National Polytechnic Bamenda

NAME: SOVLANYUY LITILA JUDE

OPTION: NETWORK AND MULTIMEDIA MATRICULE: CM-NPB-14-END-12

Course: Web Programming-Tutorial sheet

1. Give the full meaning of the following

HTML: HTML means "Hypertext Markup Language"a standardized system for tagging
text files to achieve font, color, graphic, and hyperlink effects on World Wide Web
pages.
XHTML: HTML means "Hypertext Markup Language" It is a family of XML markup
languages that mirror or extend versions of the widely used Hypertext Markup
Language (HTML), the language in which Web pages are formulated.
XML: The definition of XML is "eXtensible Markup Language"is a markup language that
defines a set of rules for encoding documents in a format which is both human-
readable and machine-readable.

SGML: SGML (Standard Generalized Markup Language) is a standard for how to

specify a document markup language or tag set. Such a specification is itself a
document type definition (DTD).

CSS: Stands for "Cascading Style Sheet." is a language for specifying how documents
are presented to users.
XSL: Extensible Stylesheet Language. An XSL style sheet is, like with CSS, a file that
describes how to display an XML document of a given type.
XSLT: (Extensible Stylesheet Language Transformations) it is a language for
transforming XML documents into other XML documents, or other formats such as
HTML for web pages, plain text or into XSL Formatting Objects, which may
subsequently be converted to other formats, such as PDF PostScript and PNG.
SASS: Sass is an extension of CSS3, adding nested rules, variables, mixins, selector
inheritance, and more. It's translated to well-formatted, standard CSS using the
command line tool or a web-framework plugin.
2. Give with examples, three 4 differences between HTML and XHTML
HTML XHTML
These elements are void elements in HTML. XHTML elements must be
properly nested
In HTML elements are parsed as RCDATA elements XHTML elements must always
be closed
In HTML elements are parsed as CDATA elements. XHTML elements must be in
lowercase
. html, .htm .xhtml, .xht, .xml, .html, .htm

Internet media type is text/html internet media type is

application/xhtml+xml

Type of format is document Type of format Is markup language

File format

Extended from SGML Extended from XML,HTML

Versions HTML 2, HTML 3.2, HTML 4.0, HTML 5. Versions XHTML 1, XHTML 1.1,
XHTML 2, XHTML 5.
3. List five elements in HTML5 that are not in HTML4

 section represents a generic document or application section. It can be used

together with the h1, h2, h3, h4, h5, and h6 elements to indicate the document
structure.

 article represents an independent piece of content of a document, such as a

blog entry or newspaper article.

 aside represents a piece of content that is only slightly related to the rest of the
page.

 hgroup represents the header of a section.

 header represents a group of introductory or navigational aids.

 footer represents a footer for a section and can contain information about the
author, copyright information, etc.

 nav represents a section of the document intended for navigation.

 figure represents a piece of self-contained flow content, typically referenced

as a single unit from the main flow of the document.
4. You are to design an online registration system. The registration form is shown
below:
(a) Write html code to design this form.
<!DOCTYPE html>
<html>
<body>
<table style="width:60%">
<tr>
<td>First name:</td>
<td><input type="text" name="firstname"></td>
</tr>
<tr>
<td>Last name: </td>
<td><input type="text" name="lastname"></td>
</tr>
<tr>
<td>Age: </td>
<td><input type="text" name="Age"></td>
</tr>
<tr>
<td>Gender: </td>
<td><input type="radio" name="sex" value="female">Female<input type="radio"
name="sex" value="male" checked>Male</td>
</tr>
<tr>
<td>Region of Origin: </td>
<td><select>
<option value="volvo">North West</option>
<option value="saab">South west</option>
<option value="vw">Central</option>
<option value="audi" selected>Ouest</option>
</select>
</td>
 </tr>
<tr>
<td>Accept Terms and Conditions: </td>
<td><input type="checkbox" name="vehicle" value="Bike">I Agree</td>
</tr>
<tr>
<td> </td>
<td><input type="submit" value="Submit"></td>
</tr>
</table>
</body>
</html>
(b) Write a script in php, jsp or asp that could be used to create a suitable
MySqldatabase for the form.

