WS WhereIsStuff
Tutorial Guides
Log In Sign Up

Advertisement

Google Ad Slot: content-top

PHP Interview Question 5

Previous Next

21.What is Cross-Site Scripting (XSS)?

XSS happens when a website shows user input directly without cleaning it, so malicious JavaScript code can run inside the browser of other users.

👉 In short:

  • User enters text ✅ → fine.
  • Hacker enters <script> code ❌ → bad.


Vulnerable Example (Unsafe Code)

<?php
// Imagine this comes from a form (GET/POST)
$name = $_GET['name'];
?>

<!DOCTYPE html>
<html>
<head><title>XSS Demo</title></head>
<body>
    <h2>Hello, <?php echo $name; ?>!</h2>
</body>
</html>


Normal Input

If you visit:

http://localhost/xss.php?name=John

Output:

Hello, John!


Malicious Input

If a hacker visits:

http://localhost/xss.php?name=<script>alert('Hacked!');</script>

Output in browser:

Hello, <script>alert('Hacked!');</script>

⚠️ Instead of showing text, the browser runs the JavaScript →

👉 Popup appears: "Hacked!"

That’s XSS attack.


Safe Example (Preventing XSS)

We must escape user input using htmlspecialchars().

<?php
$name = htmlspecialchars($_GET['name'], ENT_QUOTES, 'UTF-8');
?>

<!DOCTYPE html>
<html>
<head><title>XSS Safe Demo</title></head>
<body>
    <h2>Hello, <?php echo $name; ?>!</h2>
</body>
</html>

Now if hacker tries:

http://localhost/xss.php?name=<script>alert('Hacked!');</script>

Output on page:

Hello, <script>alert('Hacked!');</script>

✅ It just shows text, no popup, no execution. Safe!

22.What is cURL?

  • cURL = “Client URL”
  • Used to send HTTP requests from PHP
  • Supports:
  • GET, POST, PUT, DELETE, etc.
  • File uploads 
  • Sending JSON
  • Handling response headers

23.Steps to Use cURL in PHP

Here’s the typical flow:

1. Initialize cURL

2. Set cURL options

3. Execute the request

4. Check for errors

5. Close cURL


Example 1 – Simple GET Request

Let’s fetch a webpage.

PHP Code:

<?php
// 1. Initialize
$ch = curl_init();

// 2. Set options
curl_setopt($ch, CURLOPT_URL, "https://jsonplaceholder.typicode.com/posts/1");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

// 3. Execute
$response = curl_exec($ch);

// 4. Check for errors
if (curl_errno($ch)) {
    echo 'Error:' . curl_error($ch);
} else {
    echo $response;
}

// 5. Close
curl_close($ch);

 

Example 2 – POST Request with Data

Suppose you want to send data to an API.

<?php
 
$data = [
    "title" => "Hello World",
    "body" => "This is a test.",
    "userId" => 1
];
 
// 1. Initialize
$ch = curl_init();
 
// 2. Set options
curl_setopt($ch, CURLOPT_URL, "https://jsonplaceholder.typicode.com/posts");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
 
// 3. Execute
$response = curl_exec($ch);
 
// 4. Check for errors
if (curl_errno($ch)) {
    echo 'Error:' . curl_error($ch);
} else {
    echo $response;
}
 
// 5. Close
curl_close($ch);

 

Example 3 – Sending JSON with POST

Many modern APIs expect JSON.

<?php
 
$data = [
    "title" => "Hello World",
    "body" => "This is JSON data.",
    "userId" => 1
];
 
// Encode JSON
$jsonData = json_encode($data);
 
// 1. Initialize
$ch = curl_init();
 
// 2. Set options
curl_setopt($ch, CURLOPT_URL, "https://jsonplaceholder.typicode.com/posts");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $jsonData);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
 
// Send JSON headers
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    'Content-Type: application/json',
    'Content-Length: ' . strlen($jsonData)
]);
 
// 3. Execute
$response = curl_exec($ch);
 
// 4. Check for errors
if (curl_errno($ch)) {
    echo 'Error:' . curl_error($ch);
} else {
    echo $response;
}
 
// 5. Close
curl_close($ch);


Example 4 – Custom Request (PUT)

<?php
 
$data = json_encode([
    "title" => "Updated title",
    "body" => "Updated body",
    "userId" => 1
]);
 
$ch = curl_init();
 
curl_setopt($ch, CURLOPT_URL, "https://jsonplaceholder.typicode.com/posts/1");
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PUT");
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
 
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    'Content-Type: application/json',
    'Content-Length: ' . strlen($data)
]);
 
$response = curl_exec($ch);
 
if (curl_errno($ch)) {
    echo 'Error:' . curl_error($ch);
} else {
    echo $response;
}
 
curl_close($ch);

24.What is Autoload in PHP?

Autoloading lets PHP load class files automatically when you use them, instead of writing lots of require statements.

 

Normally, you’d do this:

require 'classes/User.php';
require 'classes/Product.php';

✅ This is manual loading.


Autoloading means:

PHP automatically loads the class file when you use the class.

✅ So you don’t write dozens of require or include!


Example:

<?php
// File: classes/User.php
 
class User {
    public function sayHello() {
        echo "Hello!";
    }
}


Without autoloading:

require 'classes/User.php';
 
$user = new User();
$user->sayHello();

✅ Works… but you must remember the require line.


With autoloading:

Register an autoloader function:

spl_autoload_register(function ($class) {
    require __DIR__ . '/classes/' . $class . '.php';
});
Now you can simply:
$user = new User();
$user->sayHello();

No require needed. PHP loads the file automatically.


Previous Next