티스토리 뷰
Module 1
Internet and the Web are not the same thing – the Web is a series of hyperlinked documents residing on the Internet
Many protocols exist on the Internet, including HTTP, FTP, SMTP, POP3, TELNET...
An IP address uniquely identifies computers on the Internet
Domain names provide a human-readable abstraction of IP addresses. Consist of TLDs, ccTLDs, SLDs, subdomains... DNS resolves domain names to IP addresses
3-tier client-server model involves client, Web server (and scripting language) and database server
Describe what HTTP, FTP, SMTP, POP3 and TELNET are for
- HTTP (Hyper Text Transfer Protocol): Transfers documents over the Web
- FTP (File Transfer Protocol): Used for file transfer, not as widely used as it once was, but important in web dev
- SMTP (Simple Mail Transfer Protocol): Used to transmit emails over the Internet
- POP3 (Post Office Protocol 3): Used by local email applications to retrieve emails from a remote server
- TELNET: Allows for command line access to a remote computer/device, usually for administrative purposes
Identify all parts of some URLs for your favourite Websites, including TLD, ccTLD, subdomains, GET data, etc…
- www(host name).example(Third-level domain).org(Second-level domain).au(TLD(ccTLD))
Draw and annotate the 3-tier client-server model
-
- Client: The user’s side, typically a web browser.
- Server/Logic: The Web server and associated scripting languages capable of programmatic logic and processing.
- Data: The database server, which stores data.
Describe the purpose of a Domain Name Server, DNS Client/Resolver, Root Name Server and DNS Cache Server
- DNS Resolver (a.k.a. DNS client) can contact DNS servers to lookup a name. Used by browsers, e-mail clients, and client utilities such as ping and tracert
- Name Server (a.k.a. DNS server) supports name-to-address and address-to-name resolution
- Addresses are resolved by DNSs querying higher level DNSs as needed – Root Name Servers resolve TLDs.
- DNS Cache Servers store DNS results temporarily to improve efficiency – often deployed by ISPs. Forwarding Servers relay between cache servers and DNS
Module 2
Relational database server (RDBMS) offers database functionality to Web applications. Scripts in the Web app send queries to the DB server and receive a response. Queries written in SQL to retrieve and manipulate data
Relational databases are normalised, reducing redundancy. Primary and foreign keys used to create relationships. Auto-incrementing integers for primary keys
Application code or database to enforce integrity of data
Lookup tables used to generate dynamic drop down lists
Identify the most appropriate data types/lengths for:
A person’s age, in years
- CHAR(3)
The title of a book
- VARCHAR(50)
A person’s height, in metres
- FLOAT(3)
A unit code
- CHAR(7)
Design a database for a student enrolment system, which contains details of students, units, courses, enrolments and enrolment statuses
Identify the tables needed and their columns
Student: StudentID, StudentNum, courses, StudentName. Units: UnitID, UnitCode, Course, UnitName. Enrolment: EnrolmentID, UnitID, StudentID.
Identify the primary and foreign key relationships
- A primary key in each table uniquely identifies each record
- Foreign keys bring the relationships together across tables
Try to identify some other likely lookup tables
- Website user details.
Implement the database in MySQL via phpMyAdmin
- Consider portability
Module 3
XHTML form elements – text field, radio button, check box, text area, drop down list, hidden field, text area, etc. Use of labels for greater usability and accessibility
Form declaration – method, action, onsubmit, etc. The difference between GET and POST
Processing a submitted form using PHP - $_POST, $_GET...
Validating a form using JavaScript and/or PHP. Pros and cons of client-side and server-side validation
Create an XHTML page containing a form allowing you to input all the details of a book, video game, album or movie. Be sure to include a range of different fields – e.g. Radio buttons for rating, check boxes for console version availability...
