Shulou(Shulou.com)06/02 Report--

This article mainly introduces "what are the interview questions for PHP programmers". In the daily operation, I believe many people have doubts about the interview questions for PHP programmers. The editor consulted all kinds of materials and sorted out simple and easy-to-use methods of operation. I hope it will be helpful to answer the questions of "what are the interview questions for PHP programmers?" Next, please follow the editor to study!

1. Garbage collection mechanism of php

PHP can automatically manage memory and clear unwanted objects.

PHP uses the reference count (reference counting) GC mechanism.

Each object contains a reference counter refcount, each reference is connected to the object, and the counter is added by 1. When reference leaves the living space or is set to NULL, the counter is minus 1. When an object's reference counter is 00:00, PHP knows that you will no longer need to use the object, freeing up its memory footprint.

2. The difference and relationship between session and cookie

Difference:

1. Storage location: Session is saved on the server and Cookie on the client.

two。 Storage form: Session is saved in the form of object in the server, Cookie is saved in the form of string in the client.

3. Purpose: Cookies is suitable for saving users' personal settings, hobbies, etc., and Session is suitable for customer authentication

4. Paths: Session cannot distinguish between paths, and all Session can be accessed anywhere during the same user's visit to a website. However, if the path parameter is set in Cookie, then the Cookie under different paths in the same site cannot access each other.

5. Security: Cookie is not very secure. Others can analyze the COOKIE stored locally and cheat on COOKIE. Session should be used for security.

6. Size and quantity limit: the number of cookie contained in each domain name: IE7/8,FireFox:50, Opera30; the total size of Cookie: Firefox and Safari allow cookie up to 4097 bytes, Opera allows up to 4096 bytes for cookie, and InternetExplorer allows up to 4095 bytes for cookie. It is generally believed that Session has no size and quantity limit.

Relationship:

Session needs Cookie to work properly. If the client completely forbids Cookie,Session, it will become invalid! Because Session is a server-side storage space maintained by the application server, when users connect to the server, the server will generate a unique SessionID and use the SessionID as an identifier to access the server-side Session storage space.

The SessionID data is saved to the client and saved with Cookie. When the user submits the page, the SessionID will be submitted to the server to access the Session data. This process does not require the intervention of developers. So once the client disables Cookie, then Session also becomes invalid.

3. How to modify the Lifetime of SESSION

1. Set the sessionid expiration time setcookie (session_name (), session_id (), time () + $lifeTime, "/") saved by the browser.

2. You can use session_set_cookie_params (86400) included with SESSION to set the lifetime of Session.

3. The survival time of session can be changed by changing the value of session.gc_maxlifetime parameter in php.ini.

4. What are the methods of PHP page redirection

one

two

three

Header ('Location: http://www.baidu.com/')

Echo''

Echo''

5. Comparison of database abstraction layer among PDO, adoDB and PHPLib

PHP database abstraction layer refers to the middleware that encapsulates the underlying operation of the database between the PHP logic program code and the database.

PDO is designed on the basis of PHP 5.1. it uses C language for low-level development, and the design follows the characteristics of PHP, which is simple and easy to use. strictly speaking, PDO should be classified as one of the SPL libraries of PHP 5, not the data abstraction layer, because it is similar to the functions of MySQL and MySQLi extension libraries. PDO is not suitable for use in systems that plan or are likely to change the database.

ADODB accesses the database in the same way regardless of the back-end database.

When transferring the database platform, the program code does not have to change much. In fact, only the database configuration document needs to be changed. Provide a large number of assembly methods, the purpose is to translate these statements at the bottom of the abstract layer for different databases, in order to adapt to different database dialects!

But this abstract layer seems to be bigger than Pang, and all the files are about 500K. If you make a very small website, it seems to be overqualified.

PHPLib is probably the oldest database abstraction layer that has grown up with PHP (but compared to ADODB, it is only a MySQL abstract class library), this abstract class is quite simple to use, small in size, and is a good choice for small website development.

PDO provides preprocessing statement query, error exception handling, flexible access to query results (return array, string, object, callback function), character filtering to prevent SQL attacks, transaction processing, stored procedures.

