；当对表进行增、删、改的时候索引也要动态维护，这样就降低了数据的维护速度。

3) 为数据表建立索引的原则有哪些?

• 在最频繁使用的、用以缩小查询范围的字段上建立索引
• 在平频繁使用的、需要排序的字段上建立索引

4) 什么情况下不宜建立索引?

• 对于查询中很少涉及的列或者重复值比较多的列，不宜建立索引
• 对于一些特殊的数据类型，不宜建立索引，比如文本字段(text)，值范围较少的知道等。

37.PHP字符串中单引号与双引号的区别?

单引号不能解释变量，而双引号可以解释变量。

单引号不能转义字符，在双引号中可以转义字符。

38.求两个日期的差数，例如2021-2-5 ~ 2021-3-6 的日期差数

方法一：
<?php
class Dtime{
 function get_days($date1, $date2){
  $time1 = strtotime($date1);
  $time2 = strtotime($date2);
  return ($time2-$time1)/86400;
 }
}
$Dtime = new Dtime;
echo $Dtime->get_days(’2021-2-5′, ’2021-3-6′);
?>
方法二：
<?php
$temp = explode(‘-’, ’2021-2-5′);
$time1 = mktime(0, 0, 0, $temp[1], $temp[2], $temp[0]);
$temp = explode(‘-’, ’2021-3-6′);
$time2 = mktime(0, 0, 0, $temp[1], $temp[2], $temp[0]);
echo ($time2-$time1)/86400;
方法三：echo abs(strtotime(“2021-2-5″)-strtotime(“2021-3-1″))/60/60/24 计算时间差

39.有一个一维数组，里面存储整形数据，请写一个函数，将他们按从大到小的顺序排列。要求执行效率高。并说明如何改善执行效率。（该函数必须自己实现，不能使用php函数）

<?php
function BubbleSort(&$arr){
 $cnt=count($arr);
 $flag=1;
 for($i=0;$i<$cnt;$i++){
 if($flag==0){
  return;
 }
 $flag=0;
 for($j=0;$j<$cnt-$i-1;$j++){
  if($arr[$j]>$arr[$j+1]){
   $tmp=$arr[$j];
   $arr[$j]=$arr[$j+1];
   $arr[$j+1]=$tmp;
   $flag=1;
  }
 }
 }
}
$test=array(1,3,6,8,2,7);
BubbleSort($test);
var_dump($test);

推荐学习：《PHP视频教程》

The above is the detailed content of Summarize and organize 39 PHP interview questions (summary sharing). For more information, please follow other related articles on the PHP Chinese website!