PHP Interview Questions

Q5: What are cookies? How to create cookies in PHP?

Ans: A cookie is a tiny piece of information that the server stores on the client's computer. They save information about a user to the browser. It is used to identify a user and is installed on the user's computer when they request a certain website. When a comparable PC requests a website with software, the cookie is also sent.

Cookies save the session id created at the back end after validating the user's identity in encrypted form. It must be installed in the machine's browser. You can only save string values because you cannot access any object from the website or web applications.

Cookies are URL-specific by default. Gmail cookies, for example, are not supported by Yahoo and vice versa. By default, cookies are transient and transitory. In a single website or web app, up to 20 cookies can be generated. The cookie's initial size is 50 bytes, and its maximum size is 4096 bytes.

Cookies may be created in PHP using the setcookie() function:

setcookie(name, value, expire, path, domain, secure, httponly);

Here name is mandatory, and the remaining parameters are optional.


setcookie(“instrument_selected”, “guitar”)

Q6: Explain Path Traversal

Ans: Path traversal is a type of attack that leads into a web application's files. The symbol '../' (dot-dot-sequences) is a cross-platform symbol that will appear in the directory. This symbol is used by path traversal to operate the web application file. Using path traversal beyond the root directory of a web server or application, the attacker can disclose the content of the file targeted. It is generally done to access secret passwords, tokens, and other sensitive data contained in files. Path traversal is also known as "Directory traversal." It enables the attacker to take advantage of vulnerabilities in the web file under assault.

Let's look at a basic example. Consider the following scenario: we have a "Show File" button that opens a URL. In a conventional directory traversal attack, the attacker may attempt to access the system file /etc/passwd (assuming a UNIX/LINUX system). If the program obtains the value of the file argument from the URL and sends it to a system call, it will traverse the relative path../../etc/passwd beginning with /var/www and request that the password file be loaded. This attack is also known as a dot-dot-slash attack because it often employs the special characters../ (or.. on Windows) to go to a higher-level directory.

Q7: What is the difference between the include() and require() functions?


include() function

This function is used to text-wise copy the contents of a file called within the function into the file from which it is called. When a file included in the script cannot be found, it will merely produce a warning (E WARNING), and the script will continue to run.

require() function:

The require() method works in the same way as the include() function. It also takes the needed file and puts the entire code into the file where the require() method is used. If the included file cannot be found, it generates a fatal error (E_COMPILE_ERROR) and stops the script.

Q8: How does the ‘foreach’ loop work in PHP?

Ans: The foreach statement is a looping technique in PHP that is used to cycle and loop over array data types. The operation of foreach is straightforward: with each pass of the value, elements are assigned a value, and pointers are increased. This procedure is continued until the end of the array is reached. The following is the syntax for using the foreach command in PHP:

foreach($array as $value) { Code inside the loop; }

Q9: What is Memcache and Memcached in PHP? Is it possible to share a single instance of a Memcache between several projects of PHP?

Ans: Memcached is a caching daemon specially intended to reduce database load in dynamic web applications. Memcache provides a convenient procedural and object-oriented interface to Memcached. Memcache is a type of memory cache. Memcache can be operated on a single or many servers. As a result, a single instance of Memcache may be shared by several projects. It is possible to set up a client to communicate with a different set of instances. As a result, two separate Memcache processes can operate on the same host. Despite sharing the same host, each of these Memcache processes remains independent unless data is partitioned.