0% found this document useful (0 votes)

92 views

Web Application Development: Central Zoo Nepal

This document discusses web application development. It covers topics like web applications, programming languages like PHP and MySQL, designing a web application to meet requirements, implementing a web application using client-side and server-side scripting, database management, testing, recommendations, and designing a "Central Zoo" web application. The goal is to provide an overview of concepts and steps involved in developing a full-stack web application from design to implementation.

Uploaded by

Manish Mahaseth

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

92 views

Web Application Development: Central Zoo Nepal

Uploaded by

Manish Mahaseth

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 180

WEB APPLICATION DEVELOPMENT

Web application
development
CENTRAL ZOO NEPAL

Niraj Yadav
ISMT FOUTH SEMESTER | TINKUNE, GAIRIGAU
NIRAJ YADAV 1
WEB APPLICATION DEVELOPMENT

Contents
Task 1 ........................................................................................................................................6

Introduction ...........................................................................................................................6

Web Application ................................................................................................................7

PHP .................................................................................................................................. 13

MySQL............................................................................................................................. 26

Conclusion: .......................................................................................................................... 29

Task 2 ...................................................................................................................................... 31

Introduction to programming languages ........................................................................... 31

Server side programing language ................................................................................... 31

Client Side programing Languages ................................................................................ 32

Advantages: ..................................................................................................................... 33

Differences between client-side and server-side ............................................................. 34

Risks in web scripting languages .................................................................................... 36

Comparing PHP and Javascript ..................................................................................... 39

Comparing PHP and ASP ............................................................................................... 41

Database Connectivity..................................................................................................... 43

Server-side Interaction mechanism ................................................................................ 44

Tools available and Ease of Usage .................................................................................. 44

Session and Cookies: ....................................................................................................... 44

Data Storage .................................................................................................................... 45

Data processing................................................................................................................ 47

Security requirement ....................................................................................................... 48

Security concerns: ........................................................................................................... 49

NIRAJ YADAV 2
WEB APPLICATION DEVELOPMENT

Recommendation for Security improvement: ................................................................ 49

Task 3 ...................................................................................................................................... 51

Introduction ......................................................................................................................... 51

Design a web application to meet a given requirement. [2.1] ............................................. 52

Synthesize client side and server side functionality in a web application in your design [2.2]
.......................................................................................................................................... 60

Apply a database for use in a web application. [2.3] .......................................................... 62

Conclusion: .......................................................................................................................... 70

Task 4 ...................................................................................................................................... 71

Introduction ......................................................................................................................... 71

Front end design .............................................................................................................. 72

Back end design ............................................................................................................... 77

Normalization .................................................................................................................. 83

Use case design................................................................................................................. 86

Pseudo Code..................................................................................................................... 87

Dataflow Diagram ........................................................................................................... 88

Relationship Diagram...................................................................................................... 89

Conclusion: .......................................................................................................................... 90

Task 5 ...................................................................................................................................... 91

Introduction ......................................................................................................................... 91

Implement a web application to a prepared design using client-side and server-side scripting
languages. [3.1] ................................................................................................................. 91

Also, implement a web enabled database management system to store, retrieve and
manipulate data in web application. [3.2] ......................................................................... 109

Identify and implement opportunities for error handling and reporting. [3.3] ................... 113

NIRAJ YADAV 3
WEB APPLICATION DEVELOPMENT

Conclusion: ........................................................................................................................ 117

Task 6 .................................................................................................................................... 118

Introduction ....................................................................................................................... 118

Unit Testing ................................................................................................................... 118

Integrated testing........................................................................................................... 121

Stress testing .................................................................................................................. 123

Compatibility Testing .................................................................................................... 124

Critical review: .............................................................................................................. 126

Task 7 .................................................................................................................................... 126

Introduction: ..................................................................................................................... 127

Recommendation ........................................................................................................... 137

Conclusion: ........................................................................................................................ 137

Task 8 .................................................................................................................................... 138

Designing the layout ...................................................................................................... 141

Data Dictionary ............................................................................................................. 144

Task Break Down .......................................................................................................... 149

Choice of tools: .............................................................................................................. 150

Data and information collection mechanism: ............................................................... 152

Product and maintenance techniques: .......................................................................... 155

Recommendation for the developed “Central Zoo”: ................................................... 157

Conclusion: ........................................................................................................................ 158

Introduction ....................................................................................................................... 158

Scope .............................................................................................................................. 159

Definition ....................................................................................................................... 160

NIRAJ YADAV 4
WEB APPLICATION DEVELOPMENT

User Manual .................................................................................................................. 160

Conclusion: ........................................................................................................................ 176

Reference ............................................................................................................................... 177

NIRAJ YADAV 5
WEB APPLICATION DEVELOPMENT

Task 1

Critically evaluate the functions and advantages of web applications. [1.1, M1]

Consider: Object-Oriented PHP, Error and Exception Handling, Session Handlers,

Web Services, Secure PHP Programming, Securing MySQL.

Introduction

A web application or "web app" is a software program that runs on a web server. Unlike traditional
desktop applications, which are launched by our operating system, web apps must be accessed
through a web browser. Web apps have several advantages over desktop applications. Since they
run inside web browsers, developers do not need to develop web apps for multiple platforms. For
example, a single application that runs in Chrome will work on both Windows and OS X.
Developers do not need to distribute software updates to users when the web app is updated. By
updating the application on the server, all users have access to the updated version
(Techterms.com, 2015). From a technical view-point, the web is a highly programmable
environment that allows mass customization through the immediate deployment of a large and
diverse range of applications, to millions of global users. Two important components of a modern
website are flexible web browsers and web applications; both available to all and sundry at no
expense. Web browsers are software applications that allow users to retrieve data and interact with
content located on web pages within a website. Today’s websites are a far cry from the static text
and graphics showcases of the early and mid-nineties: modern web pages allow personalized
dynamic content to be pulled down by users according to individual preferences and settings.
Furthermore, web pages may also run client-side scripts that “change” the Internet browser into an
interface for such applications as web mail and interactive mapping software (e.g., Yahoo Mail
and Google Maps). Web applications are, therefore, computer programs allowing website visitors
to submit and retrieve data to/from a database over the Internet using their preferred web browser.

NIRAJ YADAV 6
WEB APPLICATION DEVELOPMENT

The data is then presented to the user within their browser as information is generated dynamically
(in a specific format, e.g. in HTML using CSS) by the web application through a web server.

Fig: Architecture of Key Web Components and Technologies

Web Application

Basically, web application is an interactive system which is developed to allow the

users to execute business logic that exists in server and to view the results of that logic
through a web browser on client workstation. The communication of client and server
takes place over the internet in a web application. As a whole, the data is processed by
web services and is made available to the users quickly and easily through their web
browsers in a web application.

A web application or web app is any application software that runs in a web browser or
is created in a browser-supported programming language (such as the combination of
JavaScript, HTML and CSS) and relies on a common web browser to render the
application. Web applications can be simple website, ecommerce sites, business account

NIRAJ YADAV 7
WEB APPLICATION DEVELOPMENT

package, college management system, library management system, airlines or vehicle

reservation system, e-banking etc.

Web apps have several advantages over desktop applications. Since they run inside web
browsers, developers do not need to develop web apps for multiple platforms. For
example, a single application that runs in Chrome will work on both Windows and OS
X. Developers do not need to distribute software updates to users when the web app is
updated. By updating the application on the server, all users have access to the updated
version. Another significant advantage of building and maintaining web applications is
that they perform their function irrespective of the operating system and browsers
running client side. Web applications are quickly deployed anywhere at no cost and
without any installation requirements (almost) at the user ‘s end.

How web application works?

Web applications have basically three layers to their model. The first layer is on the
user's side and consists of a basic browser. The second layer contains a dynamic content
generation tools like Java, active server pages, or PHP. The third layer is where the data
is stored and consists of back end database software.

In general, web application works when the initial request is triggered by the user
through the browser over the Internet to the web application server. The web application
accesses the databases servers to perform the requested task updating and retrieving the
information lying within the database. The web application then presents the
information to the user through the browser.

NIRAJ YADAV 8
WEB APPLICATION DEVELOPMENT

Fig: 3 tier architecture of web applications

Fig: working mechanism of web applications

NIRAJ YADAV 9
WEB APPLICATION DEVELOPMENT

Advantages of web applications:

The advantages of the web applications have made a number of users move
from the desktop applications to the web applications. Some of the advantages
are mentioned below:

1. Cross platform compatibility:-

Most web based applications are far more compatible across platforms than
traditional installed software. Typically, the minimum requirement would be a
web browser of which there are many. (Internet Explorer, Firefox, Netscape to
name but a few). These web browsers are available for a multitude of operating
systems and so whether you use Windows, Linux or Mac OS you can still run
the web application.

2. Highly deployable

Due to the manageability and cross platform support deploying web

applications to the end user is far easier. They are also ideal where bandwidth is
limited and the system and data is remote to the user. At their most deployable
you simply need to send the user a website address to log in to and provide
them with internet access. This has huge implications allowing you to widen
access to your systems, streamline processes and improve relationships by
providing more of your customers, suppliers and third parties with access to
your systems.

3. More manageable

NIRAJ YADAV 10
WEB APPLICATION DEVELOPMENT

Web based systems need only be installed on the server placing minimal
requirements on the end user workstation. This makes maintaining and
updating the system much simpler as usually it can all be done on the server.
Any client updates can be deployed via the web server with relative ease.

4. Secure live data

Typically, in larger more complex systems data is stored and moved around
separate systems and data sources. In web based systems these systems and
processes can often be consolidated reducing the need to move data around.
Web based applications also provide an added layer of security by
removing the need for the user to have access to the data and back end
servers.
5. Reduced costs
Web based applications can dramatically lower costs due to reduced
support and maintenance, lower requirements on the end user system and
simplified architecture. By further streamlining your business operations as
a result of your web based application additional savings can often be found
(Dbnetsolutions.co.uk, 2015).

Disadvantages of web applications:

 Dependency- As web applications are dependent on the internet, slow

internet connection hampers the running of web apps.
 Development- Developing a web software takes more time as compared to
the desktop software.
 Security - There are certain security issues, which need to be addressed,
when it comes to web based applications. There are chances of it being
hacked, whether knowingly or unknowingly. Therefore, more care has to be
taken to work on this concern

NIRAJ YADAV 11
WEB APPLICATION DEVELOPMENT

Types of web application users:

A web user is a person who uses the website for his/her purpose. A user can
access the website for various purposes. There are mainly four types of
users: Expert user, novice user, regular user and occasional user.
 Expert users: Expert users are those users who know all the process and
methods of doing their jobs while using website. They don't waste time on
reading the whole thing on the site. After browsing the site what they do is
just scan with their eyes on display and start doing their job for what they
trying to get, menu bar should be clear, easy to uses proper links on the
button, effects should use search bar and site map should be included so
they can get what they want. (Gumpshen, 2011)
 Novice users: Novice users are the beginners and are new or inexperience
to the website handling and operating process. They are those users who are
experiencing the web application for the very first time. They are learning
to search for the information, get answers for their queries. Novice users
needs help on a regular basis with a site that is simple and clear to them.
The novice user don‘t search or likely to click on anything they don‘t
understand, so many choices on a website often leads the novice users to no
action. They are afraid of getting lost on a site and don‘t trust their ability to
navigate properly, especially on a complex site. (Thomas, 2012)
 Regular users: Regular users are those users who visit the site regularly
but they are often confused of what they want in a site. Regular users are
not professional user who knows exactly what want from the site.
 Occasional users: Occasional users are those who visit the website rarely.
These users usually visits the website when they really need to, search their
needs and they don‘t go for the other things they don‘t want. They know all
the process and techniques to use the website but they visit the website
occasionally.

NIRAJ YADAV 12
WEB APPLICATION DEVELOPMENT

Functions of Web Application:

A web based application is defined as a collection of logically related interactive

functions that fulfil a specific business requirement as defined by a knowledgeable user
of the internet. One web site can provide access to multiple web applications. It is
important to establish applications boundaries clearly at the outset of counting. The
architecture of web applications comprises multiple components. The purpose for
counting determines which components are to be included within the scope of a
particular count. For most organizations, only functionality actually built by their
developers is included. (Total Metrics, 2014)

Fig: How do web application work?

PHP

A server scripting language, and a powerful tool for making dynamic and interactive
Web pages quickly is simply PHP. PHP is a widely-used, free, and efficient alternative
to competitors such as Microsoft's ASP. PHP files can contain text, HTML, CSS,

NIRAJ YADAV 13
WEB APPLICATION DEVELOPMENT

JavaScript, and PHP code PHP code are executed on the server, and the result is
returned to the browser as plain HTML. PHP files have extension ".php" (PHP,n.d.).

4 years after the introduction of PHP 4 to the Internet scene, aimed to bring a brand
new functionality to the PHP language PHP 5 was released. The PHP team was paying
attention on what was missing or not well supported in the older versions. The 5th
revision is focused on 3 major areas: Object-Oriented programming, XML and MySQL
support (PHP 5,n.d.).

Since, the basic classes are supported in version 4 of PHP, the PHP version 5 is re-
written supporting complete OOP with better performance and much more features
compared to earlier version. Most of the web developers desire to use PHP 5.
Furthermore, it is reasonably effortless to use as it comprises easy formats, techniques
and characteristics that can be clutched easily by developers.

Features of PHP

 The Standard PHP Library (SPL) is introduced providing a number of

ready-made classes and interfaces.

 Access Modifiers are added.

 The built-in exception classes in PHP 5 has made easier to create desired
customized exceptions via inheritance.

 Improved MySQL extension called mysqli has been introduced so that the
features of MySQL database versions 4.1 and later can be supported.

NIRAJ YADAV 14
WEB APPLICATION DEVELOPMENT

 In PHP 5 SQLite database is integrated in order to develop application

faster, leaner and more versatile. (Sunilb, 2007)

Advantages of PHP :

 Cost- PHP is open to anyone, anywhere and anytime. It is open source and
is developed and updated by a developer’s community from around the
globe. So, the components are free to use and distribute. You can fix bugs
or customize the software to your specific needs (or pay someone to do so)
because the source code is available. This is not possible with commercial,
off-the-shelf products.
 Easiness- PHP has a short learning period and programmers can quickly
become productive. PHP was designed to appeal to Web designers and
HTML coders, and they appreciate the ability to freely mix HTML and
PHP. PHP allows them to easily and gradually add dynamic page
generation features to their Web sites
 Cross-platform- PHP runs on just about every platform available enabling
it to operate across different operating systems. It works excellently on
UNIX, Macs and Windows versions.
 Efficiency and usability- PHP offers unique usability and effectiveness
when used for web development.
 Direct code- PHP is embedded directly into the HTML that makes up the
website resulting to an interesting quality. For instance, if a visitor comes to
the website, the code is directly executed. The user does not need any
particular browser of plug-ins to see the PHP in action. This also makes it
very simple for one to transform an already existing static website into a
valiant and fresh dynamic one.
 Better performance- As compared to other programming languages PHP
is rated as the high regarding its performance. It is fast, efficient and

NIRAJ YADAV 15
WEB APPLICATION DEVELOPMENT

supports almost any web browser as well as integrating into almost any
server. It enables users to add a few lines of code to PHP document, save
and watch the transformed website into a powerful and more organized
version of itself.
 Supports all major databases- PHP supports all major databases such as
MySQL, dBase, IBM DB2, InterBase, FrontBase, ODBC, PostgreSQL,
SQLite, etc.

