Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Programming

proto-p6-fall15

advertisement 
Prototype 6 (for Assignment02): Registration Form, SQL Inserts/Updates, programmer-defined function to
simplify programming, more complex server-side logic, hashing, safe IO.
Paper copy due 1ST class Week of Oct 19th . Include your name, stapled, title: Prototype 4: your full name, must be neat (no
handwriting!) Use two-sided page if possible. Two or three points deducted if not professional looking.
Examples/Notes: https://web.njit.edu/~mchugh/202/NOTES/Assignment02/WEEK6/
Study related homework questions and additional topics at: https://web.njit.edu/~mchugh/202/NOTES/Assignment-Homeworks/
Refer to: https://web.njit.edu/~mchugh/202/NOTES/Assignment02/Assignment02-2015-sp.pptx especially 2-8.
Videos: PHP programmer-defined functions 6C:5:00 minutes-into-video-to-end; 3B1: SQL Injection and
mysql_real_escape_string. Hash password in SQL statement: 6D, 6E. Later but not for this prototype Javascript 5D, 5D1;
Javascript discussion/example: 6B.
1. Define Form with inputs for REGISTERED. Most data is from Form but REGISTERED attributes like regist_datetime and
numcourses are defined in the SQL insert statement. Form action is register.php (slide 8 above). Ignore form layout issues for now.
2. Define function Rnum ($username, $email) which returns number of rows where either $user or $email appear in
REGISTERED. Put function definition in myfunctions.php file. It looks like: function Rnum ($username, $email) { --- }. The
body executes an SQL select statement and the function returns the number of rows selected. The SQL query looks like $s = "select *
from REGISTERED where … ". When you develop Rnum, test it by calling it from a simplistic version of register.php that just calls
the function (possibly with hardcoded values for its arguments) and prints number of rows returned. This establishes there are no
syntax errors and the function behaves as intended. The calling script register.php must be connected to database and include the file
that defines the function (include ("myfunctions.php")).
3. Implement register.php with programmer-defined function described in slides 3-8 of PPT above. Use Rnum function to simplify
logic that guards against script trying to insert an existing user name or email in REGISTERED but allows insert if user name and
email are new. Protect again SQL injection by using mysql_real_escape_string and protect against bad output by using
htmlspecialchars. Hash password in SQL using sha1 so DB copy is encrypted. Later (but not required for this prototype) you will
need to modify your retrieve.php script from previous assignment to handle the select statement comparison because the comparison
will involve the sha1 function – see video 6D (especially around 2min40sec into video). Be sure password column in REGISTERED
is varchar and 60 characters length to accommodate the hashed copy of password.
Snapshots
1. Browser view of Form: register.html
2. HTML code for register.html
3. PHP code for myfunctions.php with code for Rnum function.
4. PHP code for register.php with basic SQL insert process using Rnum described above.
5. phpMyAdmin Print View of REGISTERED data when users with hashed passwords are input
6. Output from register.php when user exists.
7. Output from register.php when user is new and user is successfully registered
Bonus+3: Use mysqli prepared statements in which case mysql_real_escape_string is not needed.
Bonus+3: Define/use functions: safeIn ($name) to transform Form data named $name by mysql_real_escape_string and safeOut ($x)
to output $x using htmlspecialchars. The first function prevents SQL injection; the 2nd prevents XSS attacks.
Bonus+4: Download and use MySQL Workbench tool to draw a diagram that shows relation between REGISTERD and GRADES.
proto-p6.docx
Page 1
1. Browser view of Form. All elements must be present and labeled but prototype layout doesn't have to be
precise. The primary focus of the prototype is the server-side processing in register.php.
2. HTML code for register.html
3. PHP for myfunctions.php: definition of Rnum($username, $email)
4. PHP for register.php: with insert using Rnum function as described on previous page and outlined in
Assignment02-2015-fall.pptx slide 6-10.
5. phpMyAdmin Print View of REGISTERED data when users with hashed passwords are input
6. Output from register.php when input user or email already exists. There should be message indicating
the user name is already in the REGISTERED. Echo input safely
7. Output from register.php when input user name is new and user is successfully registered. Script
should echo input data and indicate user is inserted into REGISTERED TABLE. Echo input safely
proto-p6.docx
Page 2
Related documents
Web Design and Database Course Outline and Content F27WD
Web Design and Database Course Outline and Content F27WD
PROFESSIONAL SUMMARY
PROFESSIONAL SUMMARY
The Fall 2011 Graduation Plan & DARS Workshop WHEN Friday
The Fall 2011 Graduation Plan & DARS Workshop WHEN Friday
PHP Variable
PHP Variable
STEM Enrichment Resources – Activity Websites Design Squad
STEM Enrichment Resources – Activity Websites Design Squad
Title: English in Use Level 2: Global Pre
Title: English in Use Level 2: Global Pre
Download
advertisement