Earlier this week, I had to interview a bunch of applicants for a web developer role. The idea is to filter out those who aren’t really experienced as the job asks for people with at least 6 months of experience.
Anyway, below is the test I gave them. I don’t feel like giving something like it again in the future (it’s pretty crappy IMHO) so I think it would be a good idea to share it instead of just throwing it away.
Determine whether the statements below are true or false. Be prepared to explain your answer.
- A primary key can be composed of multiple columns.
- When you have two tables in a parent-child relationship (i.e. one table has a foreign key referring to the other table) deleting a parent record will delete all child records of that record.
- Escaping special characters is the best way to avoid SQL injection.
- You can undo
DELETEchanges to the database.
VARCHARdata type can be used to save space when used over
- When using an RDBMS, normalization must be done for all tables.
- Indexes speed up database actions.
- Foreign keys are usually indexed.
- Many-to-many relationships are implemented via junction/join tables.
- Some HTML elements have been deprecated in favor of CSS.
<strong>element can be used interchangeably with the
- Under strict XHTML rules,
<br>is not a valid usage of the line break element.
hrefattribute of the anchor element only accepts relative and absolute links.
imagetag is a block element.
- When a form is submitted, the submitted data is derived from only the
inputelements inside the
- Multiple elements can have the same
- Web servers serve content at port 443.
- A web server can identify if a client has visited the website before.
- A browser redirect can be initiated by a response with an empty body.
varkeyword is optional when declaring variables so it can be omitted in all cases.
- Ajax will prevent you from performing other actions until the Ajax action is completed.
- You are limited to using XML in Ajax.
- You cannot change the values of a class variable.
- Constructors are instance methods.
- Polymorphism refers to the ability to define functions to have different behaviors depending on the passed arguments.
- High cohesion and loose coupling can improve coding speed.
- You can combine the features of two classes via inheritance.
- Encapsulation is primarily used for security reasons.
Answers below the cut.
Any decent web developer would see why I’m not too comfortable with this test: most of the items are trick questions. The fun part here is that I did that not because I want to boost my ego like many complicated/puzzle questions (secretly) do for the interviewers, but because I specifically wanted to test the applicants’ levels using the Dreyfus model.
I don’t need Novices, I needed Advanced Beginners to Competent applicants, thus the “Be prepared to explain your answer“. These questions were designed to be too hard for novices while being too easy for competent developers.
With little luck, Novices can ace this exam. But ask them “Why?” and they’re sure to falter. Ask an Advanced Beginner the same question and they might answer “I tried using it the other way before, it didn’t work”. Ask a Competent developer and you’ll get “Actually the answer can go either way, if you have this or that constraint”. (Ask an Expert and you’ll get something like this.)
Anyway, here are the answers. Scoring is simple: answer like a Competent developer and I’ll give you a pass, answer like a Novice and I’ll fail you.
A primary key can be composed of multiple columns.
As many people consider the definition of a Primary Key as a “single column that uniquely identifies rows”, even advanced beginners might consider this false as it violates that “single column” definition.
When you have two tables in a parent-child relationship (i.e. one table has a foreign key referring to the other table) deleting a parent record will delete all child records of that record.
When you define a foreign key, you can choose to define the referential action to be done upon deletion of the parent record. You can delete the child records, set the foreign key to NULL, or even do no action at all.
Escaping special characters is the best way to avoid SQL injection.
While I’m happy to report that most of the applicants knew about SQL injection, none of them were able to answer this correctly. The best solution is to use a parameterized interface as suggested by OWASP:
Preventing injection requires keeping untrusted data separate from commands and queries.
- The preferred option is to use a safe API which avoids the use of the interpreter entirely or provides a parameterized interface. Beware of APIs, such as stored procedures, that appear parameterized, but may still allow injection under the hood.
Escaping special characters is obviously #2.
You can undo
DELETE changes to the database.
You can rollback those actions while inside a Transaction, but in most cases, no, you can’t undo them. Hope you made backups.
VARCHAR data type can be used to save space when used over
Another surprising discovery: not a lot of people are familiar with SQL data types. I assume that they don’t care whether they’re using VARCHAR or CHAR when storing strings.
At any rate, this should be true due to VARCHAR’s variable-width nature as opposed to CHAR’s fixed-width, though not for all cases.
When using an RDBMS, normalization must be done for all tables.
There are cases where denormalization is favored over normalization.
Quick note: when an applicant can properly explain what normalization is in practical terms, you’ve got yourself a Competent developer.
Indexes speed up database actions.
Indexes can speed up SELECT operations, but they will slow down INSERT, UPDATE, and DELETE operations.
Foreign keys are usually indexed.
FKs are usually indexed to speed up child record retrieval. They aren’t required, though.
Many-to-many relationships are implemented via junction/join tables.