- <input type="radio" name="rating" value="1" /> 1
- <input type="radio" name="rating" value="2" /> 2
- <input type="radio" name="rating" value="3" /> 3
- <input type="radio" name="rating" value="4" /> 4
- <input type="radio" name="rating" value="5" /> 5
- <p>Console version availability</p>
- <input type="checkbox" name="console" value="yes" /> Yes
Write a JavaScript validation function to validate the form. Validate numbers/dates (release date), etc
- function ValidateForm()
- {
- if (isNaN(document.newform. rating.value))
- {
- alert('The rating field needs to be numeric');
- return false;
- }
- }
Write a PHP page to display the submitted form content. Include validation in PHP
- <?php
- // validation
- if(!is_numeric($_POST['rating']))
- {
- echo 'The rating field needs to be numeric.';
- exit;
- }
-
- // display
- echo 'The ratings '.$_POST['rating'].' are submitted.';
-
- ?>
Module 4
After a form is filled in and submitted by the user and passes validation, it is processed by the server. PHP code in the file the form submits to is executed, typically resulting in the form content being inserted into the database. Forms can also be used for editing data – form is pre-populated with current data, validated as normal, then updated in database
Deleting data should always require confirmation (can’t undo)
IDs (relating to PKs in database tables) can be added to links as GET data or in hidden fields to pass them between pages
Search functions involve generating a query that uses LIKE and wildcards (%) to match partial strings
Create a database and table to store the form details from Module 3’s review task, and then write PHP code to insert the form data into the database table
- CREATE DATABASE moviedb;
- CREATE TABLE 'movies' ('rating' int(5) NOT NULL);
- $query = "INSERT INTO movies SET rating='".$_POST['rating']."'";
- $db->query($query);
Write a PHP page to view the title/name of all the books, games, albums or movies in the database. Write another page to show the full details of one item
- <?php
- @$db = new mysqli('localhost', 'root', '', 'moviedb');
- $query = "SELECT * FROM movies";
- $result = $db->query($query);
-
- echo 'list of movies: ';
-
- for($row = $result->fetch_assoc())
- {
- echo $row['moviename'].'<br />';
- }
- ?>
- <?php
- @$db = new mysqli('localhost', 'root', '', 'moviedb');
- $query = "SELECT * FROM movies WHERE movieid = '".$_GET['movieid']."'";
- $result = $db->query($query);
-
- echo '<table><tr><td>Movie name</td><td>Rating</td></tr>';
-
- for($row = $result->fetch_assoc())
- {
- echo '<tr><td>$row['moviename']</td><td>$row['rating']</td></tr>';
- }
-
- echo '</table>
-
- ?>
Write a PHP page to edit/update the details of an item
- <?php
- @$db = new mysqli('localhost', 'root', '', 'moviedb');
-
- if(isset($_POST['moviename']))
- {
- $moviename = $_POST['moviename'];
- $rating = $_POST['rating'];
-
- $query = "UPDATE movies SET moviename = '".$moviename."' rating = '".$rating."' WHERE movieid = '".$_GET['movieid']."'";
- $result = $db->query($query);
-
- echo 'Movie detail updated.';
- }
- ?>
- <form name="editForm" action="editmovie.php?movieid=<?php echo $_GET['movieid']; ?>" >
-
- <table>
- <tr>
- <td>Movie name<td>
- <td><input name="moviename" type="text"/></td>
- </tr>
- <tr>
- <td>Rating<td>
- <td><input name="rating" type="text"/></td>
- </tr>
- </table>
- </form>
Add the ability to delete items from the database – make sure there is a confirmation prompt on the delete link
- // delete link
- echo '<a href="listmovies.php?del_id='.$row['movieid'].'" onclick="return confirm(\'Are you sure you want to delete this user?\');">Delete</a>
-
- if(isset($_GET['del_id']))
- {
- $delete_query = "DELETE FROM movies WHERE movieid = '$_GET['del_id']";
- $delete_result = $db->query($delete_query);
- }
Module 5
Code in a PHP page is executed from top to bottom unless a control structure changes this. “if/else/elseif” executes (or doesn’t) code based on the result of a true/false condition. Loops (“while”, “for”, etc) execute code repeatedly while a condition remains true – condition tested in each iteration
Comparisons built from operators (==, >, <, !=, etc) and can be combined with && (and),or (||) and not (!)
