Category: PHP

In PHP, the __autoload function is used to simplify the job of the programmer by including classes automatically without the programmer having to add a very large number of include statements. An example will help clarify. Suppose we have the following code:

include “class/class.Foo.php”;
include “class/class.AB.php”;
include “class/class.XZ.php”;
include “class/class.YZ.php”;

$foo = new Foo;
$ab = new AB;
$xz = new XZ;
$yz = new YZ;

Note in the code above that we have to include each of the 4 different class files separately – because we are creating an instance of each class, we absolutely must have each class file. Of course, we are assuming that developers are defining only one class per source file – which is good practice when writing object oriented programs, even though you are allowed to have multiple classes in one source file.

Imagine if we need to use 20 or even 30 different classes within this one file – writing out each include statement can become a huge pain. And this is exactly the problem that the PHP __autoload function solves – it allows PHP to load the classes for us automatically! So, instead of the code above, we can use the __autoload function as shown below:

function __autoload($class_name)
{
require_once “./class/class.”.$class_name.“.php”;
}

$foo = new Foo;
$ab = new AB;
$xz = new XZ;
$yz = new YZ;

Autoloading works like this. You create a function called __autoload() near the start of your PHP application. Then, whenever your code tries to create a new instance of a class that PHP doesn’t know about, PHP automatically calls your __autoload() function, passing in the name of the class it’s looking for. Your function’s job is to locate and include the class file, thereby loading the class. PHP can then go ahead and create the object.

spl_autoload_register
spl_autoload_register provides a way to define more than one __autoload function using spl_autoload_register. If you already have an __autoload function you will need to register that function before registering any additional functions though.
spl_autoload_register(‘__autoload’);
spl_autoload_register(‘my_other__autoload’);

Additionally, spl_autoload_register accepts any ‘callable’ type variable, meaning that you can use a method from a class as an autoload function as well.
//for a static method
spl_autoload_register(array(‘MyAlreadyLoadedClass’, ‘autoloader’));

Its recommended to use spl_autoload_register since __autoload may be deprecated in the future.

PHP: Example of the __autoload function

A PHP session variable is used to store information about, or change settings for a user session. Session variables hold information about one single user, and are available to all pages in one application.

When you are working with an application, you open it, do some changes and then you close it. This is much like a Session. The computer knows who you are. It knows when you start the application and when you end. But on the internet there is one problem: the web server does not know who you are and what you do because the HTTP address doesn’t maintain state.

A PHP session solves this problem by allowing you to store user information on the server for later use (i.e. username, shopping items, etc). However, session information is temporary and will be deleted after the user has left the website. If you need a permanent storage you may want to store the data in a database.

Sessions work by creating a unique id (UID) for each visitor and store variables based on this UID. The UID is either stored in a cookie or is propagated in the URL.

PHP sessions can use cookies depending on how you configure them. Have a look at these settings:

session.use_cookies (boolean): specifies whether the module will use cookies to store the session id on the client side. Defaults to 1 (enabled).
session.use_only_cookies (boolean): specifies whether the module will only use cookies to store the session id on the client side. Enabling this setting prevents attacks involved passing session ids in URLs. This setting was added in PHP 4.3.0. Defaults to 1 (enabled) since PHP 5.3.0.

If you disable session cookies, a GET parameter is used instead.

Sessions can also be stored in the DB instead of the default storage.
Useful command : session_set_save_handler() to override.

http://culttt.com/2013/02/04/how-to-save-php-sessions-to-a-database/

session_start(); 

// store session data
$_SESSION['views']=1;

//retrieve session data
echo "Pageviews=". $_SESSION['views'];

// typical use 
if(isset($_SESSION['views']))
$_SESSION['views']=$_SESSION['views']+1;
else
$_SESSION['views']=1;
echo "Views=". $_SESSION['views'];

// unset data
if(isset($_SESSION['views']))
  unset($_SESSION['views']);

// destroy session 
session_destroy();

1) How to include remote file in PHP?
To allow inclusion of remote files, the directive allow_url_include must be set to On in php.ini

But it is bad, in a security-oriented point of view ; and, so, it is generally disabled (I’ve never seen it enabled, actually)

It is not the same as allow_url_fopen, which deals with opening (and not including) remote files — and this one is generally enabled, because it makes fetching of data through HTTP much easier (easier than using curl)

$url = “http://www.example.org/”;
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true);
$contents = curl_exec($ch);

As long as allow_url_fopen is enabled in php.ini, you can use HTTP and FTP URLs with most of the functions that take a filename as a parameter. In addition, URLs can be used with the include, include_once, require and require_once statements (since PHP 5.2.0, allow_url_include must be enabled for these)

2) What are the different ways of reading a file?

a) file — Reads entire file into an array
$lines = file('http://www.example.com/'); // $lines is an array

b) file_get_contents – Reads entire file into a string
$file = file_get_contents('./people.txt', true); // $file is a string

c) fread – Binary-safe file read
fread() reads up to length bytes from the file pointer referenced by handle. It stops if it encounters EOF earlier.

