Post12: Database driven website risk

Last week was filled with midterm exams except for the PHP class when we had PHP Questions Contest, and it was a review about what we had covered in the class. The huge similarity between JavaScript and PHP makes the essential skills easy to master and implement. Moving into using Classes and Objects for communicating with the database makes PHP language stands out. As I mentioned before, using PDO to communicate with the database makes our web application cross platform that works with any type of database (SQL Server, Oracle, or MySQL).

In dealing with database driven websites, SQL Injection is considered one of the most dangerous risks that can threaten our data. For that reason, we need to look at this factor we receive the user input and try to insert it into a table.

Ex:

If we have a PHP variable called $name, this variable is in charge of getting the value from the full name input element in contact us form:

$name=$_GET[“FullName”];

User can write a SQL statement that affects tables in our database, for example, the value of FullName input field could be: drop table…

So we can avoid this problem by using PDO::prepare

Post11: Reading week and CMS Projects

Today was the last day for our reading week and for the 2014 Sochi Winter Olympics. Although I didn’t get the chance to see the games but the closing ceremony was great and I really enjoyed all ceremony events. Achieving 25 Medals for Canada was a great job mainly the two golden medals in the hockey game for both men and women.

Anyway, come back to study, the last week I tried to focus on PHP and ASP.NET courses as these are the heavy ones compared with others. Actually most of the time, I spent in developing and enhancing the front end for our PHP project. Leave Management System (LMS), which is the name of our project, It’s very important for any company mainly the human resource department. This web application is for recording, controlling and monitoring all types of employees leaving across any organization. To me, I found that analyzing what type of input and output that each feature of the project should have is more difficult than the coding itself. For this project, we have to play the two roles: the clients and the developers at the same time. As a team of 4 students, we have to come up with all ideas and the requirements for the project before starting the development process.

For ASP.NET project, that one has a different story, as we have to rebuild and existing website of a hospital to be a Content Management System. The website has to have public pages that any visitor can see plus admin pages that only admin users can access in order to change or edit the website; these are the same requirements for the PHP project also. However, for the ASP.NET we have the material, the components, or an example to start from so the task is a little bit easier since we know what is the input and output for each feature because all these features already exist in the current hospital website; we just need to start the development process using ASP.NET.

Finally, there are no more other ideas to share or write in this post, this week will have all the midterm exams and I hope we can do well in all of them.

Post 9: Our Skills, PDO (PHP Data Objects), and AJAX with ASP.NET

Talking about the soft skills and the hard skills in career connections class was quick but intensive. As we know the hard skills are the industrial abilities, such as the object oriented programming or responsive design for the web development field, the soft skills are the interpersonal skills. These two types of skills are essential contents for any resume. Today, as there are so many web designers and developers that might share the same hard skills knowledge in applying for a job the main differentiation among them will be the soft skills. Identify our soft skills is as important as hard skills and even more especially for the job interviews.

It was a great movement in PHP Class when we used PDO (PHP Data Objects) to connect our application with the database as I used to use MySQL function to connect to the database but this method became absolute. PDO, as the name indicates is built in using Objects, as I mentioned in my previous post that using OOP became something crucial for any professional programmer or developer. But the main advantage of using PDO instead of MySQL function is that the first works with any type of database through using the same PHP code that supports most popular databases because it defines a consistent interface for accessing any database like MS SQL Server, Oracle, and for sure MySQL, while the second deals with only MySQL database.

With the ASP.NET class, we are still diving into using AJAX framework. Again, Microsoft provides a rich and asserting toolkit with its AJAX control that makes the development cycle much easier for .NET developers. In the class, we learned about the Animation extender control. This control enables us to target one or more elements in a page and play an animation.

Post 8: STAR, AJAX with ASP.NET, PHP OOP

In career connections class, we talked about some interview questions and especially STAR technique for answering some kind of questions about a story or an event related to my previous experience. The acronym STAR stands for Situation, Task, Action, and Results. We can give an example of a situation where we had to face a challenge; the task is what we should have to do or to achieve in that situation, the action that we took to overcome the problem and finally the result which how well my action reflected on the situation in a positive way.

