Web Programming 2 Sesiii20082009 Set2

BTCI 5103/BTRW 4113/TRP4013

FEBRUARY 2009 SECTION A Marks: 40

Answer ALL questions in the answer sheet provided. 1.

Write the command (in PHP) to connect to a database named myDB that resides in 172.16.12.3, using the username root and the password dbserv. Check whether the connection is successful. (4 marks)

Questions 2-3 are based on the Figure 1.

Figure 1: Screen capture of a tableInfo structure. 2.

Write the SQL command to fetch records with fields involved are only firstname, gender and email, where the gender only “Male”. (4 marks)

3.

Write the PHP script to display all the records resulted from the SQL query in question 2. (4 marks)

4.

Explain the term session in server side programming approach. What is the main benefit from implementing the session? (4 marks) 2

SULIT

BTCI 5103/BTRW 4113/TRP4013 5.

FEBRUARY 2009

You need to create an option list (combo box) using one of the HTML input element, select. The option list must contain the list of years from 1900 until the current year (2009). Write the combination of HTML codes and the PHP script to create the option list, using one repetition statement. (4 marks)

6.

The diagram in Figure 2 is the 3-tier application architecture for database driven website. Discuss the functions of each layer, and define the necessary tools involved. (10 marks)

Web page

HTTP request

Records

Database Web server & middleware

Client

Data request

middle ware

database

Figure 1: 3-tier application architecture.

7.

Define SQL injection, and why it is dangerous to our web application? (4 marks)

8.

Explain two approaches of minimizing SQL injection threat. (6 marks) 3

SULIT

BTCI 5103/BTRW 4113/TRP4013

FEBRUARY 2009 SECTION B Marks: 40

Answer only TWO questions in the answer sheet provided. Question 1 Companies can opt to host their web applications internally or rent a space from a web hosting provider. Renting web hosting is the popular option, and normally it’s cheap. a.

Explain the procedures to acquire domain name and web spaces from the web hosting provider. (10 marks)

b.

Discuss the specification of a web hosting in terms of the web server, database server, bandwidth limit and etc for your database driven web application. (10 marks)

Question 2 Figure 3 is a table named BookInfo extracted from a database named Library. Use this table to answer all the questions.

4 SULIT

BTCI 5103/BTRW 4113/TRP4013

FEBRUARY 2009

Figure 3: Table BookInfo a.

Develop an SQL command to list all the books written by Matt Bishop which are published from year 2000 until 2004 and the title contain “security”. (6 marks)

b.

Write the SQL commands to insert a new records with the following information; ISBN = 0764549553, title=PHP Bible, author=Tim Converse, publisher=John Wiley, year=2004. (2 marks)

c.

What does primary key mean? Which one of the fieldnames in the table BookInfo is the primary key? (3 marks)

d.

Let say you would like to find a book on security but you do not know the complete title of the book. However you remember that the book is published by John Wiley on 2004. Write your SQL command to search for your book and execute the SQL command by using the right PHP function. (5 marks)

5 SULIT

BTCI 5103/BTRW 4113/TRP4013 e.

FEBRUARY 2009

Write the SQL command to change all the books published by the “John Wiley” to “John Wiley and Sons”. Execute the SQL command by using the right PHP function. (4 marks)

Question 3 Figure 4 is a table named EMPLOYEE extracted from a database named MYCOMPANYHR. Use this table to answer all the questions.

Figure 4: Table EMPLOYEE a.

Develop the complete HTML form to insert a new employee to the EMPLOYEE table. Include all fields appeared in Figure 4. (10 marks) 6

SULIT

BTCI 5103/BTRW 4113/TRP4013

b.

FEBRUARY 2009

The following codes are used to insert all the fields from the HTML form to the database. However there are mistakes in SQL command. Identify the mistakes and do the necessary corrections. $sql=”insert to table ( employee number, full name, department, phone number, e-mail) values ($empno, $fullname, $dept, $phoneno, $email)”; $rs=mysqli_query($db, $sql);

(10 marks)

7 SULIT