When people read “join table” they think of SQL JOINs. Too bad what I’m after is Junction Table.
The sad part is that many-to-many is a pretty common entity relationship, even more common than one-to-one.
Some HTML elements have been deprecated in favor of CSS.
Many elements were deprecated upon moving to HTML 4 because they deal with appearance and layout. All of them can be easily implemented in CSS.
<strong> element can be used interchangeably with the
If we’re talking about typical browser behavior, yes, both tags turn text into boldface.
But when it comes down to usage, one provides semantics (i.e. meaning) while the other tells the browser how the enclosed text looks like. It would not be unusual for a designer to set the
<strong> tag to make the text italicized, in bold face, and a few pixels larger than normal text.
Under strict XHTML rules,
<br> is not a valid usage of the line break element.
XHTML requires empty elements to either have an end tag or the start tag must end with
<br> is still valid as long as it is immediately closed by
</br>. However, it may give uncertain results in user agents.
href attribute of the anchor element only accepts relative and absolute links.
Okay so this is a trick question. I didn’t specify if the “link” is a general URI (which would allow
image tag is a block element.
A tricky question, but one that would immediately tell me if the applicant has an idea about block-level and inline elements.
img tag is inline (sorry, couldn’t find a good reference. Gecko and Webkit treat it as inline, though), but most designers set its
display option to block.
When a form is submitted, the submitted data is derived from only the
input elements inside the
Yet another trick question. I’m checking if the applicant whether he/she has tried putting
input elements outside the
form since it’s a sign of being an Advanced Beginner.
Anyway, this is false simply because the
select elements will also determine the data submitted by the form.
Multiple elements can have the same
You can define multiple elements with the same
id attribute, but it won’t validate in most HTML validators. It will also screw up your DOM
Web servers serve content at port 443.
I am honestly surprised how many web developers aren’t familiar with the concept of port numbers.
A web server can identify if a client has visited the website before.
Yet another trick question to bait the higher skilled applicants.
A Competent developer would be quick to point out that HTTP is a stateless protocol. That is, servers are supposed to forget about previous HTTP transactions.
But as we all know, web servers can determine if a client has visited before, whether the server level (server logs) or at the application level (cookies, session).
POST is idempotent.
POST is not idempotent as it produces side effects. This is why sometimes when you refresh a non-responding page, the browser will prompt you whether to submit the data again to prevent you from submitting the data twice, something that might produce unwanted side effects (e.g. getting billed twice).
A browser redirect can be initiated by a response with an empty body.
A Competent web developer should be aware of the Request-Response cycle in HTTP and should have implemented a browser redirect at least once in his/her career. Typically this would be done via HTTP status code 302 with an empty response body, as the target location is defined in the
Location response header.
var keyword is optional when declaring variables so it can be omitted in all cases.
var are considered global variables. And we don’t want a crapload of global variables running around the place, right?
jQuery developers would be familiar with this fact due to the frequent use of closures in the said framework.
Ajax will prevent you from performing other actions until the Ajax action is completed.
You are limited to using XML in Ajax.
You cannot change the values of a class variable.
Class variables are just like any variables, they can be modified unless declared as constant.
Of course, I still had to make the applicant explain what class variables and instance variables are to check their overall skill level.
Constructors are instance methods.
Constructors act upon instances of the class, and as such, can be considered as instance methods.
What I’d love to see is for someone to argue that they are class methods. Knowing the difference between instance and class methods can turn an Advanced Beginner to a Competent developer in my book.
Polymorphism refers to the ability to define functions to have different behaviors depending on the passed arguments.
It’s another trick question, as most Novices would not know the difference between the two (or even know how to properly use polymorphism).
High cohesion and loose coupling can improve coding speed.
Anyway, the answer depends on the definition of “coding speed”. If it talks about coding from scratch, high cohesion and loose coupling would slow down coding as it requires the generation of more classes than would the opposite approach. If it talks about overall coding time, which includes addition of new features and maintenance, then yes, it will improve coding speed due to the isolation of changes preventing more bugs from creeping into the system.
You can combine the features of two classes via inheritance.
Technically, inheritance can combine the features from a parent class with the features of the new subclass.
But if you have two different classes that you need to combine, say a
Car class and a
Person class, it would not be good to let the
Person class inherit the
Car class as it would violate the Liskov substitution principle. In those cases, it’s better to use aggregation instead of inheritance.
Encapsulation is primarily used for security reasons.
While it is true that hiding the internals of a class is one of the reasons why encapsulation is used (e.g. preventing other classes from messing with variables that might screw up the application), one could argue that, on a larger scale, encapsulation’s enforcement of contracts between objects is more important.
And there you have it, 30 questions with no definite answers. Don’t even bother using this as a reviewer when applying for a job in a local IT company; I’ll bet 99% of companies won’t even bother with this type of (hard-to-check) exam.