University of Palestine, Faculty of IT and Software Engineering Department, Web Programming Final Exam, , 29 April 2008.

University of Palestine Faculty of Information Technology Faculty of Applied Engineering and Urban Planning Software Engineering Department

Date: Tuesday, 29 April 2008, 12:30-15:00

Web Programming Final Exam

1. Answer the following questions:

1. 2. 3.

[ 5 Marks ] [ 5 Marks ]

Compare methods GET and POST in terms of usage, advantages, and disadvantages. Give Examples. 4. [ 5 Marks ] HTTP is a stateless protocol. That is, it doesnt know about the status of its users. It is possible, however, to enable your HTTP based web server to know its client. How? 5. [ 5 Marks ] Discuss why it is important to clean data that is sent to your web application by users.
[ 5 Marks ]

mean?

Mention five web usability guidelines. PHP is a free open source server side programming language. What does that

2. Choose the correct answer: 1. [ 2 Marks ] Choose the correct HTML tag to make a text italic

[ 30 Marks ]

(a) <italics> (b) <i> (c) <ii>

(a) (b) (c) (d) sheet?

<table><tr><td> <table><tr><tt> <table><head><tfoot> <thead><body><tr>

3. [ 2 Marks ] Where in an HTML document is the correct place to refer to an external style

(a) (b) (c) (d)

At In At In

the the the the

end of the document <body> section top of the document <head> section

Page

1 of 6

University of Palestine, Faculty of IT and Software Engineering Department, Web Programming Final Exam, , 29 April 2008.

4. [ 2 Marks ] How do you add a background color for all <h1> elements?

(a) all.h1 {background-color:#FFFFFF} (b) h1 {background-color:#FFFFFF} (c) h1.all {background-color:#FFFFFF}

(a) (b) (c) (d)

msgBox("Hello World") alertBox("Hello World") alert("Hello World") alertBox="Hello World"

6. [ 2 Marks ] Where is the correct place to insert a JavaScript?

(a) Both the <head> section and the <body> section are correct (b) The <head> section (c) The <body> section
7. [ 2 Marks ] What does PHP stand for?

(a) (b) (c) (d)

Private Home Page PHP: Hypertext Preprocessor Personal Home Page Personal Hypertext Processor

8. [ 2 Marks ] The PHP syntax is most similar to:

(a) Perl and C (b) JavaScript (c) VBScript

method?

(a) Request.QueryString; (b) Request.Form; (c) $_GET[];

(a) False (b) True

Page

2 of 6

University of Palestine, Faculty of IT and Software Engineering Department, Web Programming Final Exam, , 29 April 2008.

11. [ 2 Marks ] What is the correct way to connect to a MySQL database?

(a) (b) (c) (d)

mysql_open("localhost"); mysql_connect("localhost"); dbopen("localhost"); connect_mysql("localhost");

12. [ 2 Marks ] Which one of these variables has an illegal name?

(a) $my-Var (b) $my_Var (c) $myVar

applications because:

(a) Whitelist approach is always updated with users hacks. (b) Blacklist approach is widely known to all hackers. (c) Whitelist approach allows users to valid input data that is enforced by its rules.
14. [ 2 Marks ] One of the techniques that is used to protect your web applications against global variables attacks is:

(a) (b) (c) (d)

Input filtering of global variables. Initializing global variables in your scripts. Enforcing the use of session global variables rather than cookies. The use of the whitelist approach techniques.

15. [ 2 Marks ] In Web Usability Testing, feedback from users is taken:

(a) (b) (c) (d)

Before using your website. While using your website. After using your website. All above mentioned.

Page

3 of 6

University of Palestine, Faculty of IT and Software Engineering Department, Web Programming Final Exam, , 29 April 2008.

3. PHP+mySQL: E-commerce Simple Web Application

[ 50 Marks ]

Description: Figures 1 and 2 show two pages that form a simple e commerce application. The main functionality users achieve by using this application is buying products. For users to do so, they must first login using the authentication page in figure 1. The application then compares the username and passwords entered with the ones in the database. If they are valid, users are then forwarded to the buy page. Users can choose one of the products listed in the menu. A product is successfully bought once users click buy, and a message is sent to the user telling him that the product was successfully bought. Kindly note that the HTML source code of these two pages is listed in figure 5, and 6. Application Database:
Figures 3 shows an ER diagram as well as the tables of the application database. This application mainly contains two entities; users and products. Users, the ones who use the system. Their attributes are only id and password. Products, on the other hand, are the items that users buy through the system. These could be anything: laptops, cars, etc. A User can obviously buy many items. And An item type can be bought by many users. To illustrate the ER diagram consider the tables that realize this design. These tables are: user, buy, and product. Bought items are saved in buy table. Also please note that I have included sample data for you to start with(See figure 4). Please assume that the database is already created for you, and that you only have to use it. The database information is as follows: Location: localhost Username: root Password: yes Database name: ecommerce. Table names: user, buy, and product.

Requirements: 1. 2. 3. 4. 5. 6. You will be given 20 bonus marks if you use exceptions as well as object oriented php classes successfully in your solution for the points below. [ 10 Marks ] Write a php script that connect the application to the database. [10 Marks ] Write a php script that checks validity of the provided username and password in login.php. If they are valid, forward the user to buy.php page. Else, tell the user that they are invalid and forwards him to the login.php page to try again. [10 Marks ] The list of products that users shall buy is coming from the drop down menu in page buy.php. When the page first is loaded, the products in the menu are taken from the table product. Write a php script that achieves this. [ 10 Marks ] Write a php script that enables users to buy a product once a buy button is pressed in page buy.php. A message shall be shown to the user notifying him of success or failure after performing the job. [ 10 Marks ] Write a php script that validates data that is coming from the authentication form in page login.php.
[ BONUS 20 Marks ]

Page

4 of 6

University of Palestine, Faculty of IT and Software Engineering Department, Web Programming Final Exam, , 29 April 2008.

Notes: If the above mentioned description is not enough or clear, make sure you write down any assumptions you make.
Once username and password are valid

Figure 1: Authentication Page

Figure 2: Buy Page

Figure 3: ER Diagram for the application database

Figure 4: Tables of the application database with initial data

Page

5 of 6

University of Palestine, Faculty of IT and Software Engineering Department, Web Programming Final Exam, , 29 April 2008.

1. <html> 2. <body> 3. <form method="POST" action="buy.php"> 4. <label>User Name:</label> 5. <input type="text" name="userName" size="10"> 6. <br/> 7. <label>Password:</label> 8. <input type="password" name="password" size="10"> 9. <input type="submit" value="submit" name="submit"> 10. <input type="reset" value="reset" name="reset"> 11. </form> 12. </body> 13. </html> Figure 5: Authentication page HTML source code (login.php)

1. <html> 2. <head> 3. <body> 4. <form method="POST" action="buy.php"> 5. <select> 6. <option value ="first_value">Select your product</option> 7. </select> 8. <input type="submit" value="Buy" name="submit"> 9. </form> 10. </body> 11. </html> Figure 6: Buy page HTML source code (buy.php)

Page

6 of 6