ADODB supports caching queries, moving recordsets, (HTML, paging, selection menu generation), transactions, and output to files.

6. The difference and use of long connection and short connection

Long connection: the client party and the server party first establish a connection, and the connection is opened continuously after the connection is established, and then the message is sent and received. In this way, due to the existence of communication connections. This method is often used in P2P communication.

Short connection: Client and server communicate with each other every time they send and receive messages, and disconnect immediately after the transaction is completed. This method is often used for point-to-multipoint communication. Cpact S communication.

Timing of use of long and short connections:

Long connection:

Short connections are mostly used for frequent operations, point-to-point communication, and the number of connections can not be too many. The establishment of each TCP connection requires three handshakes, and the disconnection of each TCP connection requires four handshakes. If you have to establish a connection for each operation and then operate again, the processing speed will be reduced, so the data can be sent directly at the next operation of each operation, and there is no need to establish a TCP connection. For example, database connections use long connections, frequent communication with short connections will cause socket errors, and frequent socket creation is also a waste of resources.

Short connection:

The http services of web websites generally use short links. Because persistent connections consume a certain amount of resources for the server. Thousands or even hundreds of millions of clients who connect as frequently as web sites use short connections to save some resources. Imagine if you all use long connections, and you use thousands of users at the same time, each user has a connection, you can imagine the pressure on the server. Therefore, the concurrency is large, but each user does not need frequent operations in the case of short connections.

7. Detailed explanation and application of HTTP protocol

Http (Hypertext transfer Protocol) is based on request and response mode, stateless, short connection, flexible, application layer protocol, often based on TCP connection mode.

(HTTP response status code)

HTTP response status code

The status code consists of three digits, the first of which defines the category of the response and has five possible values:

1xx: indication message-indicates that the request has been received and continues processing

2xx: successful-indicates that the request has been successfully received, understood and accepted

3xx: redirect-- further operations must be taken to complete the request

4xx: client error-request has syntax error or request cannot be implemented

5xx: server side error-the server failed to fulfill the legitimate request

Common status code, status description, description:

200 OK / / client request succeeded

400 Bad Request / / client request has syntax error and cannot be understood by the server

401 Unauthorized / / request unauthorized, this status code must be used with the WWW-Authenticate header domain using the 403 Forbidden / / server to receive the request, but refuse to provide service

404 Not Found / / request resource does not exist. Eg: incorrect URL entered

Unexpected error occurred on 500 Internal Server Error / / server

503 Server Unavailable / / Server timeout / / may return to normal

Not Modifed / / the requested web page has not been modified since the last request.

/ / when the server returns this response, the web page content is not returned.

8. Communication encryption Scheme in heterogeneous system Communication

9. Socket connection steps

Socket (socket) concept

Socket (socket) is the cornerstone of communication and the basic operation unit of network communication that supports TCP/IP protocol. It is the abstract representation of the endpoint in the process of network communication, and contains five kinds of information necessary for network communication: the protocol used for the connection, the IP address of the local host, the protocol port of the local process, the IP address of the remote host, and the protocol port of the remote process.

Socket connection process

Establishing a Socket connection requires at least one pair of sockets, one of which runs on the client side, called ClientSocket, and the other runs on the server side, called ServerSocket

The connection process between sockets can be divided into three steps: server monitoring, client request, and connection confirmation.

Server monitoring: server-side sockets do not locate specific client sockets, but are waiting for a connection to monitor the network status in real time.

Client request: refers to the connection request made by the socket of the client, and the target of the connection is the socket on the server side. To do this, the client socket must first describe the socket of the server it wants to connect to, indicate the address and port number of the server-side socket, and then make a connection request to the server-side socket.

Connection confirmation: when the server-side socket monitors or receives a connection request from the client socket, it responds to the client

The request of the socket, establish a new thread, send the description of the server-side socket to the client, once the client confirms this description, the connection is established. The server-side socket continues to listen and continues to receive connection requests from other client sockets.

10. TCP protocol, three handshakes and four waves

TCP protocol (Transmission Control Protocol) is a host-to-host layer transmission control protocol that provides reliable connection services. It uses three-way handshakes to confirm the establishment of a connection and four waves to disconnect.