Principles of PHP

1. Object oriented PHP

Object-oriented programming refers to the method of programming that
invokes the use of classes to organize the data and structure of an application.
The PHP has begun OOP life with PHP 4. The object-oriented PHP ease the
transition from procedural to object-oriented programming. In PHP we can
define objects, assign their properties and make them do things
programmatically. The objects are only exist in program but we can interact
through user interface as web pages and make them perform certain task and
properties. Similarly, we can define classes. A class is a wrapper that defines
and encapsulates the object along with all of its methods and properties. Within
a class wrapper, the values of specific properties of object can be define or
modify and make them to do things.

The main goals of object oriented programming are:

 Increased understanding

 Ease of maintenance

NIRAJ YADAV 16
WEB APPLICATION DEVELOPMENT

 Ease of evolution

Fig: class wrapper

In the above example line 3 defines the name of user as ‘user’. Line 5 defines
the name of the user as property. The public part means that it is accessible
from everywhere throughout the application. Line 7 calls the __construct
method which when called will run as the class in instantiated. Line 9-11 check
if the name of the user is passed into the constructor as an argument, and, if not,
we simply assign the name of the user as "John Doe"

OOP Concepts

 Class: This is a programmer-defined datatype, which includes local

functions as well as local data. You can think of a class as a template for
making many instances of the same kind (or class) of object.

 Object: An individual instance of the data structure defined by a class. You

define a class once and then make many objects that belong to it. Objects
are also known as instance.

 Member Variable: These are the variables defined inside a class. This data
will be invisible to the outside of the class and can be accessed via member

NIRAJ YADAV 17
WEB APPLICATION DEVELOPMENT

functions. These variables are called attribute of the object once an object is
created.

 Member function: These are the function defined inside a class and are
used to access object data.

 Inheritance: When a class is defined by inheriting existing function of a

parent class then it is called inheritance. Here child class will inherit all or
few member functions and variables of a parent class.

 Parent class: A class that is inherited from by another class. This is also
called a base class or super class.

 Child Class: A class that inherits from another class. This is also called a
subclass or derived class.

 Polymorphism: This is an object oriented concept where same function

can be used for different purposes. For example function name will remain
same but it make take different number of arguments and can do different
task.

 Overloading: a type of polymorphism in which some or all of operators

have different implementations depending on the types of their arguments.
Similarly functions can also be overloaded with different implementation.

 Data Abstraction: Any representation of data in which the implementation

details are hidden (abstracted).

NIRAJ YADAV 18
WEB APPLICATION DEVELOPMENT

 Encapsulation: refers to a concept where we encapsulate all the data and

member functions together to form an object.

2. Error handling and exception handling

Although solving all the bugs and potential errors in our code sounds like a nice
idea, it's not really possible. The main reason for this is because it's hard to
predict how our code will operate in all scenarios, so we can't write code to
handle it all. With PHP 5 came a new object oriented way of dealing with
errors. Exception handling is used to change the normal flow of the code
execution if a specified error (exceptional) condition occurs. This condition is
called an exception.

This is what normally happens when an exception is triggered:

 The current code state is saved

 The code execution will switch to a predefined (custom) exception handler

function

 Depending on the situation, the handler may then resume the execution
from the saved code state, terminate the script execution or continue the
script from a different location in the code

Similar to other programming language, PHP has exception model which are
important that provides a better control over error handling. The key word
related to exception handling are:

NIRAJ YADAV 19
WEB APPLICATION DEVELOPMENT

 Try: Function using an exception should be in ‘try’ block. The code will
continue as normal if the exception doesn’t trigger. If the exception trigger
then it is thrown.

 Throw: This is how you trigger an exception. Each throw must have at
least one catch.

 Catch: A catch block retrieves an exception and creates an object

containing the exception information

Some of the advantages are mentioned below:

 Provides much more data than simple.

 Provides the facility of advanced error handling.

 Makes the flow of a program much more natural.

 Convenient to communicate the errors.

 Allows distinguishing between different types of errors and is also great for
routing.

3. Session handlers

NIRAJ YADAV 20
WEB APPLICATION DEVELOPMENT

Generally, a session is a way to store information to be used across multiple

pages. The main reason behind using session in PHP is to maintain user’s
information on server rather than using a cookies. Though, session ids are
stored in cookie a user can’t interfere with the content of a session so it is
regarded as more secure. When a user try to modify their session identifier PHP
will just create a new session based on new id. (Marccornick, 2014)

Session Handler a special class that can be used to expose the current internal
PHP session save handler by inheritance. There are six methods which wrap the
six-internal session save handler callbacks (open, close, read, write, destroy and
gc). A session begins when a visiting client somehow identifies itself to the
web server. The web server assigns the client a unique session id, which the
client uses to re-identify itself as it moves from page to page on the website. By
default, this class will wrap whatever internal save handler is set as defined by
the session.save_handler configuration directive which is usually files by
default. Other internal session save handlers are provided by PHP extensions
such as SQLite (as sqlite), Memcache (as memcache), and Memcached (as
memcached). When a plain instance of Session Handler is set as the save
handler using session_set_save_handler() it will wrap the current save handlers.
A class extending from SessionHandler allows you to override the methods or
intercept or filter them by calls the parent class methods which ultimately wrap
the internal PHP session handlers.

Some of the session handlers are :

 session_set_save_handler( ) (Creates a level storage function for read,
write, close, destroy)
 session.save_handler (Alternative save handlers for PHP extensions)
 session_write_close ( Superglobal session for callback handlers)

NIRAJ YADAV 21
WEB APPLICATION DEVELOPMENT

 sessionhandler ( Extends internal PHP handlers and initializes session

handler to cleanup old lessions, destroy and close)
 session_start (Starts the session)

Hence, to utilize session handler, these commands are very useful to implement. Moreover, this
works on the application layer of OSI model. A session handler on other hand needs to create
lock and unlock mechanism to function properly. This mechanism and functions are convenient
using MySQL. Session implementation requires an association based upon standard libraries to
provide the key through sessionID. Session storage then searches for the client’s request and
their requirement through server side storage. As an example: Online shop offers a cart which
needs to be covered. In many web shops a user does not have to be authenticated to use the cart,
which means that a session could also be established without prior authentication. Therefore, this
also allows us to track the user’s movements (Wilhelm, A. 2013).

A session for PHP5 and MySql can be destroyed, stored, inserted etc… On the other
hand, MySQL session can also be used as a session handler where custom class does
the other thing. If there is no need of extra methods to include in session handler then
MySQL does not need to store the session data.

4. Web services

NIRAJ YADAV 22
WEB APPLICATION DEVELOPMENT

A Web service is a method of communication between two electronic devices

over a network. It is a software function provided at a network address over the
web with the service always on as in the concept of utility computing.
Historically, every time there‘s been a need for two systems to communicate, a
new protocol has been created (for example, SMTP for sending mail, POP3 for
receiving mail, and the numerous protocols that database clients and servers
use). The idea of web services is to remove the need to create new protocols by
providing a standardized mechanism for remote procedure calls, based on XML
and HTTP. Web services make it easy to integrate heterogeneous systems. Say
you ‘re writing a web interface to a library system that already exists. It has a
complex system of database tables, and lots of business logic embedded in the
program code that manipulates those tables.
With PHP it is possible to upload files to the server. For this purpose users can
create a form. Since allowing users to upload files is a big security risk, only
permit users should be allowed to perform this action. After creating a form, we
should create an upload script i.e. upload_file.php. Using the PHP$_FILES we
can upload files from a client computer to server.
PHP helps to centralize the connection information and credentials for the
database into a single configuration file. However, the file is not stored under
our root. It is stored elsewhere outside the web root. There are two reasons for
this. First, we are not careful, someone might be able to access that file through
their browser, and then they learn everything needed to connect to your
database. Second, our editor might save backup copies of the file, again causing
it to be exposed to the world. Also, do not check this file into the source code
version control system.

Get and Post

The GET method has a maximum size of 7607 characters. It can be bookmarked as well. On the
other hand, this method should not be used when setting passwords or secret information. This

NIRAJ YADAV 23
WEB APPLICATION DEVELOPMENT

method is placed at URL The POST method cannot be bookmarked as well as the parameters are
not saved in browser history which means that it is secure while sending passwords or sensitive
information. Its size is 8 MB (Max.) (Reyes, 2009)

Syntax :

< form action=”page2.php” method=”GET”>

And

< form action=”page2.php” method=”POST”>

Method applied over MySQL includes extract, updates on the internet, queries to insert,
update, delete and store. On the other hand, MySQL and PHP requires versioning,
accepts extensibility, object oriented services. This will make the coding efficient and
effective through use of large database and application side coding in PHP5 which can
be manipulated and modified according to the output required (Reyes, 2009).

5. Secure PHP programming

Up until version 4.1, PHP was designed to be easy to program, as opposed to
being security-oriented. While this helped its popularity immensely in the short
term, it also created a number of very badly written scripts, and gave a vast
number of programmers a security-ignorant mindset.

Some of the methods to secure PHP programming are:

 Filter input data: The major security vulnerabilities can be addressed by

filtering data obtained from users and other external sources. The inputs from
users are accessible via the superglobal arrays called $_GET, $_POST and

NIRAJ YADAV 24
WEB APPLICATION DEVELOPMENT

$_COOKIE. Make sure that the values accepted before don’t contain any
unexpected input.
 Securing database queries: Using prepared statements and parameterized
queries is the secure option when it comes to interaction with the database.
Mostly, the input passed from user are used to construct query dynamically
which is sent to database which can be maliciously crafted to change the logic
of a query. Such activity potentially enables user to run any types of query or
bypass security measures. (Agarwal, 2014)
 Awareness: The input from external sources should not be trusted before
taking any technical measures. Either it is GET or POST parameter or even a
cookie; it can be set to anything. User-side Java Script form checks will not
make any difference.
 Check user variable: Every external variable has to be verified. In many cases
we can just use type casting. For example when we pass a database table id as
GET parameter the following line would do the trick:

 SQL injections: SQL injection is a code injection technique, used to attack

data-driven applications, in which malicious SQL statements are inserted into
an entry field for execution (e.g. to dump the database contents to the attacker).
SQL injection is mostly known as an attack vector for websites but can be used
to attack any type of SQL database.
A SQL injection attack consists of insertion or "injection" of a SQL query via
the input data from the client to the application. A successful SQL injection
exploit can read sensitive data from the database, modify database data
(Insert/Update/Delete), execute administration operations on the database (such

NIRAJ YADAV 25
WEB APPLICATION DEVELOPMENT

as shutdown the DBMS), recover the content of a given file present on the
DBMS file system and in some cases issue commands to the operating system.
 Cross site scripting: Cross-site scripting (XSS) is a type of computer security
vulnerability typically found in Web applications. XSS enables attackers to
inject client-side script into Web pages viewed by other users. A cross-site
scripting vulnerability may be used by attackers to bypass access controls such
as the same origin policy. Cross-site scripting (XSS) attacks occur when an
attacker uses a web application to send malicious code, generally in the form of
a browser side script, to a different end user. Flaws that allow these attacks to
succeed are quite widespread and occur anywhere a web application uses input
from a user in the output it generates without validating or encoding it.

MySQL

MySQL is an open source RDBMS that depends on SQL for handling the data in the
database. MySQL provides application program interface for the languages C, C++,
Java, Perl, PHP and Python. In the Microsoft environment, Object linking and
Embedding (OLE) and Open Database Connectivity (ODBC) works as MySQL data
connection. MySQL is developed, supported and marketed by MySQL AB. The
database is available for free under the terms of the GNU General Public License (GPL)
or for a fee to those who do not wish to be bound by the terms of the GPL.

Features of MySQL:

The features of MySQL include:

 Relational Database System: Like almost all other database

systems on the market, MySQL is a relational database system.

NIRAJ YADAV 26
WEB APPLICATION DEVELOPMENT

 Client/Server Architecture: MySQL is a client/server system.

There is a database server (MySQL) and arbitrarily many clients
(application programs), which communicate with the server; that is,
they query data, save changes, etc. The clients can run on the same
computer as the server or on another computer (communication via a
local network or the Internet).
 Triggers: Triggers are SQL commands that are automatically
executed by the server in certain database operations (INSERT,
UPDATE, and DELETE). MySQL has supported triggers in a
limited form from version 5.0, and additional functionality is
promised for version 5.1.
 SQL compatibility: MySQL supports as its database language -- as
its name suggests – SQL (Structured Query Language). SQL is a
standardized language for querying and updating data and for the
administration of a database. There are several SQL dialects (about
as many as there are database systems). MySQL adheres to the
current SQL standard (at the moment SQL:2003), although with
significant restrictions and a large number of extensions.
 SubSELECT: Since version 4.1, MySQL is capable of processing a
query in the form SELECT * FROM table1 WHERE x IN (SELECT
y FROM table2) (There are also numerous syntax variants for
subSELECTs.)
 Full-text search: Full-text search simplifies and accelerates the
search for words that are located within a text field. If you employ
MySQL for storing text (such as in an Internet discussion group),
you can use full-text search to implement simply an efficient search
function.
 Unicode: All conceivable character sets are supported by MySQL
since version 4.1, including Latin-1, Latin-2, and Unicode (either in
the variant UTF8 or UCS2) (SearchITChannel, 2015).

NIRAJ YADAV 27
WEB APPLICATION DEVELOPMENT

Advantages of MySQL:

 MySQL is easy to use. Only basic knowledge of SQL is required to operate it

like other relational database.
 MySQL includes solid security layers that protect sensitive data from intruders.
Rights can also be set to allow user interaction. Thus, it is secure.
 MySQL supports development interfaces like JDBC, ODBC and scripting.
 Supports multiples OS like Novell NetWare, Windows, Linux, Macintosh,
UNIX, etc.
 It can handle large amount of data up to as much as 50 million rows or more.

Securing MySQL:

Securing MySQL is crucial for today’s business that stores confidential records on their
database. The security issues related to MySQL includes processes, procedures and
tools that protect a database from misuse and malicious attacks. Some the important
measures for securing MySQL are:

 Ensure that the environment including OS and network are secure.

 Limit database permissions to users, segregate users and regularly assess

user privileges.

 Regularly back up the databases and secure the backups.

 Implement and enforce secure password standards.

 Isolate the web server.

NIRAJ YADAV 28
WEB APPLICATION DEVELOPMENT

 Limit physical and internal access to servers

Conclusion:

Web applications, now has significant difference between traditional and modern types of
software based application. Improvements are now seen through the use of advanced security
and latest technology. Web based applications has reduced the cost of business and brought great
benefits like allowing them to consolidate and streamline their system & processes. Therefore, it
has become the necessity in today’s generation. So, finally the use of PHP5 and MySQL can be
advantageous. The introduction to PHP5 has changed a lot in the field of programming. The
introduction to various new features and its compatibility has made PHP5 much better than the
previous versions. PHP5 uses the Zend Engine 2.0 as its OOP model. So for the better OOP also
PHP5 is useful. Hence for the design of online Central Zoo web application we have PHP5 as the
programming language.