As I expected the XML class will be, we went beyond the basic topics of using XML to using a language called XSLT (Extensible Stylesheet Language Transformations). XSLT is a way to transform XML from one format to another, for example converting an XML document to HTML document. Although the output of transformation could be in any form of text file, XSLT can only operate XML files. XSLT has some terms or commands that are used in other programming languages but it is a declarative language and uses templates to define the output that should result from processing different parts of the source files (XML documents). In the lab exercise, we had to retrieve different info, in other words, targeting different elements and attributes in the source XML file. The task was interesting; it was my first time to use or work on this language.

For ASP.NET class, using AJAX (Asynchronous JavaScript and XML) with ASP.NET was easier than using AJAX with JavaScript, again as I mentioned before in my previous posts that ASP.NET framework has many built-in libraries that do many tasks behind the scene on behalf of the programmer. Microsoft wants to provide their ASP.NET developers the tools they need to build pure client-side Ajax applications easily without going deep in learning JavaScript or even writing a single line of JavaScript code. Therefore, Microsoft has both a server-side Ajax framework and a client-side Ajax framework.

For the PHP Class, we had to write some codes using the Object Oriented part of PHP. Although PHP is not a strongly object-oriented language (OOP) like C# or JAVA and it’s a server side scripting language, but it has started supporting OOP since version 3 and improved in PHP 4 and finally many new features had been introduced in PHP 5. Going OOP is really necessary in today’s world and with all these sophisticated web applications, there is no doubt that OOP became something essential to any developer or programmer even with JavaScript.

The subjects or the information in Security and Quality Assurance class still in theory and sometimes I find it no easy to grasp. We didn’t get the chance yet to have our hand dirty with coding as we need to master the fundamental before applying these information to our code. I think when we start coding using the security topics that we learned in our code (PHP and JavaScript) understanding the whole idea will become much easier.

Post 7: PHP/ASP.NET, Soft and Hard Skills

Based on the requirements for this semester, I had to have windows server platform in my hosting company, so I had to buy another domain that runs windows server in order to run my ASP.NET assignments and project. I think with having two domains I will make two portfolios one with PHP language that runs on www.anmarjarjees.com and the other with ASP.NET that runs on www.anmarjarjees.net. In this case, I can demonstrate the using of two different back-end development.

Although working on PHP and ASP.NET to build two professional CMS websites will be a great benefit in enhancing our experience in back-end development , but I think speciality is recommended, mastering the two languages at the same time in this short period is not an easy task especially that we also have to have strong skills in front-end development. Through my intensive search for different web design and development companies, I found that some companies prefer the open source like PHP while other companies prefer ASP.NET, and maybe there are very few companies that use both.

With XML class, we started doing some advanced coding. I found that there are many areas in XML beyond creating just simple files as we used to do and I am eager to discover more as we are going to use XML with our PHP and ASP.NET projects plus creating an entire XML project with my team. Besides the programming and designing tasks, time management, understanding project life cycle and choosing the right approach or the project model are also something essential.

With career connections class, we are having different workshops, activities, and guest speakers. I really find this course interesting and has less pressure compared with others. This course will definitely enhance our soft skills and job search methods. In today world, having the hard skill like (programming and designing for our field) is important but the soft skills also play a great role in hiring the right candidate, so they are also necessary and cannot be ignored. Good communication skills in dealing with people if they are clients or colleagues are needed especially in our field when we have to deal with different clients if we want to work as freelancers or in dealing with other developers or designers in the same company for building web projects.