The bit code is the tcp flag bit, and there are 6 kinds of marks:

SYN (synchronous establish online) synchronization

ACK (acknowledgement confirmation)

PSH (push Transport)

FIN (end of finish)

RST (reset reset)

URG (urgent Emergency)

11. Differentiation and examples of functions commonly used in php with similar functions and different performance

12. Posix and perl compatible canonical comparison, and function performance analysis

The most significant differences between POSIX regularization and PCRE regularization need to know:

1. The PCRE function requires the pattern to be closed with a delimiter.

2. There is no modifier for POSIX compatibility rules. Unlike POSIX, the PCRE extension does not have a function specifically for case-insensitive matching. Instead, the / I mode modifier is supported to do the same thing. Other pattern modifiers can also be used to change the matching strategy.

3. The POSIX function starts from the leftmost to find the longest match, but PCRE stops after the first legal match. If the string does not match

There is no difference in matching, but if it matches, there will be a difference in result and speed. To illustrate this difference, consider the following example (from Jeffrey Friedl's book "mastering regular expressions"). Use the pattern one (self)? (selfsufficient)? If you match on the string oneselfsufficient, PCRE will match to oneself, but with POSIX, the result will be the entire string oneselfsufficient. Both substrings match the original string, but POSIX will have the longest result.

The modifiers available for PCRE: (iQuery srem)

13. Implement PERL regular expression to grab all href hyperlinks of a tag in html file

Regular: /

14. Comparison of predefined variables, magic variables, magic methods, and function examples

Predefined variables (super global variables)

$GLOBALS

$_ SERVER

$_ GET

$_ POST

$_ COOKIE

$_ SESSION

$_ REQUEST

$_ ENV

Construct and destruct

_ _ autoload

Get and set

Isset and unset

Call and callStatic

_ _ clone

_ _ toString

Sleep and wakeup

_ _ invoke

LINE

FILE

DIR

CLASS

FUNCTION

METHOD

NAMESPACE

15. Spl common data structure classes

16. PHP design pattern

Factory model

Set up a factory (a function or a class method) to create a new object

The factory pattern is a class that has some methods of creating objects for you. You can use the factory class to create objects instead of using new directly. This way, if you want to change the type of object you create, you only need to change the factory. All code that uses the factory changes automatically.

Singleton mode

Some application resources are exclusive because there is and only one resource of this type. For example, the connection to the database through the database handle is exclusive. You want to share database handles in your application because it is an overhead when keeping the connection open or closed, especially when getting a single page.

The single-element pattern can meet this requirement.

Singleton pattern in PHP (singleton pattern): this means that only one instance of the specified class is created within the scope of the PHP application.

Classes that use singleton patterns in PHP usually have a private constructor and a private clone function to prevent users from instantiating it by creating an object or cloning. There is also a static private member variable $instance and a static method getInstance. GetInstance is responsible for instantiating itself and then storing this object in the $instance static member variable to ensure that only one instance is created.

Observer mode

Command chain mode

Strategy mode

17. Web application server design for load balancing, such as youku

Use PHP as a guide to load balancing

Think about how to deal with the following questions?

In the case of Apache load balancer, how to do PHP development consider several aspects:

PHP source files on the server, PHP file upload processing, related configuration files, Session session placement, log placement

Principles of Apache load balancing

Polling balancing strategy (polling forwarding requests)

Assign balancing policy by weight (forward requests by number of responses)

Weight request response load balancing policy (forward requests by response traffic)

18. How to optimize front-end performance

1) Optimization of page content

A) reduce the number of requests

Merge css and js files and integrate CSS images

B) reduce interactive traffic

Compression technology: compress css and js files, optimize images, reduce cookie volume

Rational use of cache: use external js/css files and cache ajax

Reduce unnecessary traffic: eliminate useless scripts and styles, defer loading content, use GET requests

C) rational use of "parallelism" to avoid redirection as far as possible

Be careful to use Iframe stylesheet at the top and put the script behind the style to load