References

NIRAJ YADAV 29
WEB APPLICATION DEVELOPMENT

 Techterms.com, (2017). Web Application Definition. [online] Available at:

http://techterms.com/definition/web_application
 Dbnetsolutions.co.uk, (2015). The Benefits of Web Based Applications and Systems.
[online] Available at:
http://www.dbnetsolutions.co.uk/Articles/BenefitsOfWebBasedApplications.aspx
 SearchITChannel, (2012). What are the top MySQL features? What is MySQL?. [online]
Available at: http://searchitchannel.techtarget.com/feature/What-are-the-top-MySQL-
featuresWhat-is-MySQL
 New features(n.d.), php.net/manual, [online] Available from:
http://php.net/manual/en/migration54.new-features.php
 Kevin waterson(n.d.), tutorials/Object-Oriented-Programming-with-PHP , [online]
Available from: http://www.phpro.org/tutorials/Object-Oriented-Programming-
withPHP.html
 Kasia Mikoluk, blog/php-oop-tutorial/, [online] Available from: (October 2013.)
https://www.udemy.com/blog/php-oop-tutorial/
 PHP(n.d.), w3schools, [online] Available from: http://www.w3schools.com/PHP/,
 Wegilant(n.d.), secure-programming-in-PHP, [online] Available from:
http://www.wegilant.com/secure-programming-in-php/, [Accessed: 20th May 2014].
 Reyes, J. (2009),PHP security:Fortifying your website-power tips, tools and how to ‘s.
[online] Available from: http://www.noupe.com/php/php-security-tips.html.
 Session handlers(n.d.), manual/en/class.sessionhandlerinterface.php, [online] Available
from: http://www.php.net/manual/en/class.sessionhandlerinterface.php.
 KRISTY WESTPAL (2003), secure MySQL database design,[online] Available from:
http://www.symantec.com/connect/articles/secure-mysql-database-design

NIRAJ YADAV 30
WEB APPLICATION DEVELOPMENT

Task 2

Critically compare different types of Server Side Programming Languages / scripting

languages and examine web security concerns and make recommendations for security
improvements [1.2, 1.3]

Consider: Database connectivity, Server-Side Interaction mechanism, Tools available

and Ease of Usage, Session and Cookies, data Storage, data processing, processing time,
and security requirement

Introduction to programming languages

Programming languages are artificial languages basically designed to communicate

instructions to a machine, specifically a computer. Programs can be created to control the
behavior of a machine or to express algorithm with the help of programming languages
(Salus, 1998). There are thousands of various programming languages created till now
and more are still being created every year. Many programming languages require
computation to be specified in an imperative form (i.e. as a sequence of operations to
perform), while other languages utilize other forms of program specification such as the
declarative form (i.e. the desired result is specified, not how to achieve it). Programming
languages are written in two sides i.e. Client side and Server side which can also be
Client-side scripting and Server-side scripting.

Server side programing language

Server side programming refers to technology used in a web server whereby a user's request is
verified by running a script directly on the web server which results in dynamic web pages. Its
function is to provide interactive web sites that interface to data stores or other data bases. It is
advantageous in that it has the ability to highly customize the response based on the user's queries,

NIRAJ YADAV 31
WEB APPLICATION DEVELOPMENT

requirements and access rights. Server-side programming languages are scripts that are executed
on the server, and are then translated into Hypertext Markup Language (HTML) which can be
viewed by all web browsers. The two most popular server-side scripting languages are PHP:
Hypertext Processor and Active Server Pages (ASP). Additionally, there are numerous other
languages like AJAX and ColdFusion. (Cyber Indian, 2013)

Advantages:

 It does not require the user to download plugins like Java or Flash.
 It create own applications or use content management systems to maintain their websites
without needing to edit code.

Disadvantages:

 It requires the scripting software to be installed on the server.

 Most of the scripts and content management systems need databases in order to store the
dynamic data.

Client Side programing Languages

Client side development is done almost exclusively in JavaScript. This is, obviously, in addition
to basic HTML and CSS code. A client side language is called JavaScript because it runs scripts
on our computer after we’ve loaded a web page. An example below explains it:

NIRAJ YADAV 32
WEB APPLICATION DEVELOPMENT

That JavaScript code takes the string ‘Hello’ and pops it into the element with an ID of ‘hello’ –
let’s say it was an

. What was originally inside that element gets replaced, but if we open up the source code of that
page, we’ll still see that original text and not ‘Hello’. This is because ‘Hello, world!’ was
dynamically added to the HTML document – it was not a part of the original document that was
loaded by our browser. However, what we will be able to see is the JavaScript code which was run
by our computer (codeconquest,n.d.).

Client-side scripting generally refers to the class of computer programs on the web that are
executed client-side, by the user's web browser, instead of server-side (on the web server). This
type of computer programming is an important part of the Dynamic HTML (DHTML) concept,
enabling web pages to be scripted; that is, to have different and changing content depending on
user input, environmental conditions (such as the time of day), or other variables. Client-side
scripts are often embedded within an HTML or XHTML document (hence known as an "embedded
script"), but they may also be contained in a separate file, to which the document (or documents)
that use it make reference (hence known as an "external script"). Upon request, the necessary files
are sent to the user's computer by the web server (or servers) on which they reside. The user's web
browser executes the script, then displays the document, including any visible output from the
script. Client-side scripts may also contain instructions for the browser to follow in response to
certain user actions, (e.g., clicking a button). Often, these instructions can be followed without
further communication with the server (sqa.org, n.d). By viewing the file that contains the script,
users may be able to see its source code. Many web authors learn how to write client-side scripts
partly by examining the source code for other authors' scripts.

Advantages:

 Allow for more interactivity by immediately responding to users' actions.

NIRAJ YADAV 33
WEB APPLICATION DEVELOPMENT

 Are reusable and obtainable from many free resources such as Hotscripts.com and
Javascript.com.
 May improve the usability of Web sites for users whose browsers support scripts.

Disadvantages:

 Not all browsers support scripts, therefore, users might experience errors if no alternatives
have been provided.
 Different browsers and browser versions support scripts differently, thus more quality
assurance testing is required.
 Developers have more control over the look and behavior of their Web widgets but
usability problems can arise if a Web widget looks like a standard control but behaves
differently.

Differences between client-side and server-side

Client-side Server-side

The action that takes place on the user’s (the The action that takes place on a web server is
client’s) computer is called client-side. called server-side.

Client-side programming is writing code that Server-side programming is writing code that
will run on the client, and is done in languages runs on the server, using languages supported
that can be executed by the browser, such as by the server (such as Java, PHP, C#; it is
JavaScript.

NIRAJ YADAV 34
WEB APPLICATION DEVELOPMENT

possible to write code that executes on the

server-side in JavaScript).

Client-side programming is the name for all of Server-side programming is the general name
the programs which are run on the Client. for the kinds of programs which are run on the
Server.

Uses Uses

 Make interactive WebPages.  Process user input.

 Make stuff happen dynamically on the  Display pages.
web page.  Structure web applications. Interact
 Interact with temporary storage, and with permanent storage (SQL, files).
local storage (Cookies, local Storage).
Send requests to the server, and
retrieve data from it.
 Provide a remote service for client-side
applications, such as software
registration, content delivery, or
remote multi-player gaming.

Example languages: Example languages:

JavaScript (primarily), HTML*, CSS* PHP, ASP.Net in C#, C++, or Visual Basic.
Nearly any language (C++, C#, Java).

NIRAJ YADAV 35
WEB APPLICATION DEVELOPMENT

Any language running on a client device that These were not designed specifically for the
interacts with a remote service is a client-side task, but are now often used for application-
language. level web services

Client side programming has mostly to do with Server side programming has to do with
the user interface, with which the user generating dynamic content. It runs on servers.
interacts. In web developing it's the browser, in Many of these servers are "headless". Most
the user's machine, that runs this code, and is web pages are not static, they search a database
mainly done in JavaScript, flash, etc. This code in order to show the user updated personalized
must run in a variety of browsers. information. This side interacts with the back
end, like say, the database.

(stackexchange,n.d.).

Risks in web scripting languages

With the rise of Web 2.0, increased information sharing through social networking and increasing
business acceptance of the Web as a means of doing business and delivering service, websites are
often attacked directly. Hackers either seek to compromise the corporate network or the end-users
accessing the website by subjecting them to drive-by downloading. As a result, industry is paying
increased attention to the security of the web applications themselves in addition to the security of
the underlying computer network and operating systems. There are various web security risks in
scripting languages which are described below:

Cross site scripting

The risks of cross site scripting are now far more striking target than more notorious bugs such as
buffer overflows. Buffer overflows have been one of the most common kinds of bugs attacked by
malware, with Intel and Advanced Micro Devices (AMD) even developing in hardware support

NIRAJ YADAV 36
WEB APPLICATION DEVELOPMENT

for an anti-buffer technology called NX (No Execute) or XD (Execution Disable). The risks of
buffer overflows are the risks a long time ago. But now cross-site scripting has been a challenge
for all programmers. Buffer overflows attacked executable files written in languages such as C,
but the popularity of cross-site scripting bugs is increasing due which the attackers are targeting
more at programming languages typically used for web application such as JAVA, .NET and PHP.
The impact of cross-site scripting can be found more in client side scripting languages as this
language includes same origin policies, that permits communication between web objects and
pages as long as they came from the same domain and over the same protocol. Cross-site scripting
bug allows malicious websites to find ways around these policies, potentially retrieving delicate
data in other objects or browser windows (Broersma, 2006).

Injection Flaws

Injection flaws can be considered as the top web security risks, particularly SQL injection flaws.
According to OWASP, “Injection flaws, such as SQL, OS, and LDAP injection, occur when
untrusted data is sent to an interpreter as part of a command or query”. Use of injections allows
attackers to transmit malicious code through a web application to another system. Injection attacks
include calls to the OS via system calls, use of external programs via shell commands as well as
calls to backend databases via SQL, commonly known as SQL injection. The scripts written in any
of the programming languages like Perl, Python etc. can be injected into a poorly designed web
application and executes which results the risk of injection attack (Wojnowski, n.d.). Since
injections are very easily exploitable by a hacker, it is considered as the top risk. Injection attacks
can run the entire range of severity, from trivial to complete system compromise or destruction.
For the purpose of injection, shell commands are widely used due to which the web application
having a command injection flaw should be considered high. SQL Injections activate by injecting
data into a web application which is then used in SQL queries. The data usually comes from
untrusted input such as a web form. However, it’s also possible that the data comes from another
source including the database itself. Programmers will often trust data from their own database
believing it to be completely safe without realizing that being safe for one particular usage does

NIRAJ YADAV 37
WEB APPLICATION DEVELOPMENT

not mean it is safe for all other subsequent usages. Data from a database should be treated as
untrusted unless proven otherwise, e.g. through validation processes (Brady, n.d.).

Broken Authentication and Session Management

The aspects of handling user authentication and managing active sessions are included in
authentication and session management. While authentication itself is critical aspect to secure,
even solid authentication mechanisms can be undermined by inconsistent credential management
functions, including password change, "forgot my password", "remember my password", account
update, and other related functions. Because "walk by" attacks are likely for many web
applications, all account management functions should require re authentication even if the user
has a valid session id, in case an attacker has discovered a session where the original user has failed
to log out (Upenn.edu, 2014). User authentication on the web typically involves the use of a user
id and password. There are other methods for stronger authentication available like software and
hardware based cryptographic tokens or biometrics, but such mechanisms are cost prohibitive for
most web applications. A wide range of account and session management errors can result in the
compromise of user or system administration accounts. Development teams normally
underestimate the complication of designing an authentication and session management scheme
that effectively protects credentials in all aspects of the site. Web applications must establish
sessions to keep track of the stream of requests from each user. HTTP does not provide this
capability, so web applications must create it themselves. Frequently, the web application
environment provides a session capability, but many developers prefer to create their own session
tokens. In either case, if the session tokens are not properly protected, an attacker can hijack an
active session and assume the identity of a user. Creating a scheme to create strong session tokens
and protect them throughout their lifecycle has proven elusive for many developers. Unless all
authentication credentials and session identifiers are protected with SSL at all times and protected
against disclosure from other flaws, such as cross site scripting, an attacker can hijack a user's
session and assume their identity (Pvt. Ltd and A.G, 2014).

NIRAJ YADAV 38
WEB APPLICATION DEVELOPMENT

Security Misconfiguration

Security misconfigurations frequently arise beyond simply our website application. “Good
security requires having a secure configuration defined and deployed for the application,
frameworks, application server, web server, database server, and platform. All these settings
should be defined, implemented, and maintained as many are not shipped with secure defaults.
This includes keeping all software up to date, including all code libraries used by the application.”
Indeed many of these misconfigurations may not even be things you have direct control over; for
example, they are risks arising from your website hosting configuration (Warrenwojnowski.com,
2015).

Comparing PHP and Javascript

PHP (Server-side programming language)

A relative newcomer in the server-side development arena, PHP has gained a large following
among programmers with its familiar syntax and comprehensive function library. Also, its
relatively simple syntax and low, low price (it’s free!) has made it an attractive alternative to
Microsoft’s ASP for new developers. PHP has been dubbed by some to be ‘Perl killer’ of the
server-side scripting world. For purposes of Web development, PHP can do almost everything that
Perl can, and usually does it quicker and easier. Unlike Perl, which usually runs as a CGI program
invoked by the Web server to handle each page request, PHP can integrate with your Web server
so that it operates much more efficiently. PHP is free, cross-platform, Open Source software. It
integrates with all major Web servers on all major operating systems. This is a great boon for
developers on a budget, because they can set up a complete Linux-based Web server with PHP
support and not pay a dime for software. The downside of this, of course, is that there is no formal
support for any problems you may encounter with PHP and the current versions of PHP are quite
stable and reliable. (ibid)

NIRAJ YADAV 39
WEB APPLICATION DEVELOPMENT

Advantages:

 Fairly easy to learn, especially for developers with C/C++, Java, or Perl experience.
 Active user community willing to lend you a hand getting started.
 Everything’s built right into the language.
 It’s free.
 Cross-platform.

Disadvantages

 This language was designed to be programmer-friendly, which unfortunately makes it a

little less friendly to non-programmers.

JavaScript as client side scripting language

JavaScript is Client Slide Scripting Language amongst many other Open Source language in the
market available for anyone and can use without having a need to hold a license. Also, it is
supported by majority of new browsers available in market for free ranging from Firefox, Google
Chrome, Internet Explorer (Limited Support), Apple Safari etc. JavaScript is an interpreted
computer programming language & is a part of web browsers so that it could interact with users
and have asynchronous communication and alter websites or applications content that is displayed
on the screen for the user. Also, JavaScript’s are extensively used in applications outside of
websites. For Example: In PDF documents etc.

Advantages of JavaScript

 It can detect Platform where the user is on.

 Can detect Browser Information and its version details etc.

NIRAJ YADAV 40
WEB APPLICATION DEVELOPMENT

 JavaScript can add Functionality which can make huge differences while checking for
Cross Browser issues.
 JavaScript is relatively fast to the end user.

