每个优秀的 PHP 开发人员都应该能够回答的问题
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2118755/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Questions every good PHP Developer should be able to answer
提问by Rachel
I was going through Questions every good .Net developer should be able to answerand was highly impressed with the content and approach of this question and so in the same spirit, I am asking this question for PHP Developer.
我正在研究每个优秀的 .Net 开发人员都应该能够回答的问题,并且对这个问题的内容和方法印象深刻,因此本着同样的精神,我为 PHP 开发人员提出了这个问题。
What questionsdo you think should a good PHP programmer be able to respond to?
您认为优秀的PHP 程序员应该能够回答哪些问题?
EDIT: I am marking this question as community wiki as it is not user specific and it aims to serve programming community at large.
编辑:我将这个问题标记为社区维基,因为它不是特定于用户的,它旨在为整个编程社区提供服务。
Looking forward for some amazing responses.
期待一些惊人的回应。
NOTE: Please answer questions too as suggested in the comments so that people could learn something new too regarding the language.
注意:请按照评论中的建议回答问题,以便人们也可以学习有关该语言的新知识。
采纳答案by Decent Dabbler
Admittedly, I stole this question from somewhere else (can't remember where I read it any more) but thought it was funny:
诚然,我从其他地方偷了这个问题(不记得我在哪里读过它)但认为它很有趣:
Q:What is T_PAAMAYIM_NEKUDOTAYIM?
A:Its the scope resolution operator (double colon)
问:什么是T_PAAMAYIM_NEKUDOTAYIM?
A:它的作用域解析运算符(双冒号)
An experienced PHP'er immediately knows what it means. Less experienced (and not Hebrew) developers may want to read this.
一个有经验的 PHP'er 立即知道它意味着什么。经验不足(而非希伯来语)的开发人员可能想阅读此。
But more serious questions now:
但现在更严重的问题是:
Q:What is the cause of this warning: 'Warning: Cannot modify header information - headers already sent', and what is a good practice to prevent it?
A:Cause:body data was sent, causing headers to be sent too.
Prevention:Be sure to execute header specific code first before you output any body data. Be sure you haven't accidentally sent out whitespace or any other characters.
问:此警告的原因是什么:“警告:无法修改标头信息 - 标头已发送”,有什么好的做法可以防止它?
A:原因:发送了正文数据,导致也发送了标头。
预防:在输出任何正文数据之前,请务必先执行头特定代码。确保您没有意外发送空格或任何其他字符。
Q:What is wrong with this query: "SELECT * FROM table WHERE id = $_POST[ 'id' ]"?
A:1.It is vulnarable to SQL injection. Never use user input directly in queries. Sanitize it first. Preferebly use prepared statements (PDO) 2.Don't select all columns (*), but specify every single column. This is predominantly ment to prevent queries hogging up memory when for instance a BLOB column is added at some point in the future.
问:这个查询有什么问题:"SELECT * FROM table WHERE id = $_POST[ 'id' ]"?
A: 1.容易受到SQL注入攻击。切勿在查询中直接使用用户输入。先给它消毒。最好使用准备好的语句 ( PDO) 2.不要选择所有列 (*),而是指定每一列。这主要是为了防止查询占用内存,例如在将来某个时间添加 BLOB 列时。
Q:What is wrong with this if statement: if( !strpos( $haystack, $needle ) ...?
A:strposreturns the index position of where it first found the $needle, which could be 0. Since 0also resolves to falsethe solution is to use strict comparison: if( false !== strpos( $haystack, $needle )...
问:这个 if 语句有什么问题:if( !strpos( $haystack, $needle ) ...?
A:strpos返回它第一次找到 $needle 的索引位置,可以是0. 因为0也解决false了解决方案是使用严格比较:if( false !== strpos( $haystack, $needle )...
Q:What is the preferred way to write this if statement, and why?if( 5 == $someVar )or if( $someVar == 5 )
A:The former, as it prevents accidental assignment of 5 to $someVar when you forget to use 2 equalsigns ($someVar = 5), and will cause an error, the latter won't.