Showing data retrieved from the database often involves looping through the rows of a result set
PHP is loose/clever when mixing data types. date() function can format dates. Take database into account when coding
Create a page with a text field and a submit button, and form processing code that uses if/else/elseif statements to…
Tell you if a number was entered into the text field or not
Tell you if the number is positive or negative
Tell you if the number is above 100
Tell you if the number is 100 or below
- <?php
- if(isset($_GET['number']))
- {
- $number = $_GET['number'];
-
- if($number >= 0)
- {
- echo 'The number is positive.<br />';
- }
- else
- {
- echo 'The number is nagative.<br />';
- }
-
- if($number > 100)
- {
- echo 'The number is above 100.<br />';
- }
- else
- {
- echo 'The number is 100 or below.<br />';
- }
- }
- else
- {
- echo 'Submit number to the text field. <br />';
- }
-
- ?>
-
- <!DOCTYPE html>
- <body>
- <form name=NewForm method="get" action="module5.php">
- <p>Number: </p>
- <input type="text" name="number" />
- <input type="submit" />
- </form>
- </body>
Write a loop which echoes the numbers from 1 to 10, skipping 5 and echoing “Lucky 7!” when it gets to 7
- <?php
- for($i = 1; $i <=10; $i++)
- {
- if($i == 5)
- {
- echo '<br />';
- }
- else if ($i == 7)
- {
- echo 'Lucky 7!<br />';
- }
- else
- {
- echo $i.'<br />';
- }
- }
- ?>
Create a page with two text fields and a submit button. If two numbers are entered, the page should echo all the numbers between those numbers when the form is submitted. If numbers are not entered, echo an error message
- <?php
- if(isset($_GET['submit']))
- {
- if(!empty($_GET['num1']) && !empty($_GET['num2']))
- {
- $num1 = $_GET['num1'];
- $num2 = $_GET['num2'];
-
- if($num1 >= $num2)
- {
- $diff = $num1 - $num2;
- }
- else
- {
- $diff = $num2 - $num1;
- }
-
- echo 'The difference beteween '.$num1.' and '.$num2.' is '.$diff;
- }
- else
- {
- echo 'The numbers need to be submitted. <br />';
- }
- }
-
- ?>
-
- <!DOCTYPE html>
- <body>
- <form name="numDiff" method="GET" action="module5-3.php">
- Please enter 2 number: <input type="text" name="num1" />
- <input type="text" name="num2" />
- <input type="submit" name="submit"/>
- </form>
- </body>
Module 6
The Web is a stateless environment – nothing maintained between page requests – much different from desktop apps
Sessions allow for variables to be stored/retained for a client. Variables can be accessed on different pages and persist until the session ends (timeout, destroyed by client or server, etc). Session variables can be used like normal variables
Sessions often used to store authentication details, allowing a user to log in to a Web site and control access to pages. Can check session variables to allow access to pages or pieces of functionality...
Destroying session / session variables
Create a page with a login form – it does not need to hook up to a database. Assume all attempts to log in are invalid, i.e. username/password not found
Using sessions, implement a “3 strikes lockout” feature
When a login is attempted, a session variable is incremented
When it reaches three, the user should be redirected to Google when trying to access the login page
- <?php
- session_start();
-
- if(!isset($_SESSION['logintry']))
- {
- $_SESSION['logintry'] = 0;
- }
-
- if(!empty($_POST['username']))
- {
- echo 'username/password not found<br />';
- $_SESSION['logintry'] += 1;
- if($_SESSION['logintry'] == 3)
- {
- header('Location: http://www.google.com/');
- }
- }
-
- ?>
-
- <!DOCTYPE html>
- <body>
- <form name="3strikes" method="post" action="module6.php">
- <table>
- <tr>
- <td>Username: </td>
- <td><input type="text" name="username" /></td>
