20 questions / 10 random questions
Random questions, instant feedback, and review for missed questions.
In PHP, you want to read an optional configuration key and use a default value without warnings when the key is missing. Which expression is most natural?
Answer: $config['timezone'] ?? 'UTC'
The null coalescing operator ?? returns the right side when the left side is missing or null. It is suitable for default values on optional array keys.
In a PHP template that displays form input in HTML, what is the most basic measure to avoid XSS?
Answer: Escape output with htmlspecialchars when rendering HTML
When rendering user input into HTML, output escaping is fundamental. htmlspecialchars converts special HTML characters to entities.
You want stricter scalar argument type handling in a PHP file. Which declaration should be placed at the top of the file?
Answer: declare(strict_types=1);
declare(strict_types=1); makes scalar type handling stricter for calls made from that file. Be aware of boundaries with existing code.
You want to refer to the namespaced class App\Service\Mailer as Mailer. Which statement is appropriate?
Answer: use App\Service\Mailer;
use imports namespaced classes or functions so they can be referenced with shorter names.
You want to handle a JSON API response as an associative array. Which json_decode call is appropriate?
Answer: json_decode($json, true)
json_decode($json, true) returns JSON objects as associative arrays. With false or the default, they are returned as standard objects.
In PHP, you want to store user IDs as keys and user names as values. Which data structure is most appropriate?
Answer: Associative array
PHP arrays can act as ordered maps. An associative array is natural when looking up values by user ID.
A function may return a string or null. Which PHP 8 style return type is natural?
Answer: ?string
?string is a nullable type equivalent to string|null. It should not be mixed with void for a value-returning function.
You need to process a large dataset item by item without loading everything into memory. Which PHP mechanism is a good candidate?
Answer: Generator with yield
Generators produce values lazily, which helps when iterating without building a large array.
In PHP 8, which exception type should you consider catching when an invalid type is passed to an internal function?
Answer: TypeError
PHP 8 may throw TypeError for arguments of invalid type. ValueError is also relevant when a value itself is invalid.
You want cleanup such as closing a file handle to run even if an exception occurs. Which construct is appropriate?
Answer: try / catch / finally
A finally block runs whether or not an exception occurs, making it suitable for resource cleanup.
What is an appropriate purpose of setting a default value for a function parameter?
Answer: To define behavior when omitted and keep call sites concise
Default parameters express common default behavior in the function definition. They do not replace security or exception handling.
For a function that accepts a callback, which type declaration most clearly expresses the intent?
Answer: callable
callable expresses that the value can be invoked, such as a function name, closure, or method reference.
In Composer, which file mainly records project dependencies and version constraints?
Answer: composer.json
composer.json contains project definitions such as dependencies, autoload settings, and scripts.
In CI or production deployment, you want to install the exact versions pinned in composer.lock. Which command is appropriate?
Answer: composer install
composer install installs dependencies according to the lock file when present. update recalculates dependency versions.
You want PSR-4 autoloading to map the App\ namespace to src/. Where should this be configured?
Answer: The autoload section of composer.json
Composer PSR-4 autoloading is defined in the autoload section of composer.json, then regenerated with composer dump-autoload when needed.
You do not want development tools installed in a production image. Which Composer install option is representative?
Answer: composer install --no-dev
--no-dev excludes require-dev dependencies. It helps reduce production build size and attack surface.
In a PHP app that executes SQL using user input, what is a basic SQL injection mitigation?
Answer: Use PDO prepared statements with bound values
For SQL, placeholders and bound values separate SQL structure from data. HTML escaping is for HTML output.
Which PHP API pair is fundamental for storing and verifying passwords?
Answer: password_hash / password_verify
password_hash creates a secure password hash, and password_verify checks a password against a hash.
As a basic defense against session fixation, what should be done immediately after successful login?
Answer: Call session_regenerate_id(true)
Regenerating the session ID when privilege state changes, such as login, reduces the risk of abusing a fixed ID. The true argument deletes the old session data, which is the recommended approach.
What is a risk of using the original user-supplied filename directly as the stored filename in an upload feature?
Answer: It may lead to path traversal, overwrites, or dangerous extensions
Uploads require generated storage names, extension and MIME validation, separated storage locations, and exposure controls.