Post 6: Our Strengths, PHP/ASP.NET and Quality Assurance

Identifying my Strength by using the test in www.strengthsquest.com it was really a good experience in Career Connections Course. Being one of Humber college students, I received this privilege to access the test and discover my strengths, which are different from the classic ones. The test result was built on different questions related to person’s attitudes, personality, feelings, and values. By the end of the test, each student received his/her top five Strengths, I think each one discovered at least one strength that he or she had never thought they have it. Knowing my strength exactly will help me to use my potential power and sharing these strengths with my team will open extra doors for us as team members to understand each one’s skills in order to employee them in building our projects. This workshop reminded me with the True Colors workshop in the first semester, each student had also to share his true color with other students.

I think this semester will be more intensive and have a lot of work to do than the first one: for the PHP class we are moving fast through the textbook chapters, the same with the XML book, building two different CMS websites, and determine the security and the quality assurance for each project. PHP language makes more sense to me because we can follow the logic of programming; there are no plugins or built-in libraries to add like ASP.NET. Everything I need to achieve, I have to code it by myself, which is why I like using PHP for back-end development more than using ASP.NET at least for the time being. Although, building a website with ASP.NET will be faster using the master pages, form validation, and for sure an advanced IDE like Visual Studio plus other extra features like the design view of visual studio, but I like the challenge that I experience when I use a simple software like NetBeans or Komodo in writing PHP code. It reminds me with the old days when I had to create my university project using the low-level C language. As many CMS are built using WordPress and Drupal, mastering PHP is necessary to me in order to customize those kinds of CMS and add more functionality by creating my own plugins.

Exploring the computer security and going deep in this field in Security and Quality Assurance Course was also something interesting, how to protect users from themselves? That is the idea of the security; we will go through different areas and aspects that we have never explored before. Right now, all the information are theoretically delivered but then when we start doing or applying this information into our codes, the task will become more understandable make more sense. Understand the security issues behind building a web application is something very necessary and crucial for us if we really need to be professional web developers.

Post 5: The Second Semester

We started the second semester now with two main projects that we need to accomplish, one with ASP.NET and the other with PHP. It was an interesting start with the career connection lecture; we had different activities that demonstrated how hard or easy for us as developers to deal with the clients and understanding their needs exactly. I think that the career connection course will build over the skills that I learned in the Project management in the first semester.

I mostly liked starting studying PHP as a server side scripting language. It was a quick and intensive start at the first lecture, so I think we will run through more advanced topics that will enhance my previous experience in using PHP, I hope so, especially when I will build a fully functional Content Management System website with my team. All hosting companies support this open source technology because all of them have servers that run on Linux operating system, which is also free.

I think the problem that I am going to face in this semester or the last one is how to upload my ASP.NET Projects, this technology runs only on Windows Server operating system. Although my professor told me that I don’t need to worry for the time being but for the last semester when we start building our portfolio I need to change my hosting service to another one that provides windows server in order to have all my projects online on my own website. Anyhow, as a web developer we need to remember the main difference between Linux and Windows server which Linux is case sensitive while windows is not. This point is so important when we build hyperlinks or accessing other assets or recourses inside the web pages likes the images names for example.

For the programming languages courses, I am a kind of student that heavily depend on the textbooks more than the instructor himself in most of the cases. Using well-known PHP book, Murach’s PHP and MySQL, as the textbook for the PHP course gives me positive thought about what we are going to learn or to achieve in this semester. As a web master for the Chaldean Patriarchal Vicariate website in Jordan, hosted on Linux server, PHP will be the most important subject to me compared with others.

In Information Architecture course, we will start to continue what we planned for the hospital website in the first semester. Now this information will be put into practice, we will use all the information to build our projects: the ASP.NET and the PHP.

Finally, Security and Quality Assurance, as in this course will go through the entire requirement to maintain the required level of quality and secure our products, which are our websites. I didn’t get the chance to look at the textbook yet, the instructor told us that it’s mainly written for Java language but the rules can be applied to other languages also. At the time, I am writing this blog I don’t have experience in using Java language so I think this will be a good opportunity for me to discover the secrets and mysteries of this strongly object oriented language.

Post 4: Project Management, Web-Programming, ASP.NET Project.

