Demonstration: you must email me a link to your website by the deadline, 5 pm on Monday, December 19, 2022. You are welcome to send the link earlier; I will not visit until 5 pm on the due date.
(Subject line of "cs4250, project part 7", exactly. You should send the link / URL early; I will not visit your website until the deadline.) Remember to include the name of your project/group in the email message, and the names of your project members, and to carbon copy (cc:) your project partners.
The goal of this part of the project is to interface your database with a programming language and to make it web-accessible. This is the stage where you embed your database into a complete application. The programming language that I recommend is PHP, a popular, server-side scripting language. (See the class lecture notes for more details about PHP.) PHP has been installed on the DBH 288 machines. Using PHP, the MySQL database that you have created can be accessed via the web, using a webserver installed on hopper.csustan.edu. Before detailing the assignment itself, it may be helpful to read the following FAQs:
Answer: No. Due to security restrictions, you can access the MySQL database server on hopper.csustan.edu only from machines in P 288, either by logging in directly or by using the web interface you will create in this part of the project.
Note that if you write your PHP scripts to connect to "localhost" (as shown on the MySQL handout that contains your MySQL password) and test them by connecting to an installation of MySQL on your own machine, then porting the scripts to a P288 machine for project submission should be fairly straightforward.
FAQ: Can we use a commercial service outside the university (like AWS or MS Azure) to host our database server and web site?
Answer: No. This is a "learn to do it yourself" assignment.
FAQ: Can we use our own database server and web server?
Answer: No. Students who have attempted this in the past have too often created web sites that they could access, and the students thought "everyone" could access, and the grader could not access.
FAQ: Can we use Ruby-on-Rails/AJAX/Javascript/substitute-the-latest-language-buzzword-here/ for the project?
Answer: Certainly! However, should you decide to use <insert buzzword here>, you are on your own. We do not have facilities to support these in the lab, nor to provide technical support.
The sysadmin verified that PHP and Ruby should work, and that is all. (Ruby on Rails may or may not.) If you choose to use Ruby, contact the professor ASAP, since some security-related adjustments will need to made to your user account. (That is the full extent of the technical support we will provide for using Ruby.)
FAQ: What is an SQL injection attack?
Answer: SQL injection attacks are a common way for malware to invade DBMSs via the code a web site uses to interact with its database. (Wikipedia's SQL injection page)
Test your SQL injection prevention on SQL queries that use "LIKE", if you implement the prevention technique on the ad-hoc query part of your project web page. LIKE queries, with string matching operators, should work sucessfully. (Our system administrator required you to do to set appropriate file permissions. Work our sysadmin did does not "count" as SQL injection-prevention, for this part of this assignment.)
What I want to see at the end of the day is a single web page that provides a nice interface to your database. Feel free to do more fancy and creative things, but do so only after completing this "core" requirement. Here is a style guide for what features your basic inferface must provide. Look at the template carefully. Notice that we are only querying the database. We are not doing any inserts, updates or deletes. (That's one direction to look at, if you are wondering how to earn credit for extra functionality.)
Help with PHP
Here are some good documentation resources:
Should you find another good PHP/scripting/MySQL documentation/help WWW page, please let me know and I will add a link here for the whole class to benefit from.
One team member from your project should send the URL for your web page, where I can access your application. This can be done by sending email to Dr. Thomas.
I will not grade until December 19th, so it is fine if the URL you send leads to a non-functional page at the time you send the URL. (By the deadline, the pages should be functional.)
In addition, you need to compile a project report, plus source code appendices. More on this below.
Submit your source code (.zip or .tar.gz file) to the CS Homework system along with the report (next item), or include the source code as appendices to your project report. (The actual source source code files must be submitted, not a link to some other web site.)
(Stick with "classic," plain .zip or .tar.gz formats. Don't use a newer compression algorithm, because some of those are specific to one operating system and I may not have a suitable decompression program.)
Portable Document Format (PDF) format preferred for your report. MS Word or plain text also acceptable.
Include your answer to the next question in the document, too.
Submit your report to the CS Homework system.
Please note that there is no "right" answer to this question nor will you be penalized for saying that there is something missing from your project. What I want to see is if you can discuss your domain, your database, and the implications of the design and implementation decisions you made in your system for the application domain that you have chosen.