Disadvantages

 Security Issues: JavaScript snippets, once appended onto web pages execute on client
servers immediately and therefore can also be used to exploit the user's system.
 JavaScript rendering varies: Different layout engines may render JavaScript differently
resulting in inconsistency in terms of functionality and interface. (Louis Lyare, 2014)

Comparing PHP and ASP

PHP (Server-side programming language)

NIRAJ YADAV 41
WEB APPLICATION DEVELOPMENT

Advantages:

Disadvantages

 This language was designed to be programmer-friendly, which unfortunately makes it a

little less friendly to non-programmers.

ASP.NET:

ASP.NET is a set of Web development tools offered by Microsoft. Programs like Visual Studio
.NET and Visual Web Developer allow Web developers to create dynamic websites using a visual
interface. Every element in an ASP.NET page is treated as an object and run on the server. An
ASP.NET page gets compiled into an intermediate language by a .NET Common Language
Runtime-compliant compiler. Then a JIT compiler turns the intermediate code to native machine
code and that machine code is eventually run on the processor.

Advantage

 Compiled code performance.

 Multiple language development.
 Visual Studio Design-time Integration and Expression Web.
 Easy to learn for beginners.

NIRAJ YADAV 42
WEB APPLICATION DEVELOPMENT

Disadvantage

 Difficulties in rendering HTML tags.

 Runs only in Microsoft platforms.

Database Connectivity

PHP is a general-purpose programming language of considerable power. Its huge number of

special-purpose functions means you can do almost anything with PHP. The real power of PHP
comes from using it as "middleware" to connect a database management system to the Web. This
combination allows you to serve data from the database on the Web, and update the database with
information obtained from Web users. The possibilities for electronic commerce are obvious, but
there are many other things you can do with a combination such as this. With PHP, we can easily
connect to a database, query for data, display results in a web site, modify the data in the database
etc. MySQL is a very popular database and MySQL is free. Oracle is widely used in the enterprises
and that is the database we'll use to get an idea about database connectivity. (Bob brown, 2002).

PHP provides built-in database connectivity for a wide range of databases. For e.g

NIRAJ YADAV 43
WEB APPLICATION DEVELOPMENT

Server-side Interaction mechanism

Fig: Server-client Interaction mechanism

Tools available and Ease of Usage

PHP has many tools available in it and easy to use which creates many applications. Dreamweaver
is a popular Web development application with support for many technologies including PHP.
Dreamweaver has come up with heavy emphasis on the new features, such as the ability to work
directly in the Document window with Drupal, Joomla, Word Press, and Site-Specific Code Hints.
Dreamweaver CS5 is capable of generating code hints on the fly for custom functions and classes,
as well as third-party code libraries. Similarly, eclipse is also used as the PHP developer’s tool. It
is one of the most widely used tool. Eclipse uses plug-ins to provide all the functionality within
and on top of the runtime system. Its runtime system is based on Equinox, an implementation of
the OSGi core framework specification. In addition to allowing the Eclipse Platform to be extended
using other programming languages such as C and Python, the plug-in framework allows the
Eclipse Platform to work with typesetting languages like Latex, networking applications such as
telnet and database management systems.

Session and Cookies:

Sessions are a combination of a server-side cookie and a client-side cookie, with the client-side
cookie containing nothing other than a reference to the correct data on the server. Thus, when the
user visits the site, their browser sends the reference code to the server, which loads the

NIRAJ YADAV 44
WEB APPLICATION DEVELOPMENT

corresponding data. Cookies are automatically sent to the web server (and received/parsed by PHP)
each time a user visits. That means that once we place our cookie, our visitors' browsers will
automatically send the contents of that cookie across to us each time they view our message board
index, and PHP will read the value into the $_COOKIE super global array.

This may seem a bit clumsier than just having a client-side cookie with all your data in, but there
are a few advantages:

 Server-side cookie can contain very large amounts of data with no hassle. Client-side
cookies are limited in size.
 Client-side cookie contains nothing other than a small reference code as this cookie is
passed each time someone visits a page on the, we can save a lot of bandwidth by not
transferring large client-side cookies around.
 Session data is much more secure and is able to manipulate it, as opposed to client-side
cookies which are editable by all.

It is also important to note that sessions only last till the user closes their browser, whereas cookies
can be configured to last longer. (Tuxradar, 2010).

Data Storage

Many applications require the long-term storage of information. In PHP scripts, you can make
information available within sessions — periods of time that users spend at your Web site — by
using methods such as PHP session functions and by submitting forms. However, eventually you
need to store information for use tomorrow or next week. You can store it in a cookie that you
set to last after the session is ended, but the information is vulnerable. It’s not under your control.
The user can delete or change the information at any time or can refuse to accept the cookie. To
be available and stable, the information needs to be stored somewhere secure, where no one can
access or tamper with it. The information needs to be stored on the server.

NIRAJ YADAV 45
WEB APPLICATION DEVELOPMENT

Information can be stored on the server in flat files or in databases. Flat files are text files stored
in the computer file system. Humans can read flat files by using the operating system commands
that display files, such as cat in Linux and Unix. You can access and edit these files by using any
text file editor, such as Notepad or vi. The information in the flat file is stored as strings, and the
PHP script that retrieves the data needs to know how the data is stored. For example, to retrieve a
customer name from a file, the PHP script needs to know that the customer name is stored in the
first 20 characters of every line.

Using a database for data storage requires you to install and learn to use database software, such
as MySQL or Oracle. The data is stored in files created by the database software and can only be
accessed by the database software. Databases can store very complex information that you can
retrieve easily. You don’t need to know how the data is stored, just how to interact with the
database software. For example, to retrieve a customer name, the PHP script needs to know only
how to tell the database software that it wants the customer name, using a standard
communication language called SQL. The database software handles the storage and delivers the
data, without the script needing to know exactly where or how the customer name is stored.

Some Advantage of database

 Security: A database provides a security layer of its own, in addition to the security
provided by the operating system. A database protects the data from outside intrusion
better than a flat file.

 Accessibility of data: You can store data in a database by using a very complex data
structure, specifying data types and relationships among the data. The organization of the
data makes it easy to search the data and retrieve what you need.

 Ability to handle multiple users: When many users store or access data in a single file,
such as a file containing names and addresses, a database ensures that users take their
turn with the file to avoid overwriting each other’s data.

NIRAJ YADAV 46
WEB APPLICATION DEVELOPMENT

Data processing

I was thinking today of how people tend to use MySQL in modern applications and it stroke me
in many cases MySQL is not used to process the data, at least not on the large scale – instead it is
used for data storage and light duty data retrieval. Even in this case however the cache (ie
memcache) is often implemented to offload MySQL.

When it comes to large scale data processing other techniques are used. Google uses some
bigtable based technologies for search and Google Analytics (which is quite typical log
processing application), when you look at recommendation task as well as a lot of other
personalized services they may not use MySQL (and SQL at all). In many cases you would see
absolutely custom solutions are implemented, in other cases you would
see Hadoop or Sphinx used to crunch data in parallel or it even could be special wrapper on top
of MySQL do do the work. The reason for this is not only because many tasks are not well
expressed in SQL or map to relational data structure to well, but also because of lack of build in
parallel processing. When you need high data processing speed you simply can’t do it on single
CPU especially since systems are getting wider more than CPU cores get faster, though even
single node does not take you that far. MySQL concept of Single Query=Single Thread works
well when few rows needs to be analyzed which often forces us to do tricky optimizations
because if query has to analyze 10.000.000 of rows you’re busted – it simply will take too long
for user to wait for reply (especially in modern age of AJAX applications with sub second
response requirements). Note you will have to solve this problem even if it is relatively rare case
and in most cases it will take much shorter time. This is why we have to do careful indexing
build summary/cache tables hunt queries which traverse a lot of data and kill them.

Now think what happens if you Search Google or engage in any other processing intensive
activity. If result is not served from cache you will have many CPU seconds if not minutes used
processing your request, but you get reply fast because hundreds and thousands of CPUs were
handling data for you in parallel.

NIRAJ YADAV 47
WEB APPLICATION DEVELOPMENT

You may argue limited number of applications needs so serious data crunches – could be,
however the number of such applications would likely grow in the future. Mobile Internet is to
seriously increase number of global Internet users, plus we see more and more personalized
services in terms of information provisioning, advertisement, social interactions etc which will
need to employ more and more complex algorithms as they mature. Interesting enough so far
MySQL does not have anything which tackles this need, even on the roadmap. Indeed MySQL
has MySQL Cluster but it is quite different. MySQL Cluster at this point is a cluster in terms of
Storage – only minor aspects such as data filtering can be offloaded and performed in parallel
while a lot of other jobs such as sorting, unions/instersections have to be performed on the SQL
node.

May be MySQL Cluster will evolve and data storage nodes will be able to perform all kinds of
operations, in which case it will become much more helpful. Of course if it also drops a lot of its
other limits and will be able to scale to thousands of nodes.

Security requirement

A security requirement is a goal set out for an application at its inception. Every application fits a
need or a requirement. Some applications allow customers to perform actions without needing
help from a company representative. Just as those actions and outcomes are laid out as goals for
the final application, the security goals must also be included. A security requirement is not a
magic wand that you can wave at an application and say “Thou shalt not be compromised by
hackers” any more than a New Year’s resolution is a magic wand that you can wave at yourself
to lose weight. Just like a resolution to lose weight, being vague is a recipe for failure. How
much weight? How will you lose it? Will you exercise, diet, or both? What milestones will you
put out there? In security, the same types of questions exist. What kinds of vulnerabilities are you
looking to prevent? How will you measure whether your requirement is met? What preventative
measures will you take to ensure that vulnerabilities aren’t built into the code itself?

When building a security requirement, be specific about the kind of vulnerabilities to prevent.
Take this requirement example: “[Application X] shall not execute commands embedded in data
provided by users that forces the application to manipulate the database tables in unintended

NIRAJ YADAV 48
WEB APPLICATION DEVELOPMENT

ways.” This is a fancy way of saying that the application should not be vulnerable to SQL
injection attacks. This can be tested with specific kinds of tests, both on the source code itself
and on the compiled application. These attacks are preventable with a combination of rejecting
or scrubbing bad input from the user, using a carefully crafted type of database query that flags
data as data and not as commands to be acted upon, and modifying the output of the database
calls to prevent bad data from attacking functionality down the line.

Security concerns:

There are various sorts of risks in web scripting languages. Some of them are described below:

 Security Misconfiguration: Security misconfiguration vulnerabilities could occur if a

component is susceptible to attack due to an insecure configuration option. These
vulnerabilities often occur due to insecure default configuration, poorly documented
default configuration, or poorly documented side-effects of optional configuration. This
could range from failing to set a useful security header on a web server, to forgetting to
disable default platform functionality that could grant administrative access to an
attacker.
 SQL Injection: A SQL injection attack consists of insertion or "injection" of a SQL
query via the input data from the client to the application. A successful SQL injection
exploit can read sensitive data from the database, modify database data
(Insert/Update/Delete), execute administration operations on the database (such as
shutdown the DBMS), recover the content of a given file present on the DBMS file
system and in some cases issue commands to the operating system. SQL injection attacks
are a type of injection attack, in which SQL commands are injected into data-plane input
in order to effect the execution of predefined SQL commands (tuxradar, n.d).

Recommendation for Security improvement:

 Database Connectivity: For the purpose of database in PHP, it uses MySQL. For
establishing connection between PHP and MySQL database, we should use
mysql_connect function which returns a resource which is pointer to functions.

NIRAJ YADAV 49
WEB APPLICATION DEVELOPMENT

 Similarly, in ASP database connectivity is done with the help of Active X data object that
comes with ASP and can be used for pages of ASP. Firstly, an instance is created to
connect the object and feed it the location of the database which is to be connected to and
the driver that intend to use. For this method connection string has to be used. Normally
the OLEDB connection string is used.
 Available Tools: There are many too available to enhance the security and usability of
web application. Amongst different tools available Firebug are listed below:
 Sessions and Cookies Sessions in PHP: Session Variable is used to store information
about the change settings for a user session. Session variables hold information about one
single user and are available to all pages on application. PHP sessions solve this problem
by allowing user to store user information on the server for later use. Session information
is temporary and will be deleted after the user has left the website.
 Cookies in PHP: A Cookie is used to identity a user. Cookie is a small file which is
implanted by server to the user computer. The set_cookie() is the function to set cookie in
PHP. The value of the cookie is auto URL encoded when sending the cookie and auto
decode when receiving. The expiring time of the cookie can be set in another way. The
PHP $_cookie variable is used to retrieve a cookie value.
 Sessions in ASP: Working with application in the computer some changes are made then
it is closed. It is the session in the ASP. The computer understands which user is using
the application. ASP creates unique cookie for each user to solve the problems with the
server. The cookie is sent to the user device and contains information that identifies the
user this interface is called the session object.
 Cookies in ASP: Cookie is used to know the user. It is smaller file that the server creates
on the user computer and devices. As the user request a page in a browser it well sends
the cookie. Using ASP the cookie can be created and destroyed. In ASP respond.cookies
command is used to build the cookie.

NIRAJ YADAV 50
WEB APPLICATION DEVELOPMENT

Task 3

Design a web application to meet a given requirement and synthesize client side and
server side functionality in a web application in your design and apply a database for use
in a web application [2.1, 2.2, 2.3, M2]

Introduction

A web application or web app is any application software that runs in a web browser or
is created in a browser-supported programming language and relies on a common web
browser to render the application. Web applications are popular due to the ubiquity of
web browsers, and the convenience of using a web browser as a client, sometimes called
a thin client. The ability to update and maintain web applications without distributing and
installing software on potentially thousands of client computers is a key reason for their
popularity, as is the inherent support for cross-platform compatibility. Common web
applications include webmail, online retail sales, online auctions, wikis and many other
functions.

In today’s world, developing an application has become much easier than it was
previously. Every design procedures and methodologies are well crafted and new
methods are invented day to day. Likewise, developing web application carries the same
sense with developing solution from root.

Starting from beginning we go with UML diagram that helps us to understand the solution
prior to development. Moreover, system interactions are well understood able with these
diagrams. For the Central Zoo, USE Case, Sequence Diagram and Schema Diagram are
plotted to collect the information for further development and to understand the system.
It gives overall idea about the system.

NIRAJ YADAV 51
WEB APPLICATION DEVELOPMENT

Design a web application to meet a given requirement. [2.1]

Introduction

Central Zoo Nepal”, established basically as the private zoo by late Prime Minister, the Central
Zoo is the only zoo in Nepal. The NTNC has developed plans and policies to maintain the zoo and
improve the living conditions of animals. The Central Zoo is a 6-hectare zoo in Jawalakhel, Nepal.
It is home to some 870 animals in 109 species, and is operated by the National Trust for Nature
Conservation (NTNC). However, the top management of Central Zoo is realizing the need to use
customized Web Application Automated System in place of manual methods to keep up with the
times. Since the Applications are completely browser based and require no installation or any
additional software, these customized Web Applications are uniquely suited to all their needs.
Below are the screenshot of designed I have made.

This page is login page, it is designed under photoshop. While there will be a check box for supplier
to login and another user can login simply by entering the username and password. The design is
simple and attractive

NIRAJ YADAV 52
WEB APPLICATION DEVELOPMENT

Dashboard

This page contains all the information such as how many system user are register, food item
number, zoo area number are listed here. Also user can add the to do task for a specific day.

