Scribd
Upload
2K views4 pages

Web Programming Final Exam 2009

This document is a final exam for a Web Programming course taken on February 11, 2009 at the University of Palestine. The exam consists of 3 parts - short answer questions, multiple choice, and a programming problem. The programming problem involves building an employee management system with PHP and MySQL to add new employees to a database, with validation on the frontend and backend. Code is required to validate a user form with JavaScript, validate and process the form submission with PHP, and insert valid data into the database tables. Error handling using try/catch is recommended.

Uploaded by

Raja Salman
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
2K views4 pages

Web Programming Final Exam 2009

This document is a final exam for a Web Programming course taken on February 11, 2009 at the University of Palestine. The exam consists of 3 parts - short answer questions, multiple choice, and a programming problem. The programming problem involves building an employee management system with PHP and MySQL to add new employees to a database, with validation on the frontend and backend. Code is required to validate a user form with JavaScript, validate and process the form submission with PHP, and insert valid data into the database tables. Error handling using try/catch is recommended.

Uploaded by

Raja Salman
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
  • Exam Introduction and Questions
  • Employees Affairs System
  • Exam Requirements and Notes

University of Palestine, Web Programming Final Exam, 11 February 2009.

Page 1 of 4
University of Palestine
Faculty of Applied Engineering and Urban Planning
Software Engineering Department

Date:.WED,11.02.09 | 9:00-11:30
Web Programming Final Exam
Course:
Name and ID: ESGD4119 | Web Programming |
Instructor Name: Mohammad Amin Kuhail
Exam:
Type: Final Exam.
Number of Questions: 3.
Date :WED,11.02.09.
CJO: Closed Exam.
Grade: 100 marks.
Duration: 2.5 Hrs.
Location:.
Dictionary Allowed: No.


Student:

Student Name:
Student ID:

1. Answer the following questions: [20 Marks: 10/Q ]

1. HTTP is a stateless protocol. That is, it doesnt allow servers to keep clients state. However,
sessions and cookies were developed to tackle this issue. Explain.
2. Compare GET and POST in terms of method of sending information, usage, and limitations.
Give a simple example in both cases.

2. Choose the correct answer: [ 30 Marks ]

1. Inside which HTML element do we put the JavaScript?
a) <script>
b) <js>
c) <javascript>
d) <scripting>

2. Where is the correct place to insert a JavaScript?
a) The <body> section
b) Both the <head> section and the <body> section are correct
c) The <head> section
d) None of the above.

3. What is the correct way to write a JavaScript array?
a) var txt = new Array("tim","kim","jim")
b) var txt = new Array:1=("tim")2=("kim")3=("jim")
c) var txt = new Array(1:"tim",2:"kim",3:"jim")
d) var txt = new Array="tim","kim","jim"

4. All variables in PHP start with which symbol?
a) &
b) !
c) $
d) #




University of Palestine, Web Programming Final Exam, 11 February 2009.
Page 2 of 4
5. What is the correct way to include the file "[Link]" ?
a) <!--include file="[Link]"-->
b) <% include file="[Link]" %>
c) <?php include_file("[Link]"); ?>
d) <?php require("[Link]"); ?>

6. What is the correct way to create a function in PHP?
a) function myFunction()
b) new_function myFunction()
c) create myFunction()
d) None of the above.

7. To call an object obj function foo within the object itself:

a) $[Link]()
b) $obj->foo()
c) a+b
d) $this->foo()

S. The final visibility means that the method or the class is accessed:

a) From any scope but cant be overridden.
b) From within the class where it is defined.
c) From within the class where it is defined and its descendants.
d) From any scope.

9. Escaping output means:

a) Ensures the validity of data coming into the web application.
b) Uses whitelist approach.
c) Uses blacklist approach.
d) Protect the system and its users from potentially harmful attacks.

10. To tackle the spoofed forms attack:

a) Use client side validation.
b) Use SSL secure connection.
c) Use server side validation.
d) Escape your output.














University of Palestine, Web Programming Final Exam, 11 February 2009.
Page 3 of 4
3. Employees Affairs System [50 Marks ]

Figure 1 shows a part of the database of the Employee Affairs System of the University
of Palestine. It simply contains two related tables; employees and departments where
one employee can work in one department, and one department can contain many
employees. Figure 2 shows two web pages we consider. The first one titled as
[Link]. The second is [Link]. Figure 3 shows an HTML source of the
page [Link].