D) Saving system consumption

Avoid CSS expressions, filters

2) Optimization of server

A) b)

c)

d)

19. 34 front-end optimization rules of yahoo

Reduce HTTP requests, utilize CDN technology, set header file expiration or static cache, Gzip compression, put CSS at the top, put JS at the bottom, avoid CSS expressions, chain JS and CSS, reduce DNS lookups, reduce the size of JS and CSS, avoid redirects, delete duplicate scripts, configure ETags, cache Ajax, release buffers as early as possible,

Use GET to make AJAX requests, delay loading components, preload components, reduce the number of DOM elements, separate components across domains,

Reduce the number of iframe, do not appear 404 pages, reduce Cookie, use Cookie-free domain names for components, reduce the number of visits to DOM, develop flexible event handlers, use instead of @ import, avoid the use of filters, optimize images, optimize CSS Sprites, do not scale pictures in HTML, reduce favicon. The size of the ico and cache it, keep the component below 25K, package the component into a multi-part document

20. The basic theory of database caching, refer to memcached

What is Memcached?

Memcached is a high-performance distributed memory cache server. The purpose of general use is to reduce the number of database visits by caching database query results, so as to improve the speed and scalability of dynamic Web applications.

Although memcached uses the same "Key= > Value" way to organize data, it is very different from shared memory, APC and other local caches. Memcached is distributed, which means it is not local. It completes the service based on a network connection (of course, it can also use localhost), and it is itself an application-independent program or daemon (Daemon mode)

PHP and Memcached

Memcached uses the libevent library to implement a network connection service, which theoretically can handle an unlimited number of connections, but it and

Web caching based on reverse proxy

Web caching based on reverse proxy

21. PHP security mode

Php Security Mode: safe_mode=on | off

Enabling the safe_mode directive limits language features that can be dangerous when using PHP in a shared environment. Safe_mode can be enabled as a Boolean on, or set to the UID of files that off and scripts are trying to access, as the basis of the restriction mechanism. If the UID is the same, the script is executed; otherwise, the script fails.

When safe mode is enabled, some restrictions take effect

1. The application of all input and output functions, such as fopen (), file (), and require (), is limited and can only be used with the

The script has the files of the same owner

2. If you try to execute a script through functions such as popen (), system (), or exec (), only if the script is located in safe_mode_exec_dir

Only the directory specified by the configuration instruction is possible

3. HTTP verification is further enhanced because the UID of the person used by the verification script falls within the scope of verification. In addition, when Ann is enabled

When in full mode, PHP_AUTH is not set.

4. If the MySQL database server is applicable, the user name used to link to the MySQL server must be the same as the call mysql_connect ()

The file owner's user name is the same.

Here are some configuration options related to security mode

one

two

three

four

five

Safe_mode_gid=on | off

Safe_mode_include_dir=string

Safe_mode_env_vars=string

Safe_mode_exec_dir=string

Safe_mode_protected_env_vars=string

twenty-two。 Common web attacks

Common attacks

XSS (Cross Site Script), cross-site scripting attack. It means that a malicious attacker inserts malicious html code into a Web page, and when the user browses the page, the embedded malicious html code will be executed to achieve the special purpose of the malicious user.

XSS is a passive attack, because it is passive and difficult to use, so many people often ignore its harmfulness. However, with the continuous progress of front-end technology, there are more and more applications of rich clients, and this problem has attracted more and more attention.

Take a simple example:

If you are now a user on the sns site, and there is a loophole in the function of publishing information, you can execute js you enter a malicious script at this moment, then the browsers of all the people who see your new information will execute this script pop-up prompt box (cool pop-up ad:), and the consequences are unimaginable if you do something more radical.

CSRF (Cross Site Request Forgery), which forges requests across sites. As the name implies, it allows the user to accomplish some of the goals that the attacker needs to achieve without the user's knowledge by falsifying the connection request. The attack of csrf is different from xss csrf, which needs to be triggered by the active behavior of the attacker. This sounds like the suspicion of being "fished".

Multi-window browsers seem to be suspected of aiding evil in this respect, because the new window that opens has all the current sessions, and if it is a single browser window similar to ie6, there will not be such a problem, because each window is a separate process.

