Vous êtes sur la page 1sur 4

University of Palestine, Web Programming Final Exam, 11 February 2009.

Page 1 of 4
University of Palestine
Faculty of Applied Engineering and Urban Planning
Software Engineering Department

Date:.WED,11.02.09 | 9:00-11:30
Web Programming Final Exam
Name and ID: ESGD4119 | Web Programming |
Instructor Name: Mohammad Amin Kuhail
Type: Final Exam.
Number of Questions: 3.
Date :WED,11.02.09.
CJO: Closed Exam.
Grade: 100 marks.
Duration: 2.5 Hrs.
Dictionary Allowed: No.


Student Name:
Student ID:

1. Answer the following questions: [20 Marks: 10/Q ]

1. HTTP is a stateless protocol. That is, it doesnt allow servers to keep clients state. However,
sessions and cookies were developed to tackle this issue. Explain.
2. Compare GET and POST in terms of method of sending information, usage, and limitations.
Give a simple example in both cases.

2. Choose the correct answer: [ 30 Marks ]

1. Inside which HTML element do we put the JavaScript?
a) <script>
b) <js>
c) <javascript>
d) <scripting>

2. Where is the correct place to insert a JavaScript?
a) The <body> section
b) Both the <head> section and the <body> section are correct
c) The <head> section
d) None of the above.

3. What is the correct way to write a JavaScript array?
a) var txt = new Array("tim","kim","jim")
b) var txt = new Array:1=("tim")2=("kim")3=("jim")
c) var txt = new Array(1:"tim",2:"kim",3:"jim")
d) var txt = new Array="tim","kim","jim"

4. All variables in PHP start with which symbol?
a) &
b) !
c) $
d) #

University of Palestine, Web Programming Final Exam, 11 February 2009.
Page 2 of 4
5. What is the correct way to include the file "time.inc" ?
a) <!--include file="time.inc"-->
b) <% include file="time.inc" %>
c) <?php include_file("time.inc"); ?>
d) <?php require("time.inc"); ?>

6. What is the correct way to create a function in PHP?
a) function myFunction()
b) new_function myFunction()
c) create myFunction()
d) None of the above.

7. To call an object obj function foo within the object itself:

a) $obj.foo()
b) $obj->foo()
c) a+b
d) $this->foo()

S. The final visibility means that the method or the class is accessed:

a) From any scope but cant be overridden.
b) From within the class where it is defined.
c) From within the class where it is defined and its descendants.
d) From any scope.

9. Escaping output means:

a) Ensures the validity of data coming into the web application.
b) Uses whitelist approach.
c) Uses blacklist approach.
d) Protect the system and its users from potentially harmful attacks.

10. To tackle the spoofed forms attack:

a) Use client side validation.
b) Use SSL secure connection.
c) Use server side validation.
d) Escape your output.

University of Palestine, Web Programming Final Exam, 11 February 2009.
Page 3 of 4
3. Employees Affairs System [50 Marks ]

Figure 1 shows a part of the database of the Employee Affairs System of the University
of Palestine. It simply contains two related tables; employees and departments where
one employee can work in one department, and one department can contain many
employees. Figure 2 shows two web pages we consider. The first one titled as
add.employee.php. The second is process.php. Figure 3 shows an HTML source of the
page add.employee.php.

Figure 1: System ER diagram

Figure 2: System pages

Figure 3: HTML Code of add.employee.php

Employee Department
Works in
* 1
name ID
1. <html>
2. <body>
3. <form method="POST" action="process.php">
4. Name:<input type="text" name="name" size="20">
5. <br/>
6. ID:<input type="text" name="ID" size="20">
7. <br/>
8. Department:<select size="1" name="department"></select>
9. <br/>
10. Gender: <select size="1" name="gender">
11. <option selected value="Male">Male</option>
12. <option>Female</option>
13. </select>
14. <br/>
15. <input type="submit" value="submit" name="Submit"><input
type="reset" value="reset" name="reset">
16. </form>
17. </body>
18. </html>

University of Palestine, Web Programming Final Exam, 11 February 2009.
Page 4 of 4


- Your mysql database is installed and ready to use.
- The main DB server name is SE.
- Username and password are admin,yes accordingly.
- The DB name you need to select is named as WEB.


- Your solution MUST handle errors using try and catch exception mechanism.
- It is recommended you provide an object oriented solution.


1) [10 Marks ] Write a Javascript code to verify the add.student form based on the
following elements:
- All values must not be empty.
- Gender values must be either male or female.
- ID must be numeric number.

2) [10 Marks ] Write a php code that does the verification elements mentioned in 1 in
addition to the following:
- Name value must be alphabetic.
- ID must be obtained from the department table.

3) [30 Marks ] Write a php code that adds values inserted in the form of add.employee
to the system database. This php code shall be encapsulated within process.php.
A success message shall be shown when added successfully. Otherwise, a failure
message should be shown accompanying the error type.

@,8g. l>.l; S o l,.o: u,b go