Add User Design

This page contains simple form with dropdown and button. The dropdown is used for designation
selection such as manager, clerk, sectary. The Add button is used for saving the data to database,
when user press the add button, the backed process start and save the data enter by user to database.
The cancel button help to undo the data enter in the form

List User

NIRAJ YADAV 53
WEB APPLICATION DEVELOPMENT

This page is designed to view all the system user present in the database. This page also user to
delete and update user data.

Add Supplier

This page contains simple form with button. The Add button is used for saving the data to database,
when user press the add button, the backed process start and save the data enter by user to database.
The cancel button help to undo the data enter in the form. There is also a textbox which help to get
the address information

NIRAJ YADAV 54
WEB APPLICATION DEVELOPMENT

List Supplier

This page is designed to view all the supplier user present in the database. This page also user to
delete and update user data.

Add-List Zoo area

This page contains the form and table in same page. The form help to add the zoo area and also
select in charge for specific area. The button help to add and cancel the user process. Below is
table which display the zoo area name with in charge. Also user can delete and update the record

NIRAJ YADAV 55
WEB APPLICATION DEVELOPMENT

Animal/Species

1. Add-List Species
This page contains the form and table in same page. The form help to add the animal
species. The button help to add and cancel the user process. Below is table which display
the animal species name. Also, user can delete and update the record

2. Add-List Animal

NIRAJ YADAV 56
WEB APPLICATION DEVELOPMENT

This page contains the form and table in same page. The form help to add the animal and also
select the species for specific animal. The button help to add and cancel the user process. Below
is table which display the animal name, number with in species. Also, user can delete and update
the record

Food Item

This page contains the form and table in same page. The form help to add the food item and also
help to take out the food. The button help to add and cancel the user process. Below is table which
display the food item with in available quantity, here user cannot take out the food if the food is
below 5KG . Also, user can delete and update the record

NIRAJ YADAV 57
WEB APPLICATION DEVELOPMENT

Food Item Report

1. Daily-Taken out food

This page contains the information of the food which is taken out per day. This helps to
know how much food will be consume daily. User can view the report.

2. Foods-To be order
This page display the food that are out of stock.

NIRAJ YADAV 58
WEB APPLICATION DEVELOPMENT

Order

1. Make Order
This page contains form with dropdown menu, which help to select the supplier where we
want to order, select food which is out of stock and food type, user add the quantity they
want to order and delivery date. The Add button help to save the data, also send the enter
detail to the supplier and cancel button undo the user enter data.

2. All Order
This page show the order that has been made by user, this page show order status, invoice
status, whether the secretary receive the order or not etc.

NIRAJ YADAV 59
WEB APPLICATION DEVELOPMENT

Synthesize client side and server side functionality in a web application in your design [2.2]

Justification of design:

Central Zoo web application has been proposed to develop with php programming
language using phpMyAdmin (MySQL) online database to store all the data related to
zoo. Following listed designs are proposed to be implemented in the system as they have
been proposed by clients and are essential part of the project.

The design and functions are explained in the table below:

S.N. Design Reason for design

NIRAJ YADAV 60
WEB APPLICATION DEVELOPMENT

1. Login In order to control user

access and for the
security. Only the user
providing valid
information can log on
to the system and get
access to the provided
information.

2. User Facilitate to add, delete,

handling and change user, food,
animal, zooarea etc.
Admin provides
authentication so that
only the authorized user
can operate the system.

3. Search Search help to find any

information need to user
when they are login.

4. Add, This help to add all

delete, details information of
list and zoo such as which
update animal are presented in
food, zoo, what food they
animal, need, which supplier
supplier.

NIRAJ YADAV 61
WEB APPLICATION DEVELOPMENT

help to deliver the food

ect.

5. Make The make order process

Order, help to order the item
Stock which is shown in stock
View view. The stock view
will show how many
item are out of stock.

Apply a database for use in a web application. [2.3]

UML diagrams

The Unified Modeling Language (UML) is a general-purpose modeling language in the

field of software engineering, which is designed to provide a standard way to visualize
the design of a system. The Modeling language in the field of software engineering that
is used to provide a standard way to visualize the design of a system is UML. It is an
important aspect involved in object-oriented software development which uses graphic
notation to create visual models of software systems. The use of UML is not limited
within software Modeling but it is also used for modeling non software systems.

The Unified Modeling Language (UML) is a standard visual modeling language intended
to be used for

 modeling business and similar processes,

 analysis, design, and implementation of software-based systems

NIRAJ YADAV 62
WEB APPLICATION DEVELOPMENT

We prepare UML diagrams to understand a system in better and simple way. A single
diagram is not enough to cover all aspects of the system. So UML defines various kinds
of diagrams to cover most of the aspects of a system.

Some widely-used UML diagrams are:

 Use case diagram

 ER diagram
 Sequence diagram
 Schema diagram
 Collaboration diagram
 Activity diagram

Some of which are explained below:

 Use case diagram

A use case diagram at its simplest is a representation of a user's interaction with
the system that shows the relationship between the user and the different use
cases in which the user is involved. A use case diagram can identify the different
types of users of a system and the different use cases and will often be
accompanied by other types of diagrams as well. Use case diagrams are usually
referred to as behavior diagrams used to describe a set of actions (use cases) that
some system or systems (subject) should or can perform in collaboration with
one or more external users of the system (actors).
A use case diagram is a graphic depiction of the interactions among the elements
of a system. A use case is a methodology used in system analysis to identify,
clarify, and organize system requirements (Holt, 2004). Use case diagrams are

NIRAJ YADAV 63
WEB APPLICATION DEVELOPMENT

considered for high level requirement analysis of a system. So when the

requirements of a system are analyzed, the functionalities are captured in use
cases.

Following items should be identified when we are planning to draw an use case diagram:

 Functionalities to be represented as an use case

 Actors
 Relationships among the use cases and actors
 Guidelines to draw an efficient use case diagram:
 The name of a use case is very important. So the name should be chosen in such
a way so that it can identify the functionalities performed.
 Give a suitable name for actors.
 Show relationships and dependencies clearly in the diagram.
 Do not try to include all types of relationships. Because the main purpose of the
diagram is to identify requirements.
 Use note when ever required to clarify some important points.

The use case diagrams for Central Zoo system are:

 User login

NIRAJ YADAV 64
WEB APPLICATION DEVELOPMENT

 User profile (after login)

 User registration

 Use case for the proposed system

NIRAJ YADAV 65
WEB APPLICATION DEVELOPMENT

Diagram Justification

In the above diagram, we can see that 4 types of user can use the site. They are
admin, clerk, sectary and supplier. Admin first make the user and provide
username to specific user. The admin can control all the activities. The sectary
can perform all the task as admin and the main work of sectary is to review and
confirm the order from the supplier. Clerk control the zoo area and also confirm
the order and can make the order. The supplier can view the order from the
company.

 Schema diagram

Schema Diagram is a visual representation of how different table relationships

enable the schema‘s underlying mission business rules for which the database is
created. All database tables are designated with unique columns and special
features in a schema diagram, for example primary/foreign keys or not null, etc.
Formats and symbols for expression are universally understood, eliminating the

NIRAJ YADAV 66
WEB APPLICATION DEVELOPMENT

possibility of confusion. The table relationships also are expressed via a parent
table‘s primary key lines when joined with the child table‘s corresponding
foreign keys. In a schema diagram, all database tables are designated with unique
columns and special features, e.g., primary/foreign keys or not null, etc. This
provides an overview of the entire database, while facilitating future database
administrator work (janssen, 2014)

Fig: schema diagram of Central Zoo

Justification of diagram:
In above figure, there are altogether 10 table used in central zoo system. Each
table contain primary key and foreign key. The table which have relation has
been linked with use of foreign key. This fig help to determine relationship and
also the table information.

 Interaction/Sequence diagram

NIRAJ YADAV 67
WEB APPLICATION DEVELOPMENT

From the name Interaction it is clear that the diagram is used to describe some
type of interactions among the different elements in the model. So this interaction
is a part of dynamic behavior of the system. The purposes of interaction diagrams
are to visualize the interactive behaviour of the system. Now visualizing
interaction is a difficult task. So the solution is to use different types of models
to capture the different aspects of the interaction.

So the purposes of interaction diagram can be describes as:

 To capture dynamic behavior of a system

 To describe the message flow in the system
 To describe interaction among objects
 To describe structural organization of the objects
 Sequence diagram for login:

 Sequence diagram for search

NIRAJ YADAV 68
WEB APPLICATION DEVELOPMENT

ER Diagram

An entity-relationship (ER) diagram is a specialized graphic that illustrates the

relationships between entities in a database. ER diagrams often use symbols to
represent three different types of information. Boxes are commonly used to
represent entities. Diamonds are normally used to represent relationships and
ovals are used to represent attributes.

Features of the E-R Model:

 The E-R diagram used for representing E-R Model can be easily converted into
Relations (tables) in Relational Model.
 The E-R Model is used for the purpose of good database design by the database
developer so to use that data model in various DBMS.

NIRAJ YADAV 69
WEB APPLICATION DEVELOPMENT

 It is helpful as a problem decomposition tool as it shows the entities and the

relationship between those entities.
 It is inherently an iterative process. On later modifications, the entities can be
inserted into this model.
 It is very simple and easy to understand by various types of users and designers
because specific standards are used for their representation. (Ankit Goyal, 2008)

Conclusion:

In this task, we have considered and shown all the pre-requisites before codding/ writing a program
i.e. ER, use-case diagram, etc. Those all prerequisites help a coder to actually know the flow of
the program and use those requisites in the different field of programming. The main aim of
performing such requisites ins that we a coder/programmer needs to understand/solve all the
elements and a coder only writes the codes when all the prerequisites are fulfilled according to the

NIRAJ YADAV 70
WEB APPLICATION DEVELOPMENT

need of the application and in designing the Central Zoo application we have done the same and
provided all the design, function, ER diagrams that helps a coder to understand the nature of the
application and code the program accordingly.

Task 4

Evaluate alternative designs and solutions to meet a given requirement. [2.4]

Consider: Front End Design, Database Design, Web Security Issues, Normalization, Use case
design, Pseudo Code, Dataflow Diagram, and Relationship Diagram.

Introduction

Critical evaluation is one of the crucial step of website designing that determines the
functionality and workability of the website. After completing the development of
website each and every aspects should be tested whether the required criteria is fulfilled
or not. While designing website the designer should keep in mind that who are the end
users for whom it is being developed.

The evaluation of website acts as a platform for receiving feedbacks and suggestions for
the improvement of website. It also assist designer to make significant changes on website
through received feedbacks regarding its performance and consistency.

Evaluation of the site is done on the basis of the following:

NIRAJ YADAV 71
WEB APPLICATION DEVELOPMENT

Front end design

The PHP parser (front end) enables the construction of PHP custom analysis tools, or
source transformation tools. It is a member of SD's family of language front ends, based
on first-class infrastructure (DMS) for implementing such custom tools.

For the proposed system, Dreamweaver is the perfect software for developing a website.
It plays a vital role in creating and designing the fully functional website with the use of
different languages like HTML, CSS, and JavaScript etc. We can build the website in
both coding and designing view which is user friendly and allows the user to view the
website in browser also.

When designing a web application, functionality is often placed above everything else.
For the most part, this is a good thing. User mostly uses applications because they are
useful, not because they look pretty. But that does not mean we can ignore good UI
design, or just hit together a generic-looking user interface. Good UI design adds to the
overall user satisfaction of any web application. For the proposed framework i.e. Central
Zoo vehicle reservation framework, Dreamweaver has been utilized with the end goal of
outlining as Dreamweaver is an IDE (Integrated Development Environment) which is
utilized to basically outline and code HTML and CSS.

NIRAJ YADAV 72
WEB APPLICATION DEVELOPMENT

Fig: front end design

Codes used in front end design:

 Cascading sheet style (CSS)- CSS is a latest method that has been used for
designing layout. The use of CSS in website has several advantages and also
considered as best technique for designing purpose. It helps to access the
content and same style can be applied to multiple pages reducing the
repetition of structural content. CSS modularizes the website. Modular code
allows greater design consistency and easier maintenance in the website. Due
to its browser compatibility, more precise formatting, light weight coding,
less time for downloading, bandwidth saving it is preferred as one of the best
technique in web designing. (Wahm, n.d.)
 CSS is used for providing attractiveness in the site. It plays a vital role in
making the user interface attractive. CSS is used in our website to change the
color of the menu bar when the cursor is placed over a certain menu.

NIRAJ YADAV 73
WEB APPLICATION DEVELOPMENT

Fig: Login page design view (CSS used)

Fig: CSS code view implemented in Login Page

JavaScript

Java script is used to add dynamic effect in the web pages and to make highly interactive
website. Since, it is a client side scripting language it doesn’t need to wait for server’s
response and load next page. The use of java script enhances the user experience by

NIRAJ YADAV 74
WEB APPLICATION DEVELOPMENT

creating transitional effect such as fading and sliding animation. It provides endless
integration with user’s plug-ins (Mcmanaway, 2013)

In the proposed system, JavaScript is used to validate forms.

Fig: Code view of sort user

HTML

It stands for Hypertext Markup Language and is used to create web pages which can be
displayed in web browser. The HTML element is written inside the angle bracket (<
HTML>). The designer can change and add the content of website remaining inside the
tag. (Shelly & Woods, 2008)

NIRAJ YADAV 75
WEB APPLICATION DEVELOPMENT

Fig: Design view of login form

Fig: Code view of login form

Front end design has various aims in the designing of a website. Some of the aims are
mentioned below:

 Easy, clear and fast pages creation.

 User friendly interface to provide them the exact information they want.

NIRAJ YADAV 76
WEB APPLICATION DEVELOPMENT

 To reveal the explicit or implicit interconnection between the pages.

 Exposure of legitimacy of the pages.

Back end design

Back end design also refers to the database design of the system. The general purpose in
the development of the database technology has been to delight data as an organizational
source and as an integrated entire. Database management system allows data to be
protected and organize separately from other resources.

The databases are implemented using a DBMS package. Each particular DBMS has
unique characteristics and general techniques for Database Design. Central Zoo Vehicle
Reservation’s web data are managed with the help of phpMyAdmin. When site is visited,
the query programmed in the application query the database to retrieve all the necessary
information and display it in the screen; a typical operation for most of the dynamic site.
However, over time, the speed required for querying the database will increase due to the
number of operations such as insert, updates, and the delete of data entries.

phpMyAdmin

phpMyAdmin is a free software tool which is used to handle the administration of

MySQL over the web. It supports a wide range of operations which includes managing
databases, tables, columns, relations, indexes, users, permissions etc. that can be
performed via user interface (Pataki, 2011)

phpMyAdmin is an easy to use management tool for MySQL that allows us to create and
drop databases, create, drop and modify tables, delete, edit and add fields, execute SQL

NIRAJ YADAV 77
WEB APPLICATION DEVELOPMENT

statements, manage keys on fields, manage privileges and export data in various formats
through a web-based interface.

