PHP has grown up, and Laravel hides a lot of machinery. These questions check whether a candidate understands what the framework is doing for them.
Hiring a PHP & Laravel developer is easy. Telling a real one from a convincing résumé is the hard part — and it’s most of what we do. These are grouped by level, because the same question that stretches a junior is a warm-up for a senior.
Junior PHP & Laravel interview questions
0–2 years
PHP and Laravel basics.
What is the difference between == and === in PHP?
=== checks value and type; == does type juggling that causes surprising comparisons.
Relies on == and hits coercion bugs.
What is the request lifecycle in Laravel?
The request enters through the front controller, passes middleware, is routed to a controller, and a response returns through middleware.
No idea where middleware sits.
What is Eloquent?
Laravel’s ActiveRecord ORM mapping models to tables with relationships, scopes and mutators.
Writes raw queries and ignores relationships.
What are migrations and seeders?
Version-controlled schema definitions and sample-data population for reproducible databases.
Changes the DB manually and it drifts between environments.
What is Blade?
Laravel’s templating engine with inheritance, components and safe output escaping by default.
Echoes unescaped user input into HTML.
What is the difference between include/require?
Both import files; require fails fatally if missing, include only warns.
Uses them interchangeably with no error handling.
What are routes and route model binding?
Routes map URLs to actions; model binding auto-resolves a model from a route parameter.
Fetches the model manually and duplicates lookups.
What are environment files and config?
.env holds per-environment secrets loaded into config; it should never be committed.
Hardcodes credentials in code or commits .env.
Mid-level PHP & Laravel interview questions
2–5 years
Eloquent, container and queues.
What is the service container and dependency injection?
An IoC container that resolves and injects dependencies, enabling loose coupling and testability.
News up dependencies manually inside classes.
What are service providers?
Bootstrap classes that bind services into the container and configure the framework.
Puts bootstrapping logic in random places.
How does eager loading avoid N+1 queries?
with() loads relations up front instead of one query per record accessed in a loop.
Loops over records accessing relations lazily.
How do queues and jobs work?
Slow work is pushed to a queue and processed by workers, keeping requests fast; failed jobs can retry.
Sends emails and processes files inline in the request.
What is middleware used for?
Cross-cutting request filtering such as auth, throttling and CORS, running before/after the controller.
Duplicates auth checks in every controller.
What are accessors, mutators and casts?
They transform attribute values on read/write and cast DB columns to native types (dates, arrays, enums).
Transforms data manually everywhere it’s used.
How does Laravel handle validation?
Form requests or the validator define rules; validation runs before the controller logic and returns errors automatically.
Validates ad hoc and trusts client input.
How do events and listeners work?
A publish/subscribe mechanism to decouple side effects (e.g. sending a welcome email) from the main action.
Hardcodes every side effect into the controller.
Senior PHP & Laravel interview questions
5+ years
Performance, security and architecture.
How do you prevent SQL injection and XSS in PHP?
Parameterised queries or the ORM, and escaping output (Blade does this by default); never interpolate raw input.
Concatenates input into SQL or echoes it unescaped.
How do you optimise a slow Laravel app?
Fix N+1 queries, add indexes, cache expensive work, use queues, and eager-load; profile with a debugbar or APM.
Adds servers instead of fixing query patterns.
How do you structure a large Laravel codebase?
Service and action classes, form requests, repositories or query objects, and clear domain boundaries beyond default MVC.
Fat controllers and models holding everything.
How does caching work and how do you invalidate it?
Multiple stores (Redis, file), cache tags, and careful key design; stale data comes from missing invalidation.
Caches with no expiry or invalidation plan.
How do you handle long-running and scheduled tasks?
The scheduler for cron-like tasks and queue workers for async jobs, monitored and supervised.
Relies on manual scripts and cron with no monitoring.
How do modern PHP features change how you write code?
Types, enums, readonly properties, attributes and JIT improve safety and performance over old PHP.
Writes PHP as if it were still version 5.
How do you keep a legacy PHP app maintainable?
Add tests, introduce Composer and autoloading, isolate legacy code behind interfaces, and refactor incrementally.
Proposes a rewrite instead of incremental improvement.
How do you scale sessions and state across servers?
Externalise sessions and cache to Redis so any app server can handle any request.
Keeps sessions on local disk and breaks under load balancing.
Build and score a full interview with our free interview scorecard tool, browse the full question hub, or see how we interview engineers.