The results of our informal survey are in! The final in our class this semester will cover the material since Test 1, i.e., the material covered in Test 2 plus the security stuff covered last week. The test will still have a programming portion, but the programming portion will only be worth 25 points out of the 100 points for the test. This means that the written portion of the test will be worth 75 points.
The table below lists the topics and resources used in class to help you study for Test 3. I have duplicated the links to the quizzes below along with providing a PDF of the security assessment worksheet. No, I do not have answers to the security assessment worksheet -- you should be able to answer those types of questions though.
As with the previous tests, the written part will be completed first. As soon as you have turned in the written section, you will be allowed to log in to your PC and begin the programming portion of the test. The programming portion will contain only one part: a PHP modification exercise. During the programming portion, you will only be allowed to program using one of the development applications and access our course website or the manual found on php.net. There will be no searching on Google, etc.
| Topic | Notes/Lab Exercises | Comments |
| Intro to databases & MySQL | Details: From this material, you should have an understanding of the structure of databases, their relationship within the client/server model, and the benefits of the three-tier architecture. This material also provided an introduction to the format and use of SQL statements. After studying this material, you should be able to write general SQL statements to add, delete, update, and query records. You should also be able to identify the different data types, e.g., if I give you a data type, you should be able to describe what types of values can be stored in that data type. Cheat sheet: I will provide the following syntax on a cheat sheet. (The select statement syntax is noted in the next row of this table.)
I will also provide a list of the data types used on the test, but I will not identify what types of data they will contain.
|
|
| Additional topics in databases & MySQL | Details: This lecture and set of exercises enhanced your understanding of the MySQL SELECT statement. You will need to know how each of the key words WHERE, BETWEEN, IN, LIKE, NOT, and LIMIT along with the arithmetic operators can be used to enhance the operation of the SELECT statement. You will also be asked to understand how multiple tables can be joined using a select statement, i.e., from table1, table2, etc. (Remember that joining tables without a WHERE condition creates the cartesian product, which is typically a useless result) When it comes to using LIKE, you will also need to be able to use the wildcards '%' and '_' and also how to "escape" a character using the backslash, '\'.. Cheat sheet: The main thing you need to know from this section is the syntax of the select statement.
|
|
| Intro to PHP | Details: In this introduction to PHP we covered the differences between server-side and client-side operation, the format of a PHP file, the syntax of PHP code and similarities between PHP code and JavaScript code, data types, and data type conversion, i.e., what happens when a value of one type is converted to another. We also compared and contrasted echo and print, discussed character escaping for specific characters using a backslash, '\', and printing characters not available on the keyboard using "\x". Be sure to study the material in the lab on creating functions and including files in PHP. Cheat sheet: There really isn't much to offer in the way of syntax here. If I am going to ask you to use a predefined function such as pow(), I will give you the syntax with the problem. You should probably already be familiar with the syntax of the program constructs such as if-statements, while-loops, switch-case-blocks, etc. |
|
| Arrays & strings in PHP |
|
Details: Material you will be responsible for in this section includes variable scope, global variables, static variables, arrays, and strings. When it comes to arrays, be sure you know the special indexing needs and the use of foreach. Be sure to look over the array and string functions, but if I ask a question regarding one of the functions, I will give you the syntax with the problem. Cheat sheet: The following syntax will be included on your cheat sheet. For the functions included in this list, be sure you know how the function operates.
|
| Using forms to pass data to PHP |
|
Details: Understand the difference between post and get and how to use $_GET and $_POST arrays to retrieve form data. Cheat Sheet: There really isn't anything to add to the cheat sheet from this section. |
| Accessing MySQL through PHP | Details: Understand the process of accessing a MySQL database using PHP. This includes the PHP functions that allow us to:
Cheat sheet: The following syntax will be available on your test. Be sure you understand how to use them.
|
|
| Objects | Details: Be able to define and use objects. This includes the use of the "new" operator and the "->" operator. There will be no specific questions on PEAR. PEAR was used as a method for showing how instances of objects were used. | |
| Security | Details: Be able to discuss ways to prevent basic security problems including escaping characters, form validation, validation of referring page, cross-site scripting, SQL injection, and one-way encryption. Also be able to identify the four types of threats to server-side applications and have some examples for each. We also discussed sticky forms, so be able to create elements that can reflect back to the user previous inputs. Also be able to compare and contrast crypt() and md5(). Cheat sheet: The following syntax will be included on your cheat sheet. For the functions included in this list, be sure you know how the function operates.
|
Prepared by David L. Tarnoff for the sections of CSCI 2910 at ETSU