Figure 1: System ER diagram


Figure 2: System pages


Figure 3: HTML Code of [Link]

php
[Link]
php
[Link]
Employee Department
Works in
* 1
name ID
gender
ID
name
1. <html>
2. <body>
3. <form method="POST" action="[Link]">
4. Name:<input type="text" name="name" size="20">
5. <br/>
6. ID:<input type="text" name="ID" size="20">
7. <br/>
8. Department:<select size="1" name="department"></select>
9. <br/>
10. Gender: <select size="1" name="gender">
11. <option selected value="Male">Male</option>
12. <option>Female</option>
13. </select>
14. <br/>
15. <input type="submit" value="submit" name="Submit"><input
type="reset" value="reset" name="reset">
16. </form>
17. </body>
18. </html>

University of Palestine, Web Programming Final Exam, 11 February 2009.
Page 4 of 4

Assumptions:

- Your mysql database is installed and ready to use.
- The main DB server name is SE.
- Username and password are admin,yes accordingly.
- The DB name you need to select is named as WEB.

Notes:

- Your solution MUST handle errors using try and catch exception mechanism.
- It is recommended you provide an object oriented solution.


Requirements:

1) [10 Marks ] Write a Javascript code to verify the [Link] form based on the
following elements:
- All values must not be empty.
- Gender values must be either male or female.
- ID must be numeric number.

2) [10 Marks ] Write a php code that does the verification elements mentioned in 1 in
addition to the following:
- Name value must be alphabetic.
- ID must be obtained from the department table.

3) [30 Marks ] Write a php code that adds values inserted in the form of [Link]
to the system database. This php code shall be encapsulated within [Link].
A success message shall be shown when added successfully. Otherwise, a failure
message should be shown accompanying the error type.




@,8g. l>.l; S o l,.o: u,b go

Common questions

Powered by AI

Escaping output protects a web application from potentially harmful attacks such as XSS by ensuring that any data rendered by a client-side script is treated as data, not executable code . It is essential for protecting the integrity and security of user data and the server environment.

A PHP script can query the department table using SQL, filtering results based on a given user attribute like department name. By executing this query, the script retrieves user ID data, which can then be cross-referenced or validated against input entries to ensure only valid, existing IDs are processed.

Server-side validation complements the use of sessions and cookies by adding an extra layer of security, ensuring that data integrity is not compromised when transferred between client and server. While sessions and cookies manage state, server-side validation checks ensure the data's authenticity and legality before storing or using it.

Strategies include setting up notification variables that capture success or error messages based on the transaction result, using session or localized variables to hold these messages temporarily. Upon form submission, redirecting users to feedback pages or displaying inline notices within the same page interface are effective methods.

Escaping output contributes by ensuring that any data injected into forms through malicious means does not execute within the application context, thus mitigating potential exploitation. Although not a comprehensive solution against spoofed forms, it forms part of a defense-in-depth strategy by sanitizing user input.

The GET method appends data to the URL, making it visible and limited in length, suitable for non-sensitive data retrieval. Conversely, POST sends data in the request body, offering more security and capacity, making it suitable for submitting form data. GET is idempotent, meaning repeated requests have the same effects, unlike POST, which can have different outcomes.

The correct way to include a file in PHP is using `<?php require("time.inc"); ?>`. This method is preferred because 'require' will trigger an error if the file is not found and stops the script execution, ensuring that essential files are successfully included.

Sessions and cookies provide mechanisms to store state information in web applications to overcome the stateless nature of HTTP. Sessions store data on the server side and can maintain state by associating a session identifier with each client. Cookies are small data files stored on the client side, allowing servers to keep track of user information across multiple requests.

Gender values in JavaScript can be verified by checking if the input value matches predefined valid options, like 'male' or 'female', using conditional statements. This step is necessary to ensure data uniformity, prevent inaccurate user data entry, and avoid potential processing errors downstream in the application.

Error handling using try and catch allows a developer to gracefully manage runtime errors, improving reliability by ensuring that a web application can respond appropriately and inform the user of issues without crashing. This approach isolates error scenarios and reduces the risk of security vulnerabilities related to unchecked errors.

You might also like