问:编写此 if 语句的首选方式是什么,为什么?if( 5 == $someVar )或if( $someVar == 5 )
A:前者,因为它可以防止在您忘记使用 2 个等号 ( $someVar = 5)时将 5 意外分配给 $someVar ,并且会导致错误,后者不会。
Q:Given this code:
问:鉴于此代码:
function doSomething( &$arg )
{
$return = $arg;
$arg += 1;
return $return;
}
$a = 3;
$b = doSomething( $a );
...what is the value of $aand $bafter the function call and why?
A:$ais 4and $bis 3. The former because $arg is passed by reference, the latter because the return value of the function is a copy of (not a reference to) the initial value of the argument.
...什么是价值$a和$b功能调用之后,为什么?
答:$a是4和$b是3。前者是因为 $arg 是通过引用传递的,后者是因为函数的返回值是参数初始值的副本(不是引用)。
OOP specific
面向对象特定
Q:What is the difference between public, protectedand privatein a class definition?
A:publicmakes a class member available to "everyone", protectedmakes the class member available to only itself and derived classes, privatemakes the class member only available to the class itself.
问:在类定义中public,protected和private有什么区别?
A:public使类成员对“所有人”可用,protected使类成员仅对自身和派生类private可用,使类成员仅对类本身可用。
Q:What is wrong with this code:
问:这段代码有什么问题:
class SomeClass
{
protected $_someMember;
public function __construct()
{
$this->_someMember = 1;
}
public static function getSomethingStatic()
{
return $this->_someMember * 5; // here's the catch
}
}
A:Static methods don't have access to $this, because static methods can be executed without instantiating a class.
A:静态方法不能访问$this,因为静态方法可以在不实例化类的情况下执行。
Q:What is the difference between an interface and an abstract class?
A:An interface defines a contract between an implementing class is and an object that calls the interface. An abstract class pre-defines certain behaviour for classes that will extend it. To a certain degree this can also be considered a contract, since it garantuees certain methods to exist.
问:接口和抽象类有什么区别?
答:接口定义了实现类 is 和调用该接口的对象之间的契约。抽象类为将扩展它的类预先定义了某些行为。在某种程度上,这也可以被视为合同,因为它保证了某些方法的存在。
Q:What is wrong with classes that predominantly define getters and setters, that map straight to it's internal members, without actually having methods that execute behaviour?
A:This might be a code smell since the object acts as an ennobled array, without much other use.
问:主要定义 getter 和 setter 的类有什么问题,这些类直接映射到它的内部成员,而实际上没有执行行为的方法?
答:这可能是一种代码异味,因为该对象充当了一个 ennobled 数组,没有太多其他用途。
Q:Why is PHP's implementation of the use of interfaces sub-optimal?
A:PHP doesn't allow you to define the expected return type of the method's, which essentially renders interfaces pretty useless. :-P
问:为什么 PHP 的接口使用实现不是最优的?
答:PHP 不允许您定义方法的预期返回类型,这实际上使接口变得毫无用处。:-P
回答by Kartoch
Definitively security questions !
绝对安全问题!
(simple answers in this post, of course securing php web applications is far more complex)
(这篇文章中的简单答案,当然保护 php web 应用程序要复杂得多)
- how to deal with SQL injection ?
- 如何处理SQL注入?
mysql_real_escape_string() for a start with MySQL. Then try to learn PDO to take advantage of prepared statements and portability across database vendors.
mysql_real_escape_string() 开始使用 MySQL。然后尝试学习 PDO 以利用准备好的语句和跨数据库供应商的可移植性。
- how to deal with CSRF (Cross-Site Request Forgery) ?
- 如何处理CSRF(跨站请求伪造)?
Add a token on every important request to secure important operations (user must have seen the form before sending the crucial request).?
在每个重要请求上添加一个令牌以保护重要操作(用户在发送关键请求之前必须已经看过表单)。?
- how to deal XSS (Cross-Site Scripting) reflected and stored ?