Fig: phpMyAdmin

The biggest advantages of phpMyAdmin in Central Zoo are that it is web based it runs
on any server capable of handling PHP. Because of this all the online Database
Administration is done using phpMyAdmin. They database management part will be
handled by phpMyAdmin. The phpMyAdmin site cites the following as the features of
phpMyAdmin:

 Browse, view and drop databases, tables, views, fields and

indexes.

 Create, copy, drop, rename and alter databases, tables, fields and
indexes.

NIRAJ YADAV 78
WEB APPLICATION DEVELOPMENT

 Maintain the server, databases and tables, with proposals on server

configuration.

 Execute, edit and bookmark any SQL-statement, even batch-

queries(This will work only in the latest version of phpMyAdmin).

 Create and read dumps of tables - in various formats like CSV,

SQL, etc.

 Export data to various formats: CSV, SQL, XML, Excel and more.

 Control Multiple MySQL servers.

 Manage MySQL users and privileges.

 Check referential integrity in MyISAM tables.

 Using Query-by-example (QBE), create complex queries

automatically connecting required tables.

 Search globally in a database or a subset of it.

 Support InnoDB tables and foreign keys.

 Support mysqli, the improved MySQL extension.

NIRAJ YADAV 79
WEB APPLICATION DEVELOPMENT

Web security issues

Sites are unfortunately prone to security dangers. Along these lines are any systems to
which web servers are joined. Putting aside dangers made by representative utilize or
abuse of system assets, your web server and the webpage it has present your most genuine
wellsprings of security danger.

Security is the major issues for any system or website. Maintaining the security is one the
most important task for the secure connection of the website. If the security is not
maintained the confidential data and information will lose. Here, in the proposed system
for maintaining the security the following methods are used:

Password encryption

For encrypting password, MD5 type has been used which restricts us to view the
password of users' or admin. MD5 transforms a password made of numbers or alphabets
into a long series of alphabets and numbers which make the hackers difficult to break the
password. For example: “Rajesg” is changed to “a23b4adac4be26be93c5badee6fa99e1”.
So we have used this system to encrypt the password of users of our system.

Fig: MD5 implementation

NIRAJ YADAV 80
WEB APPLICATION DEVELOPMENT

Post method: The POST method transfers information via HTTP headers. The
information is encoded as described in case of GET method and put into a header called
QUERY_STRING. The data sent by POST method goes through HTTP header so
security depends on HTTP protocol. By using secure HTTP, the information can be made
secure. We have implemented POST method in our system as doesn’t store the
parameters in the browser history or in web server logs. This make the system little bit
secured. Similarly, the data are also not displayed in the URL and the bookmark facility
is also not available. The data can be resubmitted. During the time of data resubmission,
the users are shown an alert message.

Fig: implementation of POST method

SQL injection:
A SQL injection attack occurs when someone attempts to hack into, or
damage your database by inserting or effecting SQL commands aimed at your
database. The usual methods are either through a textbox on an existing form,
the query string or by creating a custom form designed to inject SQL into your
form handler.
There are two main types of attacks. First-order attacks are when the attacker
receives the desired result immediately, either by direct response from the
application they are interacting with or some other response mechanism, such
as email. Second-order attacks are when the attacker injects some data that

NIRAJ YADAV 81
WEB APPLICATION DEVELOPMENT

will reside in the database, but the payload will not be immediately activated
(Newmanix, 2014).

Protecting Customer

Data By default, all data that transmits to and from your web sites is sent in clear text.
This means that potentially all data sent can be easily captured by others. While it is
possible to "encrypt" our data to make it more difficult to understand by an outsider, it is
not considered a safe practice to do so with sensitive data. If we request sensitive data
from your customers, such as a credit card, you must do so over a secure connection with
SSL.

Secure Socket Layer (SSL)

Requesting a credit card without properly using SSL could render you liable. Only data
sent over SSL is considered to be safe for retrieving credit cards. This is a great method
for a small-scale site and is cost effective.

Cross Site Scripting (XSS)

NIRAJ YADAV 82
WEB APPLICATION DEVELOPMENT

When we present a text, box allowing a user to type in data we are opening ourselves up
to several potential risks. One of these is called Cross Site Scripting (XSS). XSS most
commonly occurs when we do not strip out script tags and other dangerous HTML or
JavaScript when we request information from our users. If we present the data back to
the users, what becomes visible is JavaScript that can popup a new window, redirect the
user to their site, which may masquerade as ours, or even copy our cookie data first, then
send it to their site. THIS is how cookies are dangerous!

Here is some JavaScript code, provided for us to demo an XSS hack: <SCRIPT
SRC=http://ha.ckers.org/xss.js></SCRIPT>

Normalization

Normalization also common word for database normalization is the process of organizing the
attributes and relations of relational database to reduce data redundancy and improve data integrity.

Normalization is a systematic approach of decomposing tables to eliminate data redundancy and

undesirable characteristics like Insertion, Update and Deletion Ana molies. It is a multi-step
process that puts data into tabular form by removing duplicated data from the relation tables.
(studytonight, 2016).

Database normalization, or simply normalization, is the process of organizing

the columns (attributes) and tables (relations) of a relational database to reduce data
redundancyand improve data integrity. Normalization is also the process of simplifying the
design of a database so that it achieves the optimal structure. It was first proposed by Edgar F.
Codd, as an integral part of a relational model.

Normalization involves arranging attributes in relations based on dependencies between

attributes, ensuring that the dependencies are properly enforced by database integrity constraints.
Normalization is accomplished by applying some formal rules either by a process of synthesis or
decomposition. Synthesis creates a normalized database design based on a known set of

NIRAJ YADAV 83
WEB APPLICATION DEVELOPMENT

dependencies. Decomposition takes an existing (insufficiently normalized) database design and

improves it based on the known set of dependencies.

Edgar F. Codd, the inventor of the relational model (RM), introduced the concept of
normalization and what is now known as the first normal form (1NF) in 1970. Codd went on to
define the second normal form (2NF) and third normal form (3NF) in 1971, and Codd
and Raymond F. Boyce defined the Boyce-Codd normal form (BCNF) in 1974. Informally, a
relational database relation is often described as "normalized" if it meets third normal form. Most
3NF relations are free of insertion, update, and deletion anomalies.

Querying and manipulating the data within a data structure that is not normalized, such as the
following non-1NF representation of customers, credit card transactions, involves more
complexity than is really necessary:

To each customer corresponds a repeating group of transactions. The automated evaluation of any
query relating to customers' transactions, therefore, would broadly involve two stages:

1. Unpacking one or more customers' groups of transactions allowing the individual

transactions in a group to be examined, and

NIRAJ YADAV 84
WEB APPLICATION DEVELOPMENT

2. Deriving a query result based on the results of the first stage

For example, in order to find out the monetary sum of all transactions that occurred in October
2003 for all customers, the system would have to know that it must first unpack
the Transactions group of each customer, then sum the Amounts of all transactions thus obtained
where the Date of the transaction falls in October 2003.

One of Codd's important insights was that this structural complexity could always be removed
completely, leading to much greater power and flexibility in the way queries could be formulated
(by users and applications) and evaluated (by the DBMS). The normalized equivalent of the
structure above would look like this:

In the modified structure, the keys are {Customer} and {Cust. ID} in the first relation, {Cust. ID,
Tr ID} in the second relation.

Now each row represents an individual credit card transaction, and the DBMS can obtain the
answer of interest, simply by finding all rows with a Date falling in October, and summing their
Amounts. The data structure places all of the values on an equal footing, exposing each to the
DBMS directly, so each can potentially participate directly in queries; whereas in the previous

NIRAJ YADAV 85
WEB APPLICATION DEVELOPMENT

situation some values were embedded in lower-level structures that had to be handled specially.
Accordingly, the normalized design lends itself to general-purpose query processing, whereas the
unnormalized design does not. The normalized version also allows the user to change the
customer name in one place and guards against errors that arise if the customer name is
misspelled on some records.

Use case design

A use case diagram is a graphic depiction of the interactions among the elements of a system.

A use case is a methodology used in system analysis to identify, clarify, and organize system
requirements. In this context, the term "system" refers to something being developed or operated,
such as a mail-order product sales and service Web site. Use case diagrams are employed
in UML (Unified Modeling Language), a standard notation for the modeling of real-world objects
and systems.

System objectives can include planning overall requirements, validating a hardware design, testing
and debugging a software product under development, creating an online help reference, or
performing a consumer-service-oriented task. For example, use cases in a product sales
environment would include item ordering, catalog updating, payment processing, and customer
relations. A use case diagram contains four components.

 The boundary, which defines the system of interest in relation to the world around it.
 The actors, usually individuals involved with the system defined according to their roles.
 The use cases, which are the specific roles played by the actors within and around the
system.
 The relationships between and among the actors and the use cases.

A use case diagram looks something like a flowchart. Intuitive symbols represent the system
elements. Here's a simple example:

NIRAJ YADAV 86
WEB APPLICATION DEVELOPMENT

Pseudo Code

Pseudo code is detailed description of what a computer program or algorithm must do. It
is sometime used as a detailed step in the process of developing a program. Pseudo code
allows designers or lead programmers to express the design in great detail and also provides
programmers a detail template for the next step of writing code in a specific programming
language (Techtarget n.d). The Pseudo-code for the proposed design of Mtech college is
as follows:
For Main Form:
 Step 1: Start program.
 Step 2: Login form appears where a registered user inputs the username and
password.
 Step 3: Based on the username and password, the users are of three types,
manager, clerk and scetary users and also supplier. That is checked by the
interaction of application and database records.

NIRAJ YADAV 87
WEB APPLICATION DEVELOPMENT

 Step 4: If the user is supplier, then the user check for ‗login as supplier‘
button.
 Step 5: Then, the application runs in three different conditions.

For User Registration:

 Step 1: At the first stage, login form appears where a registered user can input
username and password.
 Step 2: Then the user can shift from login to main form entering ‗Enter‘
button if only the username and password matches. Otherwise, the error
message displays.
 Step 5: User can log out by clicking on Log Out from main menu.

For Admin User:

Being the admin, this type of users can do various activities on the application. The proceeds are
further fragmented onto following steps.

 Step 1: All the mainStrip as well as sub menuStrip are enabled for this type of users.
 Step 2: Admin Login have lot of options available in the Central Zoo like user
Registration, Manage Food, Add animals species etc.
 Step 3: View helps admin to manage zoo by providing services like adding, updating and
deleting .
 Step 4: Then the admin can log out from the application only clicking the ‗Logout‘
message on dialog message

Dataflow Diagram

A data flow diagram (DFD) is a graphical representation of the "flow" of data such as customer
names and transaction details through an information system like the point of sale(POS) software

NIRAJ YADAV 88
WEB APPLICATION DEVELOPMENT

that would be installed on a register. A DFD is often used as a preliminary step to create an
overview of the system without going into great detail, which can later be elaborated. DFDs can
also be used for the visualization of data processing (structured design).

A DFD shows what kind of information will be input to and output from the system, how the data
will advance through the system, and where the data will be stored. It does not show information
about process timing or whether processes will operate in sequence or in parallel, unlike a
traditional structured flowchart which focuses on control flow, or a UML activity workflow
diagram, which presents both control and data flows as a unified mode

Relationship Diagram

An entity relationship diagram (ERD) shows the relationships of entity sets stored in a database.
An entity in this context is a component of data. In other words, ER diagrams illustrate the logical
structure of databases.

At first glance an entity relationship diagram looks very much like a flowchart. It is the specialized
symbols, and the meanings of those symbols, that make it unique.

NIRAJ YADAV 89
WEB APPLICATION DEVELOPMENT

When documenting a system or process, looking at the system in multiple ways increases the
understanding of that system. ERD diagrams are commonly used in conjunction with a data flow
diagram to display the contents of a data store. They help us to visualize how data is connected in
a general way, and are particularly useful for constructing a relational database.

Conclusion:

In this task, we have considered and shown all the pre-requisites before codding/ writing a program
i.e. pseudo-codes, front end design, use-case diagram, etc. Those all prerequisites help a coder to
actually know the flow of the program and use those requisites in the different field of
programming. The main aim of performing such requisites ins that we a coder/programmer needs
to understand/solve all the elements and a coder only writes the codes when all the prerequisites
are fulfilled according to the need of the application and in designing the Central Zoo application
we have done the same and provided all the algorithms, pseudo codes, diagrams that helps a coder
to understand the nature of the application and code the program accordingly.

NIRAJ YADAV 90
WEB APPLICATION DEVELOPMENT

Task 5

Implement a web application to a prepared design using client-side and server-side scripting
languages. Also, implement a web enabled database management system to store, retrieve and
manipulate data in web application and identify and implement opportunities for error handling
and reporting. [3.1, 3.2, 3.3]

Introduction

For the development of ―Central Zoo application the company has hires me to develop their
application. So, as a developer in this tasks my work is to implement the server-side and client-
side programming solution based on the prepared design specification. This task consists of the
physical and logical design for the system for Central zoo has been demonstrated in the previous
section of the report. The next step of a system development lifecycle demands for the design to
be implemented. The implementation phase includes the actual coding of the system along with
creating the database.

Implement a web application to a prepared design using client-side and server-side scripting
languages. [3.1]

Home Page

NIRAJ YADAV 91
WEB APPLICATION DEVELOPMENT

Use of Home Page

A home page is generally the main page a visitor navigating to a website from a web search
engine will see, and it may also serve as a landing page to attract visitors. The home page is used
to facilitate navigation to other pages on the site by providing links to prioritized and recent
articles and pages, and possibly a search box. This homepage is used to attract users to create an
account. Once they are logged in, the homepage they will be redirected to their profile page.

Fig. Login Page

Use of Login Page

This page is used for pervious user to login to their account.

Code View

NIRAJ YADAV 92
WEB APPLICATION DEVELOPMENT

Dashboard Design

Fig. Dashboard Design

NIRAJ YADAV 93
WEB APPLICATION DEVELOPMENT

Use of Dashboard

This page contain all the menu and record of central zoo.

Code View

User Design

1. Add User

NIRAJ YADAV 94
WEB APPLICATION DEVELOPMENT

Fig. Add User Design

Use of Add User Page

This page help admin to add the different type of user in central zoo. Such as manager, clerk,
supplier.

Code View

2. List User Design View

NIRAJ YADAV 95
WEB APPLICATION DEVELOPMENT

Fig. List User

Use of List User

This page contain all the user present in the system, which help to know how many user
are active also from this page admin can delete unwanted user and can edit the user
details.

Code View

NIRAJ YADAV 96
WEB APPLICATION DEVELOPMENT

Supplier Design

1. Add Supplier

Fig. Add Supplier Design View

Use of Supplier Page

This page help user to add the new supplier for central Zoo.

Code View

NIRAJ YADAV 97
WEB APPLICATION DEVELOPMENT

2. List Supplier

Fig. List Supplier Design View

Use of Supplier Page

This page help user to check the supplier details presented in the system. Also user can
edit, delete the supplier.

Code View

NIRAJ YADAV 98
WEB APPLICATION DEVELOPMENT

Zoo Area

Fig. Zoo Area Design

Use of Zoo Area

This page help to add zoo area and also list the zoo area in central zoo. Also all the description
and area in charge also be listed in this page

Code View

NIRAJ YADAV 99
WEB APPLICATION DEVELOPMENT

Animal / Species

1. Animal Species

Fig. Animal Species

Use of animal species page

This page help user to add the species of animal present in the central zoo, which help
user to know the all details about the species.

