web programming 2 sesiii20082009 set2

BTCI 5103/BTRW 4113/TRP4013 FEBRUARY 2009

SECTION A

Marks: 40

Answer ALL questions in the answer sheet provided.

1. Write the command (in PHP) to connect to a database named myDB that

resides in 172.16.12.3, using the username root and the password dbserv.

Check whether the connection is successful.

(4 marks)

Questions 2-3 are based on the Figure 1.

Figure 1: Screen capture of a tableInfo structure.

2. Write the SQL command to fetch records with fields involved are only

firstname, gender and email, where the gender only “Male”.

(4 marks)

3. Write the PHP script to display all the records resulted from the SQL query in

question 2.

(4 marks)

4. Explain the term session in server side programming approach. What is the

main benefit from implementing the session?

(4 marks)

SULIT

2


5. You need to create an option list (combo box) using one of the HTML input

element, select. The option list must contain the list of years from 1900 until

the current year (2009). Write the combination of HTML codes and the PHP

script to create the option list, using one repetition statement.

(4 marks)

6. The diagram in Figure 2 is the 3-tier application architecture for database

driven website. Discuss the functions of each layer, and define the necessary

tools involved.

(10 marks)

Figure 1: 3-tier application architecture.

7. Define SQL injection, and why it is dangerous to our web application?

(4 marks)

8. Explain two approaches of minimizing SQL injection threat.

(6 marks)

SULIT

Database

HTTP request

Web page

Data request

Records

Web server & middleware

Client middle ware database

3


SECTION B

Marks: 40

Answer only TWO questions in the answer sheet provided.

Question 1

Companies can opt to host their web applications internally or rent a space from a

web hosting provider. Renting web hosting is the popular option, and normally it’s

cheap.

a. Explain the procedures to acquire domain name and web spaces from the

web hosting provider.

(10 marks)

b. Discuss the specification of a web hosting in terms of the web server,

database server, bandwidth limit and etc for your database driven web

application.

(10 marks)

Question 2

Figure 3 is a table named BookInfo extracted from a database named Library. Use

this table to answer all the questions.

SULIT

4


Figure 3: Table BookInfo

a. Develop an SQL command to list all the books written by Matt Bishop which

are published from year 2000 until 2004 and the title contain “security”.

(6 marks)

b. Write the SQL commands to insert a new records with the following

information;

ISBN = 0764549553, title=PHP Bible, author=Tim Converse, publisher=John

Wiley, year=2004.

(2 marks)

c. What does primary key mean?

Which one of the fieldnames in the table BookInfo is the primary key?

(3 marks)

d. Let say you would like to find a book on security but you do not know the

complete title of the book. However you remember that the book is published

by John Wiley on 2004.

Write your SQL command to search for your book and execute the SQL

command by using the right PHP function.

(5 marks)

SULIT

5


e. Write the SQL command to change all the books published by the “John

Wiley” to “John Wiley and Sons”. Execute the SQL command by using the

right PHP function.

(4 marks)

Question 3

Figure 4 is a table named EMPLOYEE extracted from a database named

MYCOMPANYHR. Use this table to answer all the questions.

Figure 4: Table EMPLOYEE

a. Develop the complete HTML form to insert a new employee to the

EMPLOYEE table. Include all fields appeared in Figure 4.

(10 marks)

SULIT

6


b. The following codes are used to insert all the fields from the HTML form to the

database. However there are mistakes in SQL command. Identify the

mistakes and do the necessary corrections.

$sql=”insert to table (

employee number, full name, department, phone number, e-mail)

values ($empno, $fullname, $dept, $phoneno, $email)”;

$rs=mysqli_query($db, $sql);

(10 marks)

SULIT

7

web programming 2 sesiii20082009 set2

Documents