<html>
<head>
<title>Creating MySQL Database</title>
</head>
<body>
<?php
$dbhost = 'localhost:3036';
$dbuser = 'root';
$dbpass = 'rootpassword';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
echo 'Connected successfully<br />';
$sql = 'CREATE DATABASE TUTORIALS';
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
die('Could not create database: ' . mysql_error());
}
echo "Database TUTORIALS created successfully\n";
mysql_close($conn);
?>
</body>
</html>
(c) Write a script in php, jsp or asp that could be used to insert data from this form
into the database.

<?php
//database connection
$connection = mysql_connect("localhost", "root", "finishing");

//testing connection
if ($connection) {
$db = mysql_select_db("books");
print "Connected.\n";
if (!$db) print "Failed to select 'phpdb'.\n";
}
else {
print "Failed to connect to database";
}

//Insert Query
$sql2 ="INSERT INTO
`reg`
(
`fname` ,
`lname` ,
`age` ,
`gender` ,
`region` ,
`condition`
)
VALUES
(
'".$_POST['name']."' ,
'".$_POST['sex']."' ,
'".$_POST['age']."' ,
'".$_POST['sex']."' ,
'".$_POST['region']."' ,
'".$_POST['condition']."'
)";
$result2 = mysql_query( $sql2 )
or die("Invalid query: " . mysql_error());
?>
(d) Write a script in php, jsp or asp and to retrieve these data and display them on
an html table.

<html>

<head>

<title>Creating MySQL Database</title>

</head>

<body>

<?php

// Database connection

$connection= mysql_connect('localhost','root','finishing');

//Testing DB

if($connection)
{

$selection=mysql_select_db('input');

else

die('unable to connect'.mysql_error);

$sqltable="SELECT* from reg";

$result=mysql_query($sqltable);

$row=mysql_fetch_array($result,MYSQL_ASSOC);

if(mysql_num_rows($result)>0){

// row selection loop

while($row){

echo"<table border='1'>

<td>".$row['fname']."</td>

<td>".$row['lname']."</td>"

<td>".$row['age']."</td>

<td>".$row['gender']."</td>"

<td>".$row['region']."</td>

<td>".$row['condition']."</td>";

}
?>

</body>

</html>

5. How would you prevent SQL injection in your php, jsp or asp script?
To prevent SQL injections we will have to use something called prepared statements,
which uses bound parameters. Prepared Statements do not combine variables with
SQL strings, so it is not possible for an attacker to modify the SQL statement. Prepared
Statements combine the variable with the compiled SQL statement, this means that
the SQL and the variables are sent separately and the variables are just interpreted as
strings, not part of the SQL statement

6. How would you prevent cross-site scripting in your php, jsp or asp script?
• Never pass data from untrusted origins into output without either escaping or
sanitising it.
• Never forget to validate data arriving from an untrusted origin using relevant rules
for the context it’s used in.
• Remember that anything not explicitly defined in source code has an untrusted
origin.
• Remember that htmlentities() is incompatible with XML, including HTML5’s
XML serialisation – use htmlspecialchars().
7. Write a javascipt (using regular expressions) code that would display a dialog if a
user enters a non-numeric character in a textfield.
<?php
// javascript windows message
if(mysql_query($check_user)>0{
echo
"<script>windows.open ('welcome.php','_self' ) </script>";
}
else{
echo"<script>alert ( ' Data entered is incorrect ! ' )</script>";
}

update code:
$sql = "UPDATE MyGuests SET lastname='Doe' WHERE id=2";

if ($conn->query($sql) === TRUE) {

echo "Record updated successfully";
} else {
echo "Error updating record: " . $conn->error;
}