Problems of PHP high-end factory

Posted by ubaldc36 on Sat, 20 Nov 2021 08:55:56 +0100

Summary seen by boss

General PHP interviews will ask about front-end knowledge, especially VUE. You need to know some front-end content


What are CSRF and XSS attacks

1.CSRF Basic concept, abbreviation and full name of
CSRF(Cross-site request forgery) Cross-site request forgery 
2.CSRF Attack principle of
 User is a website A Register the user and log in, so the website A Send it to the user cookie
 To complete once CSRF Two necessary conditions must be met for the victim to attack
(1)Log in to trusted sites A,And generate locally Cookie (If the user is not logged in to the website A,So website B At the time of induction, request the website A of api Interface, you will be prompted to log in)
(2)Don't log out A In case of, visit dangerous websites B(It's actually using the website A Loopholes)
We're talking CSRF Be sure to make the above two points clear.
reminder: Cookie It ensures that users can log in, but the website B Actually, I can't Cookie
3.CSRF How to defend
 Method I Token verification:(Most used)
(1)The server sends a message to the client TOKEN;
(2)This is carried in the form submitted by the client TOKEN;
(3)If this token If it is illegal, the server rejects the request
 Method 2: hide token:
hold token Hidden in http of head In the head
 Method 2 is a bit like method 1. There is no great difference in ability, but there is a difference in the way of use
 Method 3 Referer verification:
Rederer It refers to the source of the page request, which means that only the request of this site is accepted, the service responds, and how not to intercept
1,XSS Basic concepts of
XSS(Cross Site Scripting) Cross domain scripting attack
Xss Attack principle of:
You do not need to do any login authentication, he will pass the legal operation(Like in url Enter in the comment box),Injecting scripts into your page may be JS,html Code blocks, etc
 The final result may be:
Embezzle Cookie Destroy the normal structure of the page, insert advertisements and other malicious content D-doss attack
xss Attack mode:
(1)Reflex type
 The request is, xss The code appears in url In, it is submitted to the server as input, and the server responds after parsing, xss The code is passed back to the viewer along with the response content, and finally parsed by the viewer xss Code, this process is like a reflection, so it is called reflection xss
(2)Storage type memory
 Storage type xss And reflective xss The difference is that the submitted code will be stored on the server (database, memory, file system, etc.), and the next request is the target page xss code
xss Preventive measures( encode + (filter)
xss There are three main preventive measures
The data entered by the user is Html Entity code
 Converts a string to an escape character
encode The purpose is to $var Wait for some characters to be converted. Yes, the viewer is much the same in the final output
Mobile user input event related attributes, input onerror Attacks can be triggered automatically
 have onclikc And so on style Node script node iframe node
 Avoid direct to HTMLEntity For decoding DOMparse Conversion and correction mismatch DOM label
CSRF and XSS difference
 Difference 1:
CSRF: Users are required to log in to the website first A obtain cookie
XSS:No login required
 Difference 2:
CSRF: Is to use the website A Own vulnerabilities, to request the website A have to API
XSS: Yes to the website A injection js Code, then execute js Inside the code, tampering with the website A content

What are abstract classes and interfaces

Abstract class:

It is based on class. It is a class itself. It is just a special class. It cannot be instantiated directly. Methods and properties can be defined in the class. Similar to the template, the subclass implements detailed functions after specification.


The specification mainly based on methods is a bit like the abstract methods in abstract classes, but it is more independent for abstract methods. You can let a class form a new class by combining multiple methods.

Similarities between abstract classes and interfaces:
  1. They are all used to declare a certain thing, specifying the name, parameters, forming modules, and there are no detailed implementation details.
  2. All the details are realized through classes.
  3. Grammatically, the abstract method of an abstract class, like an interface, cannot have a method body, that is, {} symbol.
  4. You can use inheritance, and interfaces can inherit interfaces to form new interfaces.
Differences between abstract classes and interfaces:
  1. Abstract classes can have properties, ordinary methods and abstract methods, but interfaces cannot have properties, ordinary methods and constants
  2. There may not be abstract methods in abstract classes, but there must be "abstract" methods in interfaces
  3. There are differences in grammar
  4. Abstract classes are declared in front of classes with the abstract keyword, and classes are declared as classes. Interfaces are declared with interfaces, but cannot be declared with classes, because interfaces are not classes.
  5. Abstract methods of abstract classes must be declared with abstract, while interfaces do not
  6. Abstract classes use the extends keyword to allow subclasses to inherit the parent class, and then implement detailed abstract methods in subclasses. Interfaces use implements to enable ordinary classes to implement detailed methods of interfaces in classes. Interfaces can implement multiple methods at one time and separate interfaces with commas
Respective characteristics:
  1. Abstract classes may not have abstract methods, but classes with abstract methods must be abstract classes
  2. In an abstract class, even if it is all concrete methods, it cannot be instantiated. As long as a new class is created to inherit, the instance can inherit the class
  3. Interface allows a class to implement multiple different methods at one time
  4. The interface itself is abstract, but note that it is not an abstract class, because the interface is not a class, but its methods are abstract. Therefore, it is also abstract

Application and combination

1, Combination of abstract classes and interfaces
interface work{ 
  public function say(); 
abstract class a implements work{ 
  public function showlove(){ 
    echo 'love you<br />'; 
class b extends a{ 
  public function say(){ 
    echo 'hello, i m in b'; 
$k=new b(); 
The above procedures can be executed normally
 After the ordinary class implements the interface, it becomes an abstract class, which is like adding an abstract method to the abstract class directly.
2, Combination of interface and inheritance

The parent class is an ordinary class. After the child class inherits, it implements the interface in the child class at the same time.

Question: is this approach meaningful and is there such an application in actual development?

interface kk{ 
  public function say(); 
class a { 
  public function show(){ 
    echo 'I'm a parent<br />'; 
class b extends a implements kk{ 
  public function say(){ 
    echo 'I'm an heir A Class and implement it at the same time say Interfaced<br />'; 
$b=new b(); 
$b->show();//I'm a parent
$b->say();//I inherit class A and implement the say interface at the same time

Talk about the understanding of design pattern

Create pattern
Factory mode, simple factory mode, abstract factory mode, singleton mode, builder mode and prototype mode.

Memory mode: 3 jobs and 1 order (factory, simple, abstract, single example)

Structural model

Adapter mode, combination mode, agent mode, appearance mode, decorator mode, bridge mode and sharing mode.

Memory mode: disguise and wear askew to think of the ancestor (bridge, decorator, appearance, agent, Xiangyuan, adapter, combination)

Behavioral model

Observer mode, iteration sub mode, policy mode, command mode, template method mode, responsibility chain mode, memo mode, status mode, visitor mode, mediator mode and registration mode.

Memory mode: watching father and measuring life (observer, iteration, strategy, command)

Talk about the understanding of micro service

Talk about garbage collection mechanism

High concurrency solution

How to prevent SQL injection

What is timing attack

What are the magic methods


Implementation principle of dependency injection

Common set methods

Common auxiliary functions

Common middleware

life cycle


On the understanding of collaborative process



Differences between MySAM and InnDB

Index structure (Interpretation B + tree)

select execution process

Transaction isolation level

Index back to table

Index failure

Sub database and sub table

Read write separation


data type

Elimination strategy

Transaction mechanism

Buffer breakdown

Distributed lock



Principle of bidirectional data binding

Component communication

life cycle








  1. This page is to practice sql statements. You can follow the steps and contact the native sql statements
  2. Go language
  3. Programming navigation learning resources programmer fishskin ha ha

Topics: PHP Front-end Interview Web Security