- </tr>
- <tr>
- <td>Password: </td>
- <td><input type="password" name="password" /></td>
- </tr>
- <tr>
- <td colspan="2">
- <input type="submit" />
- </td>
- </tr>
- </table>
- </form>
- </body>
Create a page with a text field and a submit button. When the form is submitted, whatever is entered into the text field should be added to the end of a session variable and the whole content of the variable is echoed. With each submission of the form, the new content is added to the end of the old content and displayed
- <?php
- session_start();
- if(isset($_SESSION['str']))
- {
- $input = $_POST['userinput'];
- $_SESSION['str'] .= $input;
- echo $_SESSION['str'].'is your string';
- }
- else
- {
- $_SESSION['str'] = '';
- }
-
- ?>
- <!DOCTYPE html>
- <body>
- <form name="append" method="post" action="module6-2.php">
- User input:
- <input type="text" name="userinput" />
- <input type="submit" />
- </form>
- </body>
Module 7
Sessions can be used for sophisticated things such as a shopping cart which does not require user to be logged in
Tracking client activity on a Web site or application can be valuable, allowing for refinement of layout/structure, placement of ads, user profiling, traffic monitoring, etc. Server page request logs not very informative / sophisticated. Using sessions and database, can store detailed useful info
Events within a Web application should be logged – logins, registrations, adding content, editing content, deleting, etc. Logins (and failed logins) particularly important for security. Balance logging needs/detail with usability and speed/storage. Use a function to simplify logging
Extend the shopping cart example in the Module 7 materials to incorporate the functionality in the workshop
Add a log table to the shopping database, and log events of:
A user adding an item to their cart
- $db->query("INSERT INTO logs SET username='".$_SESSION['uname']."', ip_address='".$_SERVER['REMOTE_ADDR']."', event_info= '".$_POST['item_id']." Has been added. '")
A user updating the quantity of an item in their cart
- $db->query("INSERT INTO logs SET username='".$_SESSION['uname']."', ip_address='".$_SERVER['REMOTE_ADDR']."', event_info= '".$_POST['item_id']." Has been Updated. '")
A user deleting an item from their cart
- $db->query("INSERT INTO logs SET username='".$_SESSION['uname']."', ip_address='".$_SERVER['REMOTE_ADDR']."', event_info= '".$_POST['item_id']." Has been deleted. '")
A user emptying their cart
- $db->query("INSERT INTO logs SET username='".$_SESSION['uname']."', ip_address='".$_SERVER['REMOTE_ADDR']."', event_info='User Has emptied the cart.'")
A user proceeding to the checkout page
- $db->query("INSERT INTO logs SET username='".$_SESSION['uname']."', ip_address='".$_SERVER['REMOTE_ADDR']."', event_info= '".$_POST['item_id']." Has been proceeded to the checkout. '")
Each log should contain the IP address of the user, text describing the event, and a timestamp of when it occurred
Module 8
Functions allow you to write code that does a specific thing, and then re-use the code wherever it’s needed. Consists of a function name, parameters passed to it, code which is executed, and usually data which is returned. Ideally, function is somewhat independent of code that calls it. Efficient, abstracts the workings of a process and simplifies code
Variables are only visible/accessible in their own function. Can refer to external variables using global or $GLOBALS. Superglobals are pre-defined global variables in PHP – include $_POST, $_GET, $_SESSION, $_SERVER...
OOP, uses objects, which consist of properties (data) and methods (functions). Encapsulation hides/protects details. Class defined. Instance of class is an object...
