PHP & Laravel Interview Questions (2026): By Level, With Model Answers

How to use this

PHP has grown up, and Laravel hides a lot of machinery. These questions check whether a candidate understands what the framework is doing for them.

Hiring a PHP & Laravel developer is easy. Telling a real one from a convincing résumé is the hard part — and it’s most of what we do. These are grouped by level, because the same question that stretches a junior is a warm-up for a senior.

Junior PHP & Laravel interview questions

0–2 years

PHP and Laravel basics.

What is the difference between == and === in PHP?

What a strong answer covers

=== checks value and type; == does type juggling that causes surprising comparisons.

Red flag

Relies on == and hits coercion bugs.

What is the request lifecycle in Laravel?

What a strong answer covers

The request enters through the front controller, passes middleware, is routed to a controller, and a response returns through middleware.

Red flag

No idea where middleware sits.

What is Eloquent?

What a strong answer covers

Laravel’s ActiveRecord ORM mapping models to tables with relationships, scopes and mutators.

Red flag

Writes raw queries and ignores relationships.

What are migrations and seeders?

What a strong answer covers

Version-controlled schema definitions and sample-data population for reproducible databases.

Red flag

Changes the DB manually and it drifts between environments.

What is Blade?

What a strong answer covers

Laravel’s templating engine with inheritance, components and safe output escaping by default.

Red flag

Echoes unescaped user input into HTML.

What is the difference between include/require?

What a strong answer covers

Both import files; require fails fatally if missing, include only warns.

Red flag

Uses them interchangeably with no error handling.

What are routes and route model binding?

What a strong answer covers

Routes map URLs to actions; model binding auto-resolves a model from a route parameter.

Red flag

Fetches the model manually and duplicates lookups.

What are environment files and config?

What a strong answer covers

.env holds per-environment secrets loaded into config; it should never be committed.

Red flag

Hardcodes credentials in code or commits .env.

Mid-level PHP & Laravel interview questions

2–5 years

Eloquent, container and queues.

What is the service container and dependency injection?

What a strong answer covers

An IoC container that resolves and injects dependencies, enabling loose coupling and testability.

Red flag

News up dependencies manually inside classes.

What are service providers?

What a strong answer covers

Bootstrap classes that bind services into the container and configure the framework.

Red flag

Puts bootstrapping logic in random places.

How does eager loading avoid N+1 queries?

What a strong answer covers

with() loads relations up front instead of one query per record accessed in a loop.

Red flag

Loops over records accessing relations lazily.

How do queues and jobs work?

What a strong answer covers

Slow work is pushed to a queue and processed by workers, keeping requests fast; failed jobs can retry.

Red flag

Sends emails and processes files inline in the request.

What is middleware used for?

What a strong answer covers

Cross-cutting request filtering such as auth, throttling and CORS, running before/after the controller.

Red flag

Duplicates auth checks in every controller.

What are accessors, mutators and casts?

What a strong answer covers

They transform attribute values on read/write and cast DB columns to native types (dates, arrays, enums).

Red flag

Transforms data manually everywhere it’s used.

How does Laravel handle validation?

What a strong answer covers

Form requests or the validator define rules; validation runs before the controller logic and returns errors automatically.

Red flag

Validates ad hoc and trusts client input.

How do events and listeners work?

What a strong answer covers

A publish/subscribe mechanism to decouple side effects (e.g. sending a welcome email) from the main action.

Red flag

Hardcodes every side effect into the controller.

Senior PHP & Laravel interview questions

5+ years

Performance, security and architecture.

How do you prevent SQL injection and XSS in PHP?

What a strong answer covers

Parameterised queries or the ORM, and escaping output (Blade does this by default); never interpolate raw input.

Red flag

Concatenates input into SQL or echoes it unescaped.

How do you optimise a slow Laravel app?

What a strong answer covers

Fix N+1 queries, add indexes, cache expensive work, use queues, and eager-load; profile with a debugbar or APM.

Red flag

Adds servers instead of fixing query patterns.

How do you structure a large Laravel codebase?

What a strong answer covers

Service and action classes, form requests, repositories or query objects, and clear domain boundaries beyond default MVC.

Red flag

Fat controllers and models holding everything.

How does caching work and how do you invalidate it?

What a strong answer covers

Multiple stores (Redis, file), cache tags, and careful key design; stale data comes from missing invalidation.

Red flag

Caches with no expiry or invalidation plan.

How do you handle long-running and scheduled tasks?

What a strong answer covers

The scheduler for cron-like tasks and queue workers for async jobs, monitored and supervised.

Red flag

Relies on manual scripts and cron with no monitoring.

How do modern PHP features change how you write code?

What a strong answer covers

Types, enums, readonly properties, attributes and JIT improve safety and performance over old PHP.

Red flag

Writes PHP as if it were still version 5.

How do you keep a legacy PHP app maintainable?

What a strong answer covers

Add tests, introduce Composer and autoloading, isolate legacy code behind interfaces, and refactor incrementally.

Red flag

Proposes a rewrite instead of incremental improvement.

How do you scale sessions and state across servers?

What a strong answer covers

Externalise sessions and cache to Redis so any app server can handle any request.

Red flag

Keeps sessions on local disk and breaks under load balancing.

Skip the screening entirely.We vet PHP & Laravel engineers so you don’t have to — embed one in your team, or have us build it.

Hire PHP & Laravel developersCompare us

Build and score a full interview with our free interview scorecard tool, browse the full question hub, or see how we interview engineers.

Share