NIRAJ YADAV 100

WEB APPLICATION DEVELOPMENT

Code View

2. Add-List Animal

Fig. Add-List Animal

NIRAJ YADAV 101

WEB APPLICATION DEVELOPMENT

Use of Add-List Animal

This page help to add the animal, by selecting the species and also the number of animal
presented in zoo area, this help to track the record of all the animal detail.

Code View

Food Items

Fig. Design View of Food Item

NIRAJ YADAV 102

WEB APPLICATION DEVELOPMENT

Use of Food Item

This page help to add the food item details along with the price, also help to view and help to
calculate the available food item in stock, which help to determine the quantity of item present
in the store.

Code View

Food Item Report

1. Daily- Taken out food

NIRAJ YADAV 103

WEB APPLICATION DEVELOPMENT

Fig. Daily- Taken out food Design

Use of Daily-Taken out Food Page

This page show all the food item that is taken out along with their quantity and food type,
which help user to determine how much food is taken out per day.

Code View

2. Foods- To be order

NIRAJ YADAV 104

WEB APPLICATION DEVELOPMENT

Use of Food- To be order

This page show the food item that is out of stock.

Code Use

NIRAJ YADAV 105

WEB APPLICATION DEVELOPMENT

Orders

1. Make Order

Fig. Make Order Design

Use of make order

This page is created to make order of food item which is not in stock.

Code View

NIRAJ YADAV 106

WEB APPLICATION DEVELOPMENT

2. All Order

Fig. All order Design

Use of all order design

This page show the order item and also show whether the supplier verified the order
status and all other information.

Code View

NIRAJ YADAV 107

WEB APPLICATION DEVELOPMENT

Justification of design:

The application of ―Central Zoo has been design under the requirement of the company. This site
has been design with various design process and methods for the development of application.

Considering all the requirement of the Central Zoo web application has been designed. The project
has been developed using php language as its back-end. In order manage the file structure of the
developed project. 3-module architecture has been used. Three layers include Controller, model
and View. This layer helps to handle the errors of the project as well as mage the file structure.

In its front-end part the project has been developed using HTML, CSS and bootstrap. With all this
programming language and tools used in the project has helped the project to full responsive

NIRAJ YADAV 108

WEB APPLICATION DEVELOPMENT

design. Since, the developed project is full responsive it is supported in any kind of devices that
may be laptops, mobiles or tablets. Furthermore, the use of CSS has helped in making the project
more attractive and user friendly. Project also uses JavaScript as some part of the project has
animation and dropdown features.

The design is made in simple color and easy fonts. The any types of user will be able to view
contains. Central Zoo web application uses MYSQL as its DBMS. For the betterment of the project
all the database part of the table has been managed using store procedure. Store procedure has been
used as it helps to increase the security of the project. The form is written in the simple language
which will be understood by every user.

Hence, the design is of simple concept and made with simple designing methods. Simple web
templates have been used for front end design and MYSQL data base for the back end. Forms,
simple fonts, simple color, and navigation have been used in designing of front end. Whereas for
back end very simple design has been used which an admin can easily use and make changes.
Different tables have been made where all the information about the users and student as well as
department, employees, course details can be maintained and kept safe.

Also, implement a web enabled database management system to store, retrieve and manipulate
data in web application. [3.2]

Introduction

Database is the system, which help to store all the information, here while developing the web
application for central zoo, I have used MySQL database management system. This database play
a vital role, while many information need to be store, as the central zoo is larger company. Below
are the implementation of web enabled database management system.

NIRAJ YADAV 109

WEB APPLICATION DEVELOPMENT

Fig. PHPMYADMIN

Adding user in database from form

Finally it is show in the list user page, now lets check in the database

NIRAJ YADAV 110

WEB APPLICATION DEVELOPMENT

It is successfully displayed in the database.

Editing User

I have edited the email id and designation and updated,

It show that it has been successfully updated, now lets check in database

NIRAJ YADAV 111

WEB APPLICATION DEVELOPMENT

Thus, the information has been successfully updated.

Deleting User

While I have deleted karuna user from the application, while I click the delete button it pop up the
conformation message, and when I clicked OK the following screen appear.

Thus, it show user has been successfully deleted now let’s check in database.

NIRAJ YADAV 112

WEB APPLICATION DEVELOPMENT

Thus, the user has been successfully deleted.

Identify and implement opportunities for error handling and reporting. [3.3]

Introduction:

In this task as an application developer I have to identify and implement opportunities for error
handling and reporting. Basically, error is a bug in a program that causes it to operate incorrectly,
but not to terminate abnormally (or crash). A logic error produces unintended or undesired output
or other behavior, although it may not immediately be recognized as such. Error is not meant to
catch as even if we catch it we cannot recover from it. Errors are often fatal in nature and recovery
from Error is not possible which is different in case of Exception which may not be fatal in all
cases.

There are different types of error:

 Syntax errors: errors due to the fact that the syntax of the language is not respected.
 Semantic errors: errors due to an improper use of program statements.
 Logical errors: errors due to the fact that the specification is not respected.

NIRAJ YADAV 113

WEB APPLICATION DEVELOPMENT

How error can be handled?

Error handling refers to the anticipation, detection, and resolution of programming, application,
and communications errors. Specialized programs, called error handlers, are available for some
applications. In programming, a development error is one that can be prevented. Such an error can
occur in syntax or logic. Syntax errors, which are typographical mistakes or improper use of special
characters, are handled by rigorous proofreading. Logic errors, also called bugs, occur when
executed code does not produce the expected or desired result. Logic errors are best handled by
meticulous program debugging. This can be an ongoing process that involves, in addition to the
traditional debugging routine, beta testing prior to official release and customer feedback after
official release.

A run-time error takes place during the execution of a program, and usually happens because of
adverse system parameters or invalid input data. An example is the lack of sufficient memory to
run an application or a memory conflict with another program. On the Internet, run-time errors can
result from electrical noise, various forms of malware or an exceptionally heavy demand on a
server. Run-time errors can be resolved, or their impact minimized, by the use of error handler
programs, by vigilance on the part of network and server administrators, and by reasonable security
countermeasures on the part of Internet users.

Error Handling/Exception Handling and Reporting

Error handling is one of the major parts of any programming language. The way to handle any
error so generated during program execution is totally controlled by a programmer and is a best
way to practice during development. All application is needed to handle error in the most unfailing
method during execution. If an error is generated then the application throws an exception. The
exception can be any error, condition or unexpected behavior during program execution.

PHP framework itself provides an object form a class called system.exception for any exception
in application. If there is any error then this exception is thrown. As exception is thrown, the

NIRAJ YADAV 114

WEB APPLICATION DEVELOPMENT

application then call stacks the exception where it can handle the error. If the application cannot
find the solution for error then the browser display the error for client. One of the best practices
among the programmer is to use try and catch method. In this process, a code is first tested on a
try and if the code is unsuccessful then it goes to catch to generate error either in message or log
form which can be set in error reporting structure.

There are three ways to Exception handling :

Try-catch block:

This is also called Structured Exception Handling (SEH). Enclose code that accesses files,
databases, and so forth inside a try-catch block because access to those resources might be denied
due to various reasons causing an exception. The third part of this block is finally. It is executed
irrespective of the fact that an exception has been raised. Hence, use the finally block to complete
the housekeeping jobs.

Error Events:

There are three different error events that can be used in conjunction with SEH so that all
exceptions are handled and the user is presented with a user-friendly error message.

Custom Error Page:

Use custom error page to handle HTTP exceptions such as page not found, unauthorized access,
and so forth.

For the “Central Zoo” application I had mainly used try catch method for error handling.

NIRAJ YADAV 115

WEB APPLICATION DEVELOPMENT

Fig. if-else code example

Reporting:

Reporting mechanism is the process to collect the requirement of the company so that it can be
implemented to the application system. There is various process of information collection
mechanism. Some of the methods that can be used to gather the information require ―Central Zoo
is questionnaires, interview, and observation.

Interviews: This method is used to collect the information from groups or individuals. Analyst
selects the people who are related with the system for the interview. In this method the analyst sits
face to face with the people and records their responses. The interviewer must plan in advance the
type of questions he/ she is going to ask and should be ready to answer any type of question. He
should also choose a suitable place and time which will be comfortable for the respondent. The
information collected is quite accurate and reliable as the interviewer can clear and cross check the
doubts there itself. This method also helps gap the areas of misunderstandings and help to discuss
about the future problems. Structured and unstructured are the two sub categories of Interview.
Structured interview is more formal interview where fixed questions are asked and specific
information is collected whereas unstructured interview is more or less like a casual conversation
where in-depth areas topics are covered and other information apart from the topic may also be
obtained.

NIRAJ YADAV 116

WEB APPLICATION DEVELOPMENT

Observations: Unlike the other fact finding techniques, in this method the analyst himself visits
the organization and observes and understand the flow of documents, working of the existing
system, the users of the system etc. For this method to be adopted it takes an analyst to perform
this job as he knows which points should be noticed and highlighted. In analyst may observe the
unwanted things as well and simply cause delay in the development of the new system. (Dennis,
2012)

Questionnaires: It is the technique used to extract information from number of people. This
method can be adopted and used only by a skillful analyst. The Questionnaire consists of series of
questions framed together in logical manner. The questions are simple, clear and to the point. This
method is very useful for attaining information from people who are concerned with the usage of
the system and who are living in different countries. The questionnaire can be mailed or send to
people by post. This is the cheapest source of fact finding. (Roth, 2011)

Conclusion:

In this task we have implement the php programming solution on the prepared design, to meet the
requirement in the scenario. Also, we have implemented the event handling to meet the design
algorithm for event handling we have covered the two types of Control Structures that .php
supports: Conditional Statements and Control Loops. These Structures are at the core of
controlling program flow; the concepts introduced here will be used extensively from now on. In
order to fulfill the requirement of the given task consideration has been made into the topic such
as event handling, exceptional handling and many more. This entire topic has been well explained
along with the screen shots of that implementation done in .php programming solution of Central
Zoo. Furthermore, the entire considered topic has been explained along with the justification. And
at last overall justification has been made for the overall programming solution. Hence, we can
say that design of methods/techniques has been made all overall requirement of the task has been
well fulfilled.

NIRAJ YADAV 117

WEB APPLICATION DEVELOPMENT

Task 6

Critically review and test a web application using a web enabled database management system
and analyses the actual test result against expected results to identify discrepancies. [4.1, 4.2]

Introduction

Web application testing, a software testing technique exclusively adopted to test the applications
that are hosted on web in which the application interfaces and other functionalities are tested.
Complete testing of a web-based system before going live can help address issues before the
system is revealed to the public. Issues such as the security of the web application, the basic
functionality of the site, its accessibility to handicapped users and fully able users, its ability to
adapt to the multitude of desktops, devices, and operating systems, as well as readiness for
expected traffic and number of users and the ability to survive a massive spike in user traffic, both
of which are related to load testing.

Unit Testing

Unit testing is a software development process in which the smallest testable parts of an
application, called units, are individually and independently scrutinized for proper operation. Unit
testing can be done manually but is often automated.

S. N. Test date What was Expected Actual Remarks

tested output output
Unit testing

1. 1/4/2018 Navigation Internal and The links Broken links

links external are are not found
links working and navigation
function well

NIRAJ YADAV 118

WEB APPLICATION DEVELOPMENT

is working
properly.

2. 1/4/2018 Internal links The links The links Site navigation

function well are is working
working properly

NIRAJ YADAV 119

WEB APPLICATION DEVELOPMENT

3. 1/4/2018 Buttons Buttons The buttons Buttons are

enable to are working
enter the working properly
page as
clicked

4. 1/4/2018 Admin panel- The links The links Links are

Links function well are working
working properly

NIRAJ YADAV 120

WEB APPLICATION DEVELOPMENT

Integrated testing

Testing in which modules are combined and tested as a group. Modules are typically code modules,
individual applications, client and server applications on a network, etc. Integration Testing
follows unit testing and precedes system testing.

S.N. Test date What was Expected Actual Remarks

tested output output
1. 1/4/2018 User handling Able to User is functions are
create, able to working well
update and handle
delete users these
operations
Addition of users

NIRAJ YADAV 121

WEB APPLICATION DEVELOPMENT

Delete users

2. 1/4/2018 Making order Able to Users are The order process

make order able to is working properly
make
order

NIRAJ YADAV 122

WEB APPLICATION DEVELOPMENT

3. 1/4/2018 Sub headings Should be Users are The sub headings

able to view able to are working
subheadings view them properly

Stress testing

Testing conducted to evaluate a system or component at or beyond the limits of its specified
requirements to determine the load under which it fails and how. A graceful degradation under
load leading to non-catastrophic failure is the desired result. Often Stress Testing is performed
using the same process as Performance Testing but employing a very high level of simulated load.

NIRAJ YADAV 123

WEB APPLICATION DEVELOPMENT

S.N. Test date What was Expected Actual Remarks

tested output output
1. 1/4/2018 Form Should It show functions are working
Validation show error the error well
if any field unless
in the form the form
is empty is valid

Compatibility Testing

Testing to ensure compatibility of an application or Web site with different browsers, OSs, and
hardware platforms. Compatibility testing can be performed manually or can be driven by an
automated functional or regression test suite.

S.N. Test date What was Expected Actual Remarks

tested output output

NIRAJ YADAV 124

WEB APPLICATION DEVELOPMENT

1. 1/4/2018 Compatibility Should In chrome functions are

testing open in any as well as working well
internet internet
explorer as explorer,
well as the web
chrome or application
any work
browser perfectlt
with same
function
In Chrome

In internet Explorer

NIRAJ YADAV 125

WEB APPLICATION DEVELOPMENT

Critical review:

Introduction

Central Zoo is a leading dynamic website for the central zoo web system which is built to meet the
clients and users requirements. It is made with attractive user interface, tools and techniques. It has
an efficiency of reserving any kinds of adding food item, user registration, and login and so on. It
has been successfully tested which has user handling methods, error handling methods, add, update
and delete users and food, etc.

Body

Central Zoo application is all about reserving vehicles, registering users and adding, managing
food, animal. Central Zoo web application is very simple and user friendly. In its home page it
contains the registration, login, admins and users page. Admins has provisions to add, update and
delete users. Users has provisions to view food, animal and manage food. Admin can also get
access into phpmyadmin and view database. Although, Central Zoo application contains various
features along with it, it also contains many drawbacks. The website has been developed in very
short period of time so the security options has not been embedded. The Central Zoo application
should be updated.

Conclusion

The developed Central Zoo application is a beneficial recommended dynamic website which is
built with excessive user friendly environment. It meets the client’s requirement.

Task 7

Critically evaluate independent feedback on a developed web application and make

recommendations for improvement [4.3]

NIRAJ YADAV 126

WEB APPLICATION DEVELOPMENT

Introduction:

“Central Zoo Nepal”, established basically as the private zoo by late Prime Minister, the
Central Zoo is the only zoo in Nepal. The NTNC has developed plans and policies to maintain
the zoo and improve the living conditions of animals. The Central Zoo is a 6-hectare zoo in
Jawalakhel, Nepal. It is home to some 870 animals in 109 species, and is operated by the
National Trust for Nature Conservation (NTNC). However, the top management of Central
Zoo is realizing the need to use customized Web Application Automated System in place of
manual methods to keep up with the times. Since the Applications are completely browser
based and require no installation or any additional software, these customized Web
Applications are uniquely suited to all their needs.

