Laravel

Top 15 Laravel Interview Questions

Harry 5 min read
Top Laravel Interview Questions
Photo by Christina @ wocintechchat.com / Unsplash
Table of Contents

Here is my list of Laravel interview questions suitable for asking a potential Laravel developer. The list contains a mix of technical and knowledge-based questions, with a few intended to help break the ice.

An interview shouldn't only be about finding who can answer the right questions. But finding somebody who fits the culture and how you work. So by no means, is this a definitive list - take them as suggestions and tweak to suit your own requirements.

What is Laravel?

Laravel is a popular PHP web framework, is free and open-source. Created by Taylor Otwell. It attempts to take the pain out of developing common tasks by including a bunch of prebuilt features including but not limited to user authentication, queues, scheduling, routing, and notifications.

What is MVC?

MVC (Model-View-Controller) is a software design pattern that sees code separated into specific parts. The model defines how data is presented, the controller the input logic, and the view the UI logic.

Anybody carrying their weight in Laravel will find this an easy question but it's a good question to lead within the interview.

What do you like about Laravel?

A nice warm-up question. This should be straightforward, as the candidate should have a reason for using or wanting to use Laravel. Whilst an opinionated answer is expected, an example answer could be:

Laravel makes it easy to focus on building an idea. You don't have to rebuild common features as they're provided for you and even battle tested in real world applications.

What do you dislike about Laravel?

This question is to test how you can critique your tools. It's easy enough to say what you like about X, but the opposite requires knowledge of where it falls short. It doesn't have to do with finding the bad things about it either, but how it impacts you negatively is also acceptable.

Example

Eloquent makes it too easy to interact with the database without having to write SQL queries by hand. I often find myself forgetting how to write SQL queries and having to look up references again because of this.

What is the artisan command and what would you use it for?

Laravel's artisan is a CLI tool that comes with several commands for creating new files, running queues, or additional ones as defined by your application.

The core commands provided by Laravel provide many conveniences such as creating new models, controllers, migrations, and others. Whereas ones defined by the application developers can be used together with the scheduler to trigger custom logic at set times.

How do you validate user input in Laravel?

The first step would be to acknowledge the validator helper that can be used within a controller to validate any incoming data. There are a number of rules available out of the box to help you validate common data formats, like email addresses, min/max input lengths, and the uniqueness of a value against an existing database entry.

Secondly, there are Form Requests which extract these rules into a self-contained class. By using Laravel's dependency injection container, a request can be validated before getting into the controller's logic.

What is Dependency Injection and where would you use it in Laravel?

Dependency injection (sometimes abbreviated to DI) allows components to be swapped out dynamically without changing the structure of the code. In Laravel, you may be using dependency injection without even realising it. Injecting a Form Request in a controller is one such use of this.

Name as many official packages as you can that extend Laravel with additional functionality

A question to explore the applicant's knowledge of Laravel's ecosystem. To name a few Dusk, Envoy, Horizon, JetStream, Socialite, Cashier. They all can be found under Packages on the Laravel documentation.

When storing a user's password, what technique would you apply to keep it secure?

Whilst Laravel offers user authentication out of the box and actually solves this problem. A developer should understand the difference between encryption and hashing.

Encrypting a password is a mistake that some people make, assuming it is secure. And whilst it is certainly better than storing plain text, it is prone to be reversed if the encryption key is exposed. Instead, hashing - which is a one-way process, should be used. Laravel has a Hash function that it uses to securely store passwords.

How would you stay informed of errors occurring in production?

Third-party tools can be used to aggregate and notify, of any errors occurring in production. To name a few Rollbar, Bugsnag, and Sentry.

These services can highlight how often an error has occurred, the stack trace, and even the commit responsible.

The Laravel storage logs should not be accepted without further clarification of how aggregation and alerts are handled.

What are Laravel collections and where would you use them?

Collections in Laravel provide a fluent way of iterating over an array-like structure. It exposes several methods that assist in the transforming or aggregation of values in its underlying array. A few examples are summing a value, filtering, and transforming data.

All the available methods can be viewed in Laravel's documentation.

What is CSRF protection and why do you need it?

One example of cross-site request forgery is where an outsider is able to trigger an action within the context of another user logged into your application.

For demonstration purposes, here's a delete endpoint project/{id}/delete that deletes a given project (via a DELETE request header). The logic behind it ensures that only the authenticated user can action this, so it should be secure enough.

An outsider can pass a link to the authenticated user, with their own form masquerading as the original. Because the authenticated user submits a manipulated form, it passes the check requiring authentication - but the user has been fooled. The project has been deleted.

This is where a CSRF token comes into play. By generating one and passing it along with the form that triggers the delete endpoint. An outside user cannot trick another user into actioning something they are unaware of.

What have you built with / worked on with Laravel in the past?

Ice breaker. Get the candidate to show what they've done with Laravel, what problems they've solved, and how they've tackled them. If the project was a team effort, what did the candidate bring to the table? Sometimes people try to take credit from others on their team, so dig dig dig here!

Who is the creator of Laravel?

Not for the purpose of turning an interview into a pub quiz. But this a warm-up question that every Laravel developer should know the answer to. Taylor Otwell created Laravel and regularly interacts with the community he created.

Not knowing the answer to this would be a potential flag!

What is the N+1 problem and how would you avoid it?

Beginners to Laravel are often caught out by this, and sometimes even experienced developers. When you're iterating through a list of eloquent models, and calling relational data. An additional query is fired off for each time the relational data is accessed.

This isn't always obvious at first, especially when there is not enough data to see the consequences. But it can compound with the more relations you query and models you iterate through.

To prevent it, you should expect the applicant to suggest eager loading. Where preloading the data required in a single query will reduce the number of queries run.


Have I missed a question that you would ask during an interview? Feel free to leave a comment below!

Share
Comments
More from Harrk Blog

Harrk Blog

A personal development blog about programming and technology. Enjoys writing about Laravel and Virtual Reality.

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Harrk Blog.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.