To take a simple example: you are playing the White Society, and you see someone sending a connection, you click on it, and then the link forges a gift form. This is just a simple example, and the problem can be seen in general.

Cookie hijacking. By getting the permission of the page, write a simple request to the malicious site in the page, and carry the user's cookie to get cookie, then you can log on to the site directly as a stolen user through cookie. This is cookie hijacking.

To take a simple example: someone wrote a very interesting log and shared it with everyone. Many people clicked to view and share the log. Everything seemed normal, but the person who wrote the log had ulterior motives and secretly hid a request to the outside of the site in the log. Then all the people who had seen the log would unknowingly send their cookie to someone. Then he can log in to any person's account through that person's cookie.

SQL injection attack

In a SQL injection attack, a user adds information to a database query by manipulating a form or GET query string.

DNS attack

Denial of service attack

Denial of service attack means that the attacker tries to make the target machine stop providing services, which is commonly used by hackers.

When an attacker carries out a denial of service attack, the server can actually achieve two effects: one is to force the server's buffer to be full and not to receive new requests; the other is to use IP spoofing to force the server to reset the connection of legitimate users, thus affecting the connection of legitimate users.

23. PHP does well the basic idea of hotlink protection

What is a hotlink?

Piracy means that service providers do not provide service content themselves, bypass other beneficial end-user interfaces (such as advertising) through technical means, and directly provide other service providers' service content to end-users on their own websites. deceive the browsing and click-through rate of the end user. The beneficiaries do not provide resources or provide very few resources, while the real service providers do not get any benefits.

Website piracy will consume a lot of bandwidth of the hacked website, and the real click rate may be very small, seriously damaging the interests of the hacked website. How to do hotlink protection?

Rename a file or directory irregularly

Restrict the reference page

The principle is that the server obtains the website address of the information submitted by the user, and then compares it with the address of the real server. If it is consistent, it indicates that it is submitted within the site, or for a trusted site, otherwise it is regarded as a theft chain. When implemented, you can use HTTP_REFERER1 and htaccess files (mod_Rewrite needs to be enabled), combined with regular expressions to match each user's access request.

Document camouflage

File camouflage is currently the most widely used anti-hotlink technology, which is generally combined with server-side dynamic scripting (PHP/JSP/ASP). In fact, the file address requested by the user is just a disguised script file, which authenticates the user's request and generally checks Session,Cookie or HTTP_REFERER as the basis for determining whether it is a hotlink. On the other hand, the real file is actually hidden where the user cannot access it, and it will not be returned to the user until the user has passed the verification.

Encryption authentication

In this anti-hotlink method, the user information is first obtained from the client, and then encrypted into a string (Session ID) together with the file name word requested by the user as authentication. Only when the authentication is successful, the server will send the files needed by the user to the customer. Generally speaking, we pass the encrypted Session ID to the server as part of the URL parameter. Because the Session ID is linked to the user's information, even if someone steals the link, the Session ID cannot pass identity authentication, thus achieving the purpose of anti-hotlink. This approach is very effective for distributed hotlinks.

Random additional code

Each time, an additional code is generated in the page and stored in the database, which is related to the corresponding picture. When accessing the picture, it is compared with this additional code. If the same is the same, the picture is output, otherwise the 404 picture is output.

Add watermark

24. HTTP request header information and response header information

Request header information

one

two

three

four

five

six

seven

eight

nine

ten

eleven

twelve

thirteen

fourteen

POST / scp1.1.0/prs/new_rnaseqtask/run_go HTTP/1.1

Host: 172.30.4.102

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:6.0) Gecko/20100101 Firefox/6.0

Accept: /

Accept-Language: zh-cn,zh;q=0.5

Accept-Encoding: gzip, deflate

Accept-Charset: GB2312,utf-8;q=0.7,*;q=0.7

Connection: keep-alive

Content-Type: application/x-www-form-urlencoded; charset=UTF-8

X-Requested-With: XMLHttpRequest

Referer: http://172.30.4.102/scp1.1.0/index.php/prs... Content-Length: 1819

Cookie:

