BTCI 5103 / BTRW 4113 SEPTEMBER 2009

SECTION A
Marks: 40

Answer ALL questions in the answer sheet provided.

1. Write the command (in PHP) to connect to a database named myDB that
resides in 172.16.12.3, using the username root and the password dbserv.
Check whether the connection is successful.
(4 marks)

Questions 2 and 3 are based on the Figure 1.

Figure 1: The tableInfo structure.

2. Write the SQL command to fetch records with fields involved are only
firstname, gender and email, where the gender only “Male”.
(4 marks)

3. Write the PHP script to display all the records resulted from the SQL query in
question 2.
(4 marks)

4. You need to create an option list (combo box) using one of the HTML input
element. The option list must contain the list of years from 1900 until the
current year (2009). Write the combination of HTML codes and the PHP script
to create the option list, using one repetition statement.
(4 marks)

2
SULIT
BTCI 5103 / BTRW 4113 SEPTEMBER 2009

5. Explain the term session in server side programming approach. What is the
main benefit from implementing the session?
(4 marks)

6. The diagram in Figure 2 is the 3-tier application architecture for database

driven website. Discuss the functions of each layer, and define the necessary
tools involved.
(10 marks)

Web page

HTTP request

Records

Database
Data
Web server & request
middleware

client middle ware database

Figure 2: 3-tier application architecture.

7. Define SQL injection, and why it is dangerous to our web application?

(4 marks)

8. Explain two approaches of minimizing SQL injection threat.

(6 marks)

3
SULIT
BTCI 5103 / BTRW 4113 SEPTEMBER 2009

SECTION B
Marks: 40

Answer any TWO questions in the answer sheet provided.

Question 1

Figure 3 is a table named BookInfo extracted from a database named Library. Use
the table to answer this question.

Figure 3: Table BookInfo

Let say a user would like to find a book on security but you do not know the
complete title of the book. However he remembers that the book is published by
John Wiley on 2004.

Create a search application to facilitate the user to find the book he needs. The
search form receives the part of the book’s title, the publisher and the year
published. It also has a submit button. When the user key-in all the information, and
click the submit button, the result of the book search will appear at the bottom of the
form.
(20 marks)

4
SULIT
BTCI 5103 / BTRW 4113 SEPTEMBER 2009

Question 2

Figure 4 is a table named EMPLOYEE extracted from a database named

MYCOMPANYHR. Use this table to answer all the questions.

Figure 4: Table EMPLOYEE

a. Develop the complete HTML form to insert a new employee to the

EMPLOYEE table. Include all fields appeared in Figure 4.
(10 marks)

b. The following codes are used to insert all the fields from the HTML form to the
database. However there are mistakes in SQL command. Identify the
mistakes and do the necessary corrections.

$sql=”insert to table (
employee number, full name, department, phone number, e-
mail)
values ($empno, $fullname, $dept, $phoneno, $email)”;
(5 marks)

c. Use the right PHP statements to extract all the information from the form in
(a), and use the corrected SQL command in (b) to insert the information to the
table.
(5 marks)

5
SULIT
BTCI 5103 / BTRW 4113 SEPTEMBER 2009

Question 3

Develop a PHP page to receive all the information from the form in Figure 6. Insert
all the information to the database in Figure 5. The password must be encoded using
md5 function before being inserted to the database. Display the member’s
information (inside a table) in this page, except the password.

Database connection: host=localhost, username=root, password=abc123.

(20 marks)

Figure 5: The membership form.

Figure 6 : The structure of database itclub.

6
SULIT