web programming 2sesii20092010 final exam

BTCI 5103 / BTRW 4113 SEPTEMBER 2009

SECTION A

Marks: 40

Answer ALL questions in the answer sheet provided.

1. Write the command (in PHP) to connect to a database named myDB that

resides in 172.16.12.3, using the username root and the password dbserv.

Check whether the connection is successful.

(4 marks)

Questions 2 and 3 are based on the Figure 1.

Figure 1: The tableInfo structure.

2. Write the SQL command to fetch records with fields involved are only

firstname, gender and email, where the gender only “Male”.

(4 marks)

3. Write the PHP script to display all the records resulted from the SQL query in

question 2.

(4 marks)

4. You need to create an option list (combo box) using one of the HTML input

element. The option list must contain the list of years from 1900 until the

current year (2009). Write the combination of HTML codes and the PHP script

to create the option list, using one repetition statement.

(4 marks)

SULIT

2


5. Explain the term session in server side programming approach. What is the

main benefit from implementing the session?

(4 marks)

6. The diagram in Figure 2 is the 3-tier application architecture for database

driven website. Discuss the functions of each layer, and define the necessary

tools involved.

(10 marks)

Figure 2: 3-tier application architecture.

7. Define SQL injection, and why it is dangerous to our web application?

(4 marks)

8. Explain two approaches of minimizing SQL injection threat.

(6 marks)

SULIT

Database

HTTP request

Web page

Data request

Records

Web server & middleware

client middle ware database

3


SECTION B

Marks: 40

Answer any TWO questions in the answer sheet provided.

Question 1

Figure 3 is a table named BookInfo extracted from a database named Library. Use

the table to answer this question.

Figure 3: Table BookInfo

Let say a user would like to find a book on security but you do not know the

complete title of the book. However he remembers that the book is published by

John Wiley on 2004.

Create a search application to facilitate the user to find the book he needs. The

search form receives the part of the book’s title, the publisher and the year

published. It also has a submit button. When the user key-in all the information, and

click the submit button, the result of the book search will appear at the bottom of the

form.

(20 marks)

SULIT

4


Question 2

Figure 4 is a table named EMPLOYEE extracted from a database named

MYCOMPANYHR. Use this table to answer all the questions.

Figure 4: Table EMPLOYEE

a. Develop the complete HTML form to insert a new employee to the

EMPLOYEE table. Include all fields appeared in Figure 4.

(10 marks)

b. The following codes are used to insert all the fields from the HTML form to the

database. However there are mistakes in SQL command. Identify the

mistakes and do the necessary corrections.

$sql=”insert to table (

employee number, full name, department, phone number, e-

mail)

values ($empno, $fullname, $dept, $phoneno, $email)”;

(5 marks)

c. Use the right PHP statements to extract all the information from the form in

(a), and use the corrected SQL command in (b) to insert the information to the

table.

(5 marks)

SULIT

5


Question 3

Develop a PHP page to receive all the information from the form in Figure 6. Insert

all the information to the database in Figure 5. The password must be encoded using

md5 function before being inserted to the database. Display the member’s

information (inside a table) in this page, except the password.

Database connection: host=localhost, username=root, password=abc123.

(20 marks)

Figure 5: The membership form.

Figure 6 : The structure of database itclub.

SULIT

6

web programming 2sesii20092010 final exam

Documents