$filename = "/usr/local/something.txt";
$handle = fopen($filename, "r");
$contents = fread($handle, filesize($filename)); // $contents is a string
fclose($handle);

d) fgets – Gets line from file pointer
$handle = @fopen("/tmp/inputfile.txt", "r");
if ($handle) {
while (($buffer = fgets($handle, 4096)) !== false) {
echo $buffer;
}
if (!feof($handle)) {
echo "Error: unexpected fgets() fail\n";
}
fclose($handle);
}

e) fscanf
fscanf() is similar to sscanf(), but it takes its input from a file associated with handle and interprets the input according to the specified format, which is described in the documentation for sprintf(). Each call to fscanf() reads one line from the file

$handle = fopen("users.txt", "r");
while ($userinfo = fscanf($handle, "%s\t%s\t%s\n")) {
list ($name, $profession, $countrycode) = $userinfo;
//... do something with the values
}
fclose($handle);

f) fgetc — Gets character from file pointer
$fp = fopen('somefile.txt', 'r');
if (!$fp) {
echo 'Could not open file somefile.txt';
}
while (false !== ($char = fgetc($fp))) {
echo "$char\n";
}

2) How to delete a file ?
unlink();

htmlspecialchars : converts only some characters to their html equivalents. This is preferred over htmlentities.

htmlentities: converts all characters to their html equivalents. This function is identical to htmlspecialchars() in all ways, except with htmlentities(), all characters which have HTML character entity equivalents are translated into these entities.
htmlentities is only necessary if your pages use encodings such as ASCII or LATIN-1 instead of UTF-8.

html_entity_decode: Convert all HTML entities to their applicable characters. html_entity_decode() is the opposite of htmlentities()

1) Use in built functions
filter_input, filter_var, filter_input_array

$search_html = filter_input(INPUT_GET, ‘search’, FILTER_SANITIZE_SPECIAL_CHARS);

$args = array(
‘product_id’ => FILTER_SANITIZE_ENCODED,
‘component’ => array(‘filter’ => FILTER_VALIDATE_INT,
‘flags’ => FILTER_REQUIRE_ARRAY,
‘options’ => array(‘min_range’ => 1, ‘max_range’ => 10)
),
‘versions’ => FILTER_SANITIZE_ENCODED,
‘doesnotexist’ => FILTER_VALIDATE_INT,
‘testscalar’ => array(
‘filter’ => FILTER_VALIDATE_INT,
‘flags’ => FILTER_REQUIRE_SCALAR,
),
‘testarray’ => array(
‘filter’ => FILTER_VALIDATE_INT,
‘flags’ => FILTER_REQUIRE_ARRAY,
)

);
$myinputs = filter_input_array(INPUT_POST, $args);

2) htmlspecialchars()
The htmlspecialchars() function converts special characters to HTML entities. This means that it will replace HTML characters like < and > with < and >. This prevents attackers from exploiting the code by injecting HTML or Javascript code (Cross-site Scripting attacks) in forms.

3) stripslashes($data)

4) Use PHP Data Objects (PDO) for binding query parameters and prepared statements to avoid sql injection: PDO provides a data-access abstraction layer, which means that, regardless of which database you’re using, you use the same functions to issue queries and fetch data.

Several predefined variables in PHP are “superglobals”, which means that they are always accessible, regardless of scope – and you can access them from any function, class or file without having to do anything special.

The PHP superglobal variables are:

$GLOBALS
$_SERVER
$_REQUEST
$_POST
$_GET
$_FILES
$_ENV
$_COOKIE
$_SESSION

$GLOBALS: $GLOBALS is a PHP super global variable which is used to access global variables from anywhere in the PHP script (also from within functions or methods). PHP stores all global variables in an array called $GLOBALS[index].

$_SERVER: $_SERVER is a PHP super global variable which holds information about headers, paths, and script locations.
example: $_SERVER[‘PHP_SELF’], $_SERVER[‘SERVER_NAME’], $_SERVER[‘HTTP_HOST’], $_SERVER[‘HTTP_REFERER’], $_SERVER[‘HTTP_USER_AGENT’];

$_REQUEST: $_REQUEST, by default, contains the contents of $_GET, $_POST and $_COOKIE

$_POST: PHP $_POST is widely used to collect form data after submitting an HTML form with method=”post”.

