TOP 50 question for 10 year exp web developer

Core Backend & PHP Stack (Laravel, CI, Yii, Composer)

1. What is the Laravel Service Container and how does it help you?
   A: It manages class dependencies and provides dependency injection, acting as the backbone of Laravel’s IoC design.

2. Explain the difference between Laravel Gates and Policies.
   A: Gates are closure-based authorization checks; Policies are structured classes for a model’s access logic.

3. Describe Laravel’s Eloquent ORM and its advantages.
   A: Eloquent allows modeling database tables as classes, with relationships, scopes, mutators, enhancing maintainability.

4. What is Laravel’s Artisan, and why is it useful?
   A: Artisan is Laravel’s CLI tool: create models/controllers, run migrations, queues, cache — a huge productivity boost.

5. How does Laravel implement queues and background job handling?
   A: It uses queue drivers (database, Redis, etc.) to defer tasks, keeping web requests fast.

6. What are Laravel Facades, and how do they simplify code?
   A: They act as "static proxies" to services in the IoC container—clean, expressive, and easily testable.

7. Explain Laravel’s Blade template engine.
   A: Blade supports template inheritance, sections, conditionals/loops—compiled and cached for speed.

8. How do Laravel migrations facilitate team collaboration?
   A: Migrations version control schema changes — easy rollback and shared consistency.

9. What is Composer, and why is it critical in PHP projects?
   A: Composer manages dependencies. It resolves packages, versions, and ensures consistent installs via composer.lock.

10. Discuss Traits in PHP and how they differ from Interfaces.
    A: Traits allow method reuse without inheritance; Interfaces define contracts without implementation.

CodeIgniter + Security Focus

11. How do you mitigate XSS, SQL injection & CSRF in CI?
    A: Use xss_clean(), parameterized queries, and csrf_protection = TRUE.

12. What’s the difference between a helper and a library in CodeIgniter?
    A: Helpers are procedural function collections; libraries are OOP class-based.

13. How do you check CodeIgniter version?
    A: Use echo CI_VERSION; or inspect system/core/CodeIgniter.php.

14. How does CI handle errors and logging?
    A: Using show_error(), show_404(), and log_message() for logging system/debug events.

15. Explain CI's URL routing pattern.
    A: CI uses segment-based URLs: /controller/method/param, rather than query strings.

16. What are CI hooks and how are they used?
    A: Hook points (pre_system, post_controller, etc.) allow invoking custom code at runtime events.

17. Explain CLI in CodeIgniter.
    A: Use CLI for cron jobs, background tasks, and tasks not exposed via URL.

PHP Language & Architecture

18. Explain PHP generators and when to use them.
    A: Generators (yield) allow memory-efficient iteration, pausing/resuming state — ideal for large datasets.

19. What are PHP prepared statements and why are they important?
    A: They prevent SQL injection and improve performance by separating code from data.

20. What are PHP 8’s key new features?
    A: JIT, union types, named args, match, attributes.

21. PDO vs MySQLi – differences?
    A: PDO supports multiple DBs + named placeholders; MySQLi is MySQL-specific, slightly faster.

JavaScript, Frontend, Templating

22. Explain your approach to responsive design.
    A: Use flexible grids, media queries, and frameworks like Bootstrap for consistent cross-device UI.

23. How do you debug web apps?
    A: Use browser dev tools (Console, network) + editor debugging, breakpoints, logs.

24. Working experience with Git?
    A: Proficient in branching, merging, rebasing, resolving conflicts, pull requests, CI integration.

25. Handling accessibility and SEO?
    A: Use WCAG guidelines, alt tags, ARIA, semantic markup; optimize metadata and loading speed.

APIs, REST, External Integration

26. How do you integrate and test RESTful APIs?
    A: Use standards (GET, POST, PUT, DELETE), JSON, testing via Postman.

27. Explain secure payment gateway integration.
    A: Use HTTPS, PCI DSS, tokenization, 3D Secure, secure SDKs.

28. How do you implement social login (OAuth)?
    A: Integrate provider SDK/API, handle callbacks, tokens, map authenticated users.

29. Describe SMS integration in your apps.
    A: Use reliable SMS APIs (Twilio), secure configs, retries, error handling.

30. Handling third-party API failures?
    A: Use retries with exponential backoff, fallback logic, circuit breakers, timeouts.

Node.js & Express

31. Why choose Node.js and Express for backend?
    A: Fast I/O, non-blocking, lightweight routing, rich ecosystem, scalable architecture.

32. Authentication in Express—strategies?
    A: Use JWT or sessions, middleware like Passport.js for structured auth flow.

33. Templating with EJS—advantages?
    A: Simple syntax, embedded JS, quick view rendering, logic-less templates.

Databases

34. Choosing between MySQL, PostgreSQL, SQL Server?
    A: MySQL for speed, Postgres for advanced features, SQL Server for Windows integration.

35. Using HeidiSQL or Workbench—benefits?
    A: Visual query building, schema editing, server management, debugging.

36. Optimizing queries for performance?
    A: Add indexes, use EXPLAIN, avoid N+1, use caching, normalize schema.

DevOps, Tools & Infrastructure

37. How do you deploy with Docker?
    A: Containerize app via Dockerfile, use Compose for multi-container orchestration, CI pipelines.

38. Managing AWS infrastructure?
    A: Use EC2, RDS, S3, IAM, auto-scaling, CloudWatch for monitoring.

39. Skill with Postman and cron jobs?
    A: Use Postman for testing; cron for scheduled tasks like backups or alerts.

40. Experience with XAMPP, Apache?
    A: Local development environment, module config, virtual hosts, PHP/DB stacks.

41. How do you secure web apps (OWASP, Sophos)?
    A: Use secure headers, sanitize input, WAF like Sophos, regular audits, encryption.

42. File transfers via WinSCP?
    A: Use SFTP secure transfers, SSH authentication, synching files from local to server.

43. SSH management with PuTTY?
    A: Remote access, tunneling, execution, securely manage servers.

Best Practices & Soft Skills

44. How do you manage technical conflicts in a team?
    A: Communicate openly, focus on solutions, collaborate, escalate when needed.

45. Handling tight deadlines & task prioritization?
    A: Use planning tools, assess urgency, chunk work, communicate constraints.

46. Onboarding new tech fast—examples?
    A: Self-learning, prototyping, team collaboration, rapid MVP development.

47. Handling client scope creep?
    A: Clarify requirements, discuss impacts, document scope, involve management when needed.

48. Optimizing site performance?
    A: Minify assets, lazy load, use CDNs, cache aggressively, optimize DB queries.

49. Explain how you approach app security from day one.
    A: “Security by design”: threat modeling, OWASP practices, audits, team education.

50. Describe a challenging problem you resolved.
    A: Share a real story: context, technical challenge, solution, outcome — showcasing leadership and creativity.