- 如何处理反射和存储的 XSS(跨站点脚本)?
htmlentities() is good for a start.
htmlentities() 是一个很好的开始。
- variant of XXX injections: LDAP injection, XPath injection, etc... ?
- XXX 注入的变体:LDAP 注入、XPath 注入等...?
You need to know what is the "vocabulary" used by the XXX and then deduct what you need to sanitize and/or "check-and-reject".
您需要知道 XXX 使用的“词汇”是什么,然后扣除您需要清理和/或“检查和拒绝”的内容。
- what is the list of sensible functions ?
- 什么是合理的功能列表?
Functions which interpret PHP code (possibly included in a remote file) or which execute command on your system. A short and incomplete list could be: exec(), passthru(), system(), popen(), eval(), preg_replace()...
解释 PHP 代码(可能包含在远程文件中)或在您的系统上执行命令的函数。一个简短且不完整的列表可能是:exec()、passthru()、system()、popen()、eval()、preg_replace()...
- how to deal with file inclusion dangers ?
- what is a path transversal ?
- what are the risks associated with file upload ?
- 如何处理文件包含危险?
- 什么是路径横向?
- 与文件上传相关的风险是什么?
Need careful check of the parameters used when opening file or remote resources.
需要仔细检查打开文件或远程资源时使用的参数。
- how to enforce the configuration of your PHP configuration (i.e. do you know what is the use of php.ini) ?
- 如何强制执行你的 PHP 配置(即你知道 php.ini 的用途是什么)?
It is going to be long so I skip the answer, please read the PHP manual.
它会很长所以我跳过了答案,请阅读 PHP 手册。
- about filtering user data: what is the difference between sanitizingand check-and-refuse?
- 关于过滤用户数据:sanitizing和check-and-refuse 有什么区别?
The first one transforms the entry in something less hostile. The second one check if the entry is correct and, if not refuse it.
第一个将条目转换为不那么敌对的内容。第二个检查输入是否正确,如果不正确则拒绝。
回答by kprobst
"Why aren't you using something else?"
“你为什么不用别的东西?”
Sorry, someone had to say it :)
对不起,有人不得不说:)
回答by Strae
Is php cross-browser?
php是跨浏览器的吗?
(i know, this will make laught many people, but is the more-asked question on php forums!)
(我知道,这会让很多人发笑,但这是 php 论坛上问得更多的问题!)
回答by bkildow
I think a good question would be: how does HTTP work?Working with GETand POSTdata among other HTTP communications is inherent in PHP development. Understanding how HTTP works in a broader context and how PHP implements this goes a long way.
我认为一个很好的问题是:HTTP是如何工作的?在其他 HTTP 通信中使用GET和处理POST数据是 PHP 开发中固有的。了解 HTTP 在更广泛的上下文中如何工作以及 PHP 如何实现这一点大有帮助。
回答by Michael Stum
What is the difference between == and === and why would you want to use == at all?
== 和 === 有什么区别,为什么要使用 ==?
回答by Nathan Osman
Explain why the following code displays 2.5instead of 3:
解释为什么显示以下代码2.5而不是3:
$a = 012;
echo $a / 4;
Answer:When a number is preceded by a 0in PHP, the number is treated as an octalnumber (base-8). Therefore the octal number 012is equal to the decimal number 10.
答:0在 PHP 中,当数字前面有 a时,该数字将被视为八进制数(以 8为基数)。因此八进制数012等于十进制数10。
回答by markb
No one touched on it yet but it is something that every PHP developer should be able to speak at length about: Why is register_globalsbad?
还没有人触及它,但每个 PHP 开发人员都应该能够详细谈论它:为什么是register_globals坏的?
回答by AntonioCS
When a site is developed using php and it's utter crap, is it:
当一个网站是使用 php 开发的并且完全是废话时,是不是:
a) PHPs fault
a) PHP 错误
b) Programmers fault
b) 程序员错误
回答by Matt
What is the best practice for escaping user input? (This question seems to come up often)
转义用户输入的最佳做法是什么?(这个问题好像经常出现)