$_GET: PHP $_GET can also be used to collect form data after submitting an HTML form with method=”get”.

$_FILES is a super global variable which can be used to upload files.

$_ENV is used to return the environment variables form the web server.
Example: $_ENV[“HOSTNAME”], $_ENV[“USER”], $_ENV[“COMPUTERNAME”]

1) What is the difference between this and self?
http://www.programmerinterview.com/index.php/php-questions/php-self-vs-this/

2) What is __toString used for ?
If an object needs to be used as a string (e.g.: echo $obj;). If you don’t use __toString then the statement will produce fatal error.

3)
$var1 = ‘Welcome to ‘; $var2 = ‘TechInterviews.com’;
What will work faster?

Code sample 1: –
$var 3 = $var1.$var2;
Or code sample 2:
$var3 = “$var1$var2”;

Both examples would provide the same result – $var3 equal to “Welcome to TechInterviews.com”. However, Code Sample 1 will work significantly faster. Try it out with large sets of data (or via concatenating small sets a million times or so), and you will see that concatenation works significantly faster than variable substitution.

4) Explain difference of explode(), implode(), extract()
extract makes variables from array elements.

$var_array = array("color" => "blue",
                   "size"  => "medium",
                   "shape" => "sphere");
extract($var_array)
//$color is now blue; 

5) Explain array_push(), array_pop(), array_shift(), array_unshift()
array_push : put elements at end of array
array_pop : retrieves element from end of array
array_shift : retrieve element from beginning of array
array_unshift : adds element to beginning of array

6) Explain parse_str() and parse_url()

parse_str Parses str as if it were the query string passed via a URL and sets variables in the current scope.

$str = "first=value&arr[]=foo+bar&arr[]=baz";

// Recommended
parse_str($str, $output);
echo $output['first'];  // value
echo $output['arr'][0]; // foo bar
echo $output['arr'][1]; // baz

parse_url() parses a URL and returns an associative array containing any of the various components of the URL that are present.

$url = 'http://username:password@hostname:9090/path?arg=value#anchor';

var_dump(parse_url($url));
var_dump(parse_url($url, PHP_URL_SCHEME));
var_dump(parse_url($url, PHP_URL_USER));
var_dump(parse_url($url, PHP_URL_PASS));
var_dump(parse_url($url, PHP_URL_HOST));
var_dump(parse_url($url, PHP_URL_PORT));
var_dump(parse_url($url, PHP_URL_PATH));
var_dump(parse_url($url, PHP_URL_QUERY));
var_dump(parse_url($url, PHP_URL_FRAGMENT));

array(8) {
  ["scheme"]=>
  string(4) "http"
  ["host"]=>
  string(8) "hostname"
  ["port"]=>
  int(9090)
  ["user"]=>
  string(8) "username"
  ["pass"]=>
  string(8) "password"
  ["path"]=>
  string(5) "/path"
  ["query"]=>
  string(9) "arg=value"
  ["fragment"]=>
  string(6) "anchor"
}

7) What is the “final” keyword in PHP?
final keyword, which prevents child classes from overriding a method by prefixing the definition with final. If the class itself is being defined final then it cannot be extended.

8) Which php profiler do you use?
xdebug is a debugging and profiling tool for php. Xdebug’s built-in profiler allows you to find bottlenecks in your script and visualize those with an external tool such as KCacheGrind. When Xdebug is activated it will show a stack trace whenever PHP decides to show a notice, warning, error etc. The information that stack traces display, and the way how they are presented, can be configured to suit your needs.
Xdebug’s basic functions include the display of stack traces on error conditions, time tracking, maximum nesting level protection (Controls the protection mechanism for infinite recursion protection. The value of this setting is the maximum level of nested functions that are allowed before the script will be aborted.)

9) Different between const and define()
http://stackoverflow.com/questions/2447791/define-vs-const

Write a PHP script to report the total download size of any URL. You may not use any 3rd-party code that performs the entire task described below.

No HTML interface is necessary for this exercise; you can write this as a command-line script that accepts the URL as an argument.

For a single-file resource such as an image or SWF, the script would simply report on the total size of the document.

For a complex resource such as an HTML document, the script would need to parse it to find references to embedded, included resources: javascript files, CSS files, iframes, etc.

The goal of this exercise is to output the following information for a given URL:
– total number of HTTP requests
– total download size for all requests

Answer: http://www.programmerinterview.com/index.php/php-questions/php-interview-questions-and-answers/

echo – can output one or more strings
print – can only output one string, and returns always 1
Tip: echo is marginally faster compared to print as echo does not return any value.

echo “This”, ” string”, ” was”, ” made”, ” with multiple parameters.”;

usage of echo with short open tag

I have < ? =$foo ? > foo