Ci_session=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22e31556053ff9407a454f6a1e146d43eb%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A12%3A%22172.16.23.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows+NT+6.1%3B+rv%3A6.0%29+Gecko%2F2010010%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1314955607%3B%7D664b51a01ef99bac95f3e2206e79cb00;PHPSESSID=v33mlm1437lmop1fquta675vv4;username=linjinming; tk=1314955601855 Pragma: no-cache

Cache-Control: no-cache

Response header information

one

two

three

four

five

six

seven

eight

nine

ten

eleven

twelve

HTTP/1.1 200 OK

Date: Fri, 02 Sep 2011 09:27:07 GMT

Server: Apache/2.2.3 (Red Hat)

X-Powered-By: PHP/5.1.6

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 31

Connection: close

Content-Type: text/html; charset=UTF-8

25. MySQL

Performance optimization of MySQL database

Use mysqlreport

Correct use of indexes: explain analysis query statements, combined indexes, index side effects (footprint, update)

Open the slow query log and use the slow query analysis tool mysqlsla

Index cache, index cost (insert update index)

Table lock, row lock, row lock side effects (update often slows down). In the case of mixed select and update, row lock skillfully solves the problem of read-write mutual exclusion.

Enable the use of query caching

Modify temporary table memory space

Open thread pool

The basic ideas and principles of MySQL Query sentence Optimization

1. Optimize the Query that needs to be optimized

2. Locate the performance bottleneck of the optimized object

3. Make clear the optimization goal

4. Start with Explaing

5. Use Profile more often

6. Always use small result sets to promote large result sets

7. Complete sorting in the index as much as possible

8. Only take the Columns you need

9. Use only the most effective filter conditions

10. Avoid complex Join and subqueries as much as possible.

The difference between MyISAM engine and InnoDB engine in MySQL and their performance

1:Innodb supports things, but Myisam does not

2: the locking mechanism is different. Myisam supports table locking, while Innodb supports row locking.

3:Myisam does not support foreign keys, but Innodb can.

4:Myisam can support full-text indexing in specific environments, while Innodb does not

5:Myisam supports data compression, but Innodb does not

6: in data storage, Myisam takes up less space and Innodb takes up more space.

7:Myisam has an advantage in batch insert and query speed, while Innodb has an advantage in data modification because it supports row locks.

MySQL storage engine

MyISAM: does not support transactions, table locks and full-text indexing, fast operation

InnoDB: row lock design, support for foreign keys, support for security transactions

HEAP: data is stored in memory, temporary table

Cluster Database engine of NDB Cluster:MySQL

CSV: the storage engine stores data in a text file in a comma-delimited format.

FEDERATED: storage engine table does not store data, it only points to a table on a remote MySQL database server Archive: only supports INSERT and SELECT operations, compressed storage, very suitable for storing archive data

Merge: allows a series of equivalent MyISAM tables to be logically grouped together and refer to their table types as 1 object, distinguishing table types

Common ideas for optimizing Table Design

Database Design of load balancing

Data types and detailed definitions, distinguishing

twenty-six。 Apache

Performance optimization, configuration, fastCGI and other working modes

twenty-seven。 Ajax

Using JS to realize Ajax function

one

two

three

four

five

six

seven

eight

nine

ten

eleven

twelve

Var createXHR = function () {

}

Var addURLParam = function (url, name, value) {

}

Var xhr = createXHR ()

Xhr. > function () {

}

Var url = 'testAjax.php'

AddURLParam (url, 'name',' linjm')

Xhr.open ('get',url,true)

Xhr.send (NULL)

If (xhr.readyState = = 4) {} if (xhr.status > 200 & & xhr.status < 300 | | xhr.status = 304) {} alert (xhr.responseText); url + = (url.indexOf ('?) =-1?'?':'&'); url + = encodeURIComponent (name) +'='+ encodeURIComponent (value); return url; if (window.XMLHttpRequest) {} return new XMLHttpRequest (); return new ActiveXObject ('Microsoft.XMLHTTP'); throw new Error (' No XMLHttpRequest available') } else {} else {}

At this point, the study on "what are the interview questions for PHP programmers" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.