Write and test functions that do the following:
Given a parameter, test that it is a positive number, and if so multiply it by 50 and return the result. Otherwise, return 0
- <?php
- function Multiplyby50(int $i)
- {
- if($i>=0)
- {
- $i *= 50;
- return $i;
- }
- else
- {
- return 0;
- }
- }
- ?>
Given two parameters, return a string of the first parameter concatenated to the end of the second parameter (e.g. if ‘fish’ and ‘cake’ were the parameters, return ‘cakefish’)
- <?php
- function append($str1, $str2)
- {
- $append = $str1.$str2;
- return $append
- }
-
- if(!empty($_POST['str1']))
- {
- $str1 = $_POST['str1'];
- $str2 = $_POST['str2'];
-
- echo append($str1, $str2);
- }
-
- ?>
Given two parameters, check that they are numeric and that the first parameter is smaller than the second. If not, return 0. If so, calculate the percentage that the first parameter is of the second parameter and round it to two decimal places (e.g. if 10 and 30 were the parameters, the result is 33.33) – return the result
- <?php
- function percentage()
- {
- if(!empty($_POST['num1']) || !empty($_POST['mum2']) ||
- is_numeric($_POST['num1']) || is_numeric($_POST['num2']))
- {
- $num1 = $_POST['num1'];
- $num2 = $_POST['num2'];
-
- if($num1 < $num2)
- {
- $percentage = ($num1 / $num2) * 100;
- $percentage = round($percentage, 2);
- return $percentage;
- }
- else
- {
- return 0;
- }
- }
- }
-
- echo percentage();
-
- ?>
Module 9
Quality often lacking in IT projects, leading to loss of money, reputation, life, etc – more testing and better design needed
Quality is about providing a product that fulfils requirements. Must do what it should in an efficient, usable, reliable way
Individual functions combine to make up features – must be tested both independently and when combined. Test all possible inputs, even unexpected/stupid ones. Test usability, consistency, performance, stability, etc
Document project thoroughly – manuals, code comments, etc – do not leave it until last minute / end of project
Write a paragraph explaining the concept of quality in an IT project – how is quality defined in an IT project?
- Quality in IT project can be monitored by percentage of features that work as planned.
Write a few paragraphs explaining the importance of testing in an IT project, how it improves quality, and some of the types of testing that can/should be done
- Regular testing is necessary in IT project to insure certain quality of the project. Types of testing are: unit testing, integration testing, system testing, user acceptance testing.
Go through your assignment code and ensure that you have included comments for complex or hard to follow sections of code. Add a comment to the top of each page and function explaining the purpose of the page or function
Module 10
OS, all servers/services/apps, scripting language, etc must all be secured – keep up-to-date, disable anything unnecessary. Use secure transmission protocols (HTTPS, etc). Configure the environment (servers, OS, etc) for security
DoS, SQL injection and Cross Site Scripting attacks are easy to perform and should be protected against in a Web app
Consequences of insecure environment/app range from annoyance to massive bills/costs to legal issues, etc
Use principle of least privilege – database users should only have access to what is needed, etc
Design and develop Web applications with security in mind
Write a few paragraphs outlining the key steps you would take to secure a Web server and its environment
- Prevent SQL injection.
Outline the concepts of SQL injection and Cross Site Scripting attacks, and name some of the PHP functions that can be used to protect against them
- User directly access to SQL code and mess up with db.
Explain the potential risks of allowing directory listing and the viewing of unrecognised files as text in a Web server
- The names of variables, tables in db are compromised.
Explain the principle of least privilege, and how it can be applied to database and Web application users
- User only should able to have least access to use the website.
Module 11
Failed IT projects cost millions and can be avoided
SDLC provide roadmap from start to end of project – analysis, specs, prototyping, coding, testing, promotion, maintenance...
ISO 9126 quality characteristics – Functionality, Reliability, Usability, Efficiency, Maintainability, Portability
Scope and plan project well. Avoid feature creep. Provide clear and unambiguous specifications
Many roles in Web Dev team – solo work rare. Project Manager, Graphic Designer, Editor, Coder, DBA, QA...
Briefly describe all the stages of the SDLC
Briefly describe the six ISO 9126 quality characteristics
Imagine you require a team for a Web application project but are limited to three people. Using the roles in the lecture, identify which combinations of skills you feel are the most likely and appropriate to create an effective project team. Single people wil
l need to fulfil numerous roles – identify skill sets that complement each other
Outline some of the potential problems that could arise if the scope and deliverables of an IT project are not clearly defined and agreed upon with the client early in the project
'AU Study > CSG2431 Interactive Web Development ' 카테고리의 다른 글
| W12 Thu 25102018 (0) | 2018.10.29 |
|---|---|
| W11 Thu 18102018 (0) | 2018.10.29 |
| Thu Textbook Chapter 2 summary (0) | 2018.10.03 |
| W7 Thu 13092018 (0) | 2018.09.17 |
| W6 Thu 06092018 (0) | 2018.09.06 |