Interview Questions
PHP provides several basic file operations: fopen() for opening files, fread()/fwrite() for reading/writing, file_get_contents()/file_put_contents() for simple operations, fclose() for closing files, and unlink() for deletion. Additional functions include copy(), rename(), and file_exists().
Secure file uploads require: validating file types, checking MIME types, setting upload size limits, using move_uploaded_file(), scanning for malware, storing files outside web root, using random filenames, setting proper permissions, and validating file contents.
PHP supports several file modes: 'r' (read-only), 'w' (write, truncate), 'a' (append), 'r+' (read and write), 'w+' (read and write, truncate), 'a+' (read and append). Adding 'b' for binary mode. Each mode affects file pointer position and file handling behavior.
Large file handling techniques include: using fgets() for line-by-line reading, implementing chunked reading/writing, using generators, setting proper memory limits, implementing progress tracking, and using stream functions for memory efficiency.
Streams provide a unified way to handle file, network, and compression operations. Used with stream_get_contents(), fopen() with stream wrappers (file://, http://, ftp://, etc.). Support filters and contexts for advanced operations.
File permissions are managed using chmod() function, umask() for default permissions. Functions like is_readable(), is_writable() check permissions. Important for security. Permissions should follow principle of least privilege.
Directory operations include: mkdir() for creation, rmdir() for deletion, opendir()/readdir()/closedir() for reading, scandir() for listing contents, dirname()/basename() for path manipulation, and is_dir() for checking directory existence.
Secure file downloads require: validating file paths, checking permissions, setting proper headers (Content-Type, Content-Disposition), implementing rate limiting, scanning files, and using readfile() or fpassthru() for streaming.
Common vulnerabilities include: directory traversal, file inclusion attacks, insufficient permissions, insecure file uploads, path manipulation, and race conditions. Prevention requires proper validation, sanitization, and secure coding practices.
Temporary files managed using tmpfile() for automatic cleanup, tempnam() for custom temp files. Important to implement proper cleanup, set secure permissions, use system temp directory, and handle concurrent access properly.
File locking uses flock() function with LOCK_SH (shared), LOCK_EX (exclusive), LOCK_UN (release). Important for preventing race conditions in concurrent access. Should implement proper error handling and timeout mechanisms.
CSV operations use fgetcsv()/fputcsv() for reading/writing, handling different delimiters and enclosures. Consider character encoding, handling large files, validating data, and implementing proper error handling.
Symbolic links managed with symlink(), readlink(), and is_link() functions. Security considerations include proper validation, handling recursive links, and implementing access controls. Important for file system organization.
File caching involves: implementing cache directory structure, managing cache lifetime, handling cache invalidation, implementing file locking for concurrent access, and proper error handling. Consider using existing caching libraries.
Memory-mapped files accessed using php-io extension, providing efficient access to large files. Benefits include faster access and shared memory capabilities. Consider memory limitations and proper resource management.
File compression using zlib functions (gzopen, gzwrite, gzread) or ZIP extension. Important considerations include compression ratio, memory usage, handling large files, and proper error handling.
Metadata operations include: stat(), filemtime(), filesize(), filetype(). Provide information about file properties, modification times, and attributes. Important for file management and caching implementations.
File backup implementation includes: copying files with versioning, implementing rotation system, handling large files, compression, secure storage, verification, and proper error handling. Consider automated backup scheduling.
include produces warning on failure, require produces fatal error. require_once and include_once prevent multiple inclusions. Choose based on dependency criticality. Important for modular code organization.
File type detection using: finfo_file(), mime_content_type(), pathinfo(), checking file extensions. Important for security in file uploads. Should not rely solely on file extensions for validation.
Atomic operations ensure file operation completeness without interruption. Use rename() for atomic writes, implement proper locking, handle temporary files correctly. Important for data integrity and concurrent access.
Secure path manipulation using realpath(), basename(), dirname(). Prevent directory traversal, validate paths against whitelist, use proper encoding, and implement access controls. Important for security.
Stream filters modify data as it's read/written. Used with stream_filter_append(), stream_filter_register(). Common for encryption, compression, character encoding. Consider performance impact and proper error handling.
File monitoring involves checking file changes using filemtime(), implementing polling or inotify extension, handling multiple files, logging changes, and proper resource management. Consider performance impact.
Memory considerations include: using streaming for large files, proper chunk sizes, clearing file handles, implementing garbage collection, monitoring memory usage, and setting appropriate memory limits. Important for performance.
Encoding issues handled using mb_* functions, setting proper encoding in fopen(), handling BOM, implementing conversion functions. Important for international character support and data integrity.
File ownership managed using chown(), chgrp() functions. Important for security and permissions management. Consider system-level permissions, proper error handling, and security implications.
File cleanup includes: implementing age-based deletion, handling temporary files, proper permission checking, implementing logging, and error handling. Consider automated scheduling and resource management.
Best practices include: proper permissions, input validation, path sanitization, secure file operations, implementing access controls, proper error handling, and following principle of least privilege. Regular security audits recommended.
Error handling includes: try-catch blocks, checking return values, implementing logging, proper user feedback, and recovery mechanisms. Consider different error types and appropriate response strategies.