We had intensive work and assignments last week as we are going to the end of the first semester. For the project management course, I spent a lot of time with my team (team 5) in practicing and preparing for the proposal of redesigning a hospital website; it was a nice experience when we helped each other in enhancing our presentation.

Having the web development skills is not enough; we might see many people that have these skills. However, there are other needed skills like how to deal with people; your clients and colleagues plus how to present yourself as a web developer and this was the main aspect of this course. Project management gave me other skills that I have never thought about before, and we had to practice different activities and I didn’t expect to have such kinds of activities in the first semester. Dividing us into groups, gave as tasks and assignments to work on them, and having our regular meetings with our instructor and just as team members every week, all those actions and activities made me feel like I am in a real workplace not just a student.

When we asked to create a restaurant website for the web-programming course as a team, I was hesitated at the first time and I could not easily understand or accept the idea of building this website as a group, how can I write my code or function with 4 students? The first time I preferred to build the entire website from A to Z by myself in order to get the chance to practice most of the topics that I learned through the first semester, but that was unacceptable, the project had to be built by a team and not individually. Finally, as a team of five students, we had to distribute our duties in building the website and I liked to work with my team members as each one took his/her part in building the website then collecting all these parts together. After finishing the project, everyone was proud of what he/she did; the different skills that each one had in my team, led us to present a fully functional website with an eye-catchy interface design and I felt lucky to be part of team 5.

For the ASP.NET course, I need to work hard on my final project, which is to create a database driven website about any subject we like. Although our final project could be built on using the midterm project plus adding the new features that we learned like ADO, I preferred to start a new one talking about something real not a fictional company as I did in my midterm one. Thus, I decided to build a website about the ancient city “Babylon”, I already started in collecting the information from Wikipedia. I know it might be not easy to build this entire database driven website in just two weeks especially when I am busy with my exams. In addition, I have to do it by myself not as a team like other projects, but I am trying my best to finish it and this will definitely enhance my skill in using ASP.NET plus the C# programming.

Post 3: Digital Design, Database, and Web Programming

Last week we had to submit our assignments for the Digital Design course, the requirements were to convert two pages from a Photoshop mockups to HTML files. Because of this course is my favorite one in this semester, I liked to challenge myself by converting three pages not only two in a record time. The time I spent in designing those three pages using Photoshop and the nice result that I got pushed me to use them all in creating the HTML files and to have more samples in my portfolio. Actually, the task was not as easy as I thought; I tried to use many Photoshop enhanced features to add a professional look to my design, and that made me spending more time than I expected in order to keep the same look and feel in the HTML pages as in Photoshop mock-up. Being detailed oriented in using the same pixel distance and the gradients exactly, is important for the front-end developing and that took me a while, but I was able to finish my project the end.

For the Database course, starting MySQL DBMS (Database Management System) was a kind of relief to me after spending the previous two weeks using more advanced topic in PL/SQL (Procedural Language/SQL), for more details visit: Oracle (PL/SQL). It was not easy to me understanding the full topics of using procedures and function with the PL/SQL depending on the lab exercise or the PowerPoint slides only; I had to go through the chapters that talk about these advanced programming subjects in our textbook. Certainly, the more exercise I do with procedures and functions the better knowledge I will have. Although, we are going to use MS-SQL server with ASP.NET and MySQL with PHP for the back-end development, learning Oracle Database plus PL/SQL database programming languages was helpful to me to understand the real structure of the database tables using one of the major DBMS, Oracle, in the world.

In web programming course, we wrote a simple web form to demonstrate the work of AJAX (Asynchronous JavaScript and XML) using regular JavaScript and jQuery was so important. Reloading the entire HTML page just for a piece of information that has to be fetched from the server is time-consuming, especially if the page has many multimedia files. Using XMLHttpRequest Object was a great solution for this problem, for more details visit: Ajax/jQuery. In the class, we tried to send the form information to a local server using XAMPP, a free and open-source web server, to imply the functionality of AJAX, you can read more about XAMPP.