The World Wide Web has become a major delivery platform for a variety of complex and
sophisticated enterprise applications. For better and efficiency website, it need to be critically
evaluate because if there is a problem in site then it will solve problems systematically, detect
inconsistencies and common mistakes in reasoning and identify the relevance and importance
of ideas. Mainly it helps to provide feedback for development and presentation of website.

Application developer need to critically evaluate the site because it helps them to take feedback
which helps them in excellence performance of website and web based system development.
Web designer activities extend the entire Web life cycle from conception of an application to
development and deployment, and continual refinement and update/upgrade systems. For
efficiency of website designers need to evaluate the website on interface design, coding
architecture, database design and security concerns (Essays, 2014).

The following discussion is now on the evaluation and interpretation of how has the system
benefited and have it met all the requirements from both user and zoo. We will eventually see
how these things might affect the business and what can be done to improvise even more.

NIRAJ YADAV 127

WEB APPLICATION DEVELOPMENT

Independent Feedback

Feedback Given By: Signature:

Ram Khadkha

Date:

Project Description (in brief): “Central Zoo Nepal”, established basically as the private
zoo by late Prime Minister, the Central Zoo is the only zoo in Nepal. The NTNC has
developed plans and policies to maintain the zoo and improve the living conditions of
animals. The Central Zoo is a 6-hectare zoo in Javalike, Nepal. It is home to some 870
animals in 109 species, and is operated by the National Trust for Nature Conservation
(NTNC). However, the top management of Central Zoo is realizing the need to use
customized Web Application Automated System in place of manual methods to keep up
with the times. Since the Applications are completely browser based and require no
installation or any additional software, these customized Web Applications are uniquely
suited to all their needs. In view of such, they have hired an IT manager to collaborate with
a developer to build an application for their business. The IT manager is tasked with looking
for a professional web application to meet the given requirements of Central Zoo.

Purpose of the developed “Central Zoo Application web application”: The main propose
of design of Central Zoo is to automate the information and record of every system in a user
friendly manner and to ensure Central Zoo that I had understand the concepts of web
application development and I am able to design , implement and test web application

NIRAJ YADAV 128

WEB APPLICATION DEVELOPMENT

Important Features of the The important features of the projects are:

Project

 Multi-site Support

 Multi-tier security provides authorization and

control at various stages.

 Workflow automation and management

 Ease of use

 Graphical point and click interface

 Ease of maintenance and extensibility

 It has the facilities of login for the Member and

Admin login.

 Resources Optimization

 The design of the project has been made using

CSS and bootstrap. It means the developed
project is full responsive and supports any device
that may be either laptop ‘s, mobile or tablets.
Proper validation had been made in all the forms
of the project. Hence, if any type of error found
then the error message will be displayed.

NIRAJ YADAV 129

WEB APPLICATION DEVELOPMENT

 This project has been developed using MSQL as

an DBMS also store procedure methods has been
used in order to store the data into the DBMS
hence, data are systematically stores in database
this makes the project systematic and secured.

Checklist Yes No Comments

Does the project fulfill its  Project is designed with

objectives? different modules like system
user, animal-species, zoo area
etc. as per the requirement.

Is the information up-to-date and  The pages have up-to-date

accurate? information which makes the
project reliable and useful.

Does the link in the page works?  The linked pages work as
desired and all link pages works
with their respective pages

Is the navigation through the page  The visitors can navigate

easy? through the page conveniently
as the pages are of light weight
and load quickly. Therefore,

NIRAJ YADAV 130

WEB APPLICATION DEVELOPMENT

users can save their time and

gather the required information

Is the Project Compatible with  The project is compatible with

different browsers all browsers like Chrome,
internet explorer, Firefox etc.

Is project accessible?  The project is accessible to

wide range of people . The
website uses appropriate color
combination and text size.

Does the system fulfill the  The system has the entire
requirement of Central Zoo? requirement as per the necessity
of the clients so yes it obviously
fulfills zoo requirements.

Have been critically tested and  Yes, the system is critically

reviewed the system or not? tested and reviewed.

Significance of the Project The significance of the project are:

 The developed system helps the admin to

search and update information and
decrease useless information and
repeated information for the future.

NIRAJ YADAV 131

WEB APPLICATION DEVELOPMENT

 Helps in zoo area tracking management

and reporting

 Assuming data are entered and

manipulated correctly

 Increase ability for system to interact

with one another

 Environmentally friendly due to

reduction of paper and financial use.

 User interface of the system for the client

is interactive which attracts the eyes of
the visitors.

 User can get the detail information about

the zoo area, system user and order
process.

 Web forms are contained in files with an

―.php extension and these files are
normally containing dynamic HTML
markup.

Project Limitation The limitations of the projects are:

NIRAJ YADAV 132

WEB APPLICATION DEVELOPMENT

 Specific reports cannot be generated by

the system.

 Security is one of the biggest worries

systems must be designed to prevent
unauthorized access to sensitive and
confidential data.

 The user interface for the admin panel is

of simple type.

 Regular updates along with php can be

integrated removing the older
components.

 Some essential designing features may

have compatible issue.

Feedback Evaluation

Feedback Evaluated By: Signature:

Hari Basnet

NIRAJ YADAV 133

WEB APPLICATION DEVELOPMENT

Date:

System Evaluation

Central Zoo system using .php Framework. A newly computerized web application is
developed for the proper management of the company activities and information to save.
The newly develop application on .php Framework was design with famous tools like
sublime and MYSQL Management studio have been used. HTML, CSS and Web forms are
contained in files with an ―.php‖ extension and these files are normally containing static
HTML markup has been used for proper management of the forms and the coding
management. Simple .PHP Framework programming principles have been used for proper
programing and uplifting with latest technology. All the possible security options have been
used to minimize the web risk caused in the programing. Error and Exceptional handling
have been used.

NIRAJ YADAV 134

WEB APPLICATION DEVELOPMENT

Interface

User interface design (UID) or user interface engineering is the design of websites, computers,
appliances, machines, mobile communication devices, and software applications with the focus
on the user's experience and interaction. The goal of user interface design is to make the user's
interaction as simple and efficient as possible, in terms of accomplishing user goals what is often
called user-centered design. User interface design requires a good understanding of user needs.
There are several phases and processes in the user interface design, some of which are more
demanded upon than others, depending on the project .

The web application for Central Zoo is designed as per the requirement of the user. The website
is designed considering the different things like graphic, images, font style and so on, which
makes the site beautiful and attractive. Users can find it easy to navigate through the sites and
understand contents of each page by its title easily. Not only have the visitors, Admins of this
site felt easy to maintain this website. There are various features in admin panel which makes
the editing of website easy and less time consuming

Database Design

The database is a crucial part of any application that needs dynamic data management. One
can store, update and release any type of data and information into the database system. Now
to develop the Central Zoo, we have used MYSQL server which in present is one of the
leading database management system. MYSQL server is easy to handle and has lots of
advantage over other DBMS. Database usually has tables and relation between the tables
and only administrator can work with database after development.

NIRAJ YADAV 135

WEB APPLICATION DEVELOPMENT

Fig. database table for Central Zoo

Security

Security is now one of the leading concerns for any developers or programmers. Every
application is vulnerable to online crime like hacking, sniffing, phishing and data theft.
There is always a possibility that attackers might be trying to find a hole in the website for
data leakage, credit card number or bombarding website with denial of service. Keeping all
these in mind, the system is developed with security measures where we tried to avoid all
possible threats.

 PHP offer a method to limit user access to the system by analyzing authenticated user’s
credentials with Microsoft Windows NT file system permissions or to an XML file that
lists authorized users along with their credential and HTTP protocols.
 Code access security uses permissions to help limit the access that code has to protected
resources and operations. It helps protect computer systems from malicious mobile code
and helps provide a way to allow mobile code to run safely.

NIRAJ YADAV 136

WEB APPLICATION DEVELOPMENT

 Role-based security provides information needed to make decisions about what a user is
allowed to do. These decisions can be based on either the user's identity or role
membership, or both.

Recommendation

The system so developed was developed under professional developer’s guidance using
latest development modules. All the application used during development are well updated
and well equipped. Even though the application operated well and met all the goals, it still
lacks on some aspect. The user interface is simple which might not really be that user
friendly. The fonts and color are only based on developer’s perspective with minimal user
opinion. So it is essential to understand to what changes are must for even better system.

 Improved interface with new graphics and images

 New version of PHP and MYSQL server for better security and performance
 Improved fonts and text with latest user accommodation

Conclusion:

The evaluation of independent feedback and the comparison with the other website lead to
a better understanding of where the new website stands strong and points out where it can
be improved. The recommendations made are the conclusions of the analysis of the
independent feedback. The suggested recommendation can improve the quality of the
website if applied. In todays‘ world website is the very important source for collecting
information, purchasing and selling goods. The website should function properly and
provide the correct and up-to-date information.

NIRAJ YADAV 137

WEB APPLICATION DEVELOPMENT

Though the designed website works properly and displays proper information, there is
always a room to improve and be better. Therefore, ―Central Zoo should try to include the
recommended functions to make the best use of website for improving their the use of
website convenient to visitors.

Task 8

Create documentation for a web developed application. [4.4, M3]

Consider: You need to create the technical as well as the non-technical documentation

 Background of the scenario under which the system was designed and implemented.
 Identification of the problem of the application.
 Screenshots of the designed pages along with the code written for different pages and
event handling mechanisms
 Gantt chart illustrating the graph of schedule and tasks.

NIRAJ YADAV 138

WEB APPLICATION DEVELOPMENT

Technical Documentation

For

Web Developed Application

Developed By: Niraj Yadav

Introduction

Central Zoo Nepal”, established basically as the private zoo by late Prime Minister, the Central
Zoo is the only zoo in Nepal. The NTNC has developed plans and policies to maintain the zoo and

NIRAJ YADAV 139

WEB APPLICATION DEVELOPMENT

improve the living conditions of animals. The Central Zoo is a 6-hectare zoo in Jawalakhel, Nepal.
It is home to some 870 animals in 109 species, and is operated by the National Trust for Nature
Conservation (NTNC). However, the top management of Central Zoo is realizing the need to use
customized Web Application Automated System in place of manual methods to keep up with the
times. Since the Applications are completely browser based and require no installation or any
additional software, these customized Web Applications are uniquely suited to all their needs.

Overview:

This is a sophisticated system for maintaining all the record of the Zoo and improve the living
conditions of animals. The application includes the functionalities/operations of various modules
such as system users, suppliers, zoo areas, animal-species, food stock, orders and reports. The
implemented system limit its functionality as per the logged in user, for egg. top management users
is able to view the generated reports and secretary users should be able to take-out/order food
items.

Its main purposes are:

 Provide clear relationship among the functions specification and the overall technical design
part of the system.
 Clearly illustrate the architecture of the designed system.
 Helps user to understand the overall system for organizational use after being implemented.

Problem identification: The ―Central Zoo web applicatio may have some problem during
developing processes, they are:

 potential/actual contaminants of concern

 potential pathways
 potential receptors

NIRAJ YADAV 140

WEB APPLICATION DEVELOPMENT

 Areas of uncertainty.

Systems Used

For designing the Central Zoo web application pho has been used. It is an open source
service-side web application framework designed for web development to produce
dynamic websites. PHP is developed for allowing the programmers to build dynamic
websites, web applications and web services.

Areas Addressed

PHP is the best tool to create web application which easily fulfills the need of Central Zoo web
application requirements. From the requirements provided, admin will be in-charge of
administering the database and the users. The administrator can manage all zoo and view or
respond to quotes from guest. The administrator is responsible to keep the track of request for new
registration, updating, deleting and control of user and other details. The administrators will have
access to all the modules.

Designing the layout

To design the user interface of Central Zoo, Different programming language was used for creating
the application of Central Zoo. Some of the languages used for developing the layout are.

NIRAJ YADAV 141

WEB APPLICATION DEVELOPMENT

Fig. Design Layout of Central Zoo

HTML

The HTML programming language is used as the base in the website. The standard for using
HTML has been followed in all the pages. The websites uses tags such as heading tags, image tags,
list tags; form and hyperlinks. The proper arrangement of the HTML code has been maintained in
every page of the application.

Fig. HTML View of Central Zoo

CSS

NIRAJ YADAV 142

WEB APPLICATION DEVELOPMENT

Cascading Style Sheet (CSS) has been used for styling the website to make it attractive and
appealing for the users. CSS allows controlling the appearance and layout of the website using a
style sheet which can be added to each page in the website as per requirement. CSS enables the
designer to change the appearance of the whole pages by editing just one code in the style sheet.
Using this feature, the designer does not have to alter every line of code in the website source code
itself. Thus, CSS allows the website to be built in less time and using less effort.

Fig. CSS View of Central Zoo

Database Design

NIRAJ YADAV 143

WEB APPLICATION DEVELOPMENT

Fig. Database Design of Central Zoo

Data Dictionary

Table Name Table Name with their Column Constraint, Column name, data type
Name

animal

Animal_species

NIRAJ YADAV 144

WEB APPLICATION DEVELOPMENT

czoo_users

daily_taken_food

NIRAJ YADAV 145

WEB APPLICATION DEVELOPMENT

food

order

NIRAJ YADAV 146

WEB APPLICATION DEVELOPMENT

supplier

zooarea

Screenshots of the designed pages

S.N Pages with Screenshot Code Used Event

Handler User

1. Login Page

NIRAJ YADAV 147

WEB APPLICATION DEVELOPMENT

This page is used for login the user

Schema Diagram

Fig. Schema Diagram of Central Zoo

NIRAJ YADAV 148

WEB APPLICATION DEVELOPMENT

Task Break Down

Task break down is done so as to facilitate project management. Breaking the complete task in
different modules with respect to time phrase will increase the effectiveness even more. Task break
down can be represented in a Gantt chart. A Gantt chart is a graphical representation of the
activities carried out during the development of project which is coincident to a time phrase. The
advantages of using a Gantt chart are given below:

1. Get handle to the future.

2. Resources can be allocated more effectively.

3. Keep everyone at the same time phrase.

4. Helps to understand task relationship.

5. The completion confusion can be avoided.

6. Staffs works more effectively being time oriented.

NIRAJ YADAV 149

WEB APPLICATION DEVELOPMENT

Choice of tools:

On developing the application we have selected Subline for front-end and MYSQL server. In this
tool we have successfully developed the application.

NIRAJ YADAV 150

WEB APPLICATION DEVELOPMENT

Fig. Sublime

In the context of php -based applications, Sublime is the most commonly used IDE. Some of the
key features included are:

 Single IDE for all .NET applications. Therefore no switching required to other IDEs for
developing .NET applications
 Single .NET solution for an application which has been built on code written in multiple
languages
 Code editor supporting Intelligence and code refactoring
 Compilation from within the environment based on defined configuration options
 Integrated debugger that works at source and machine level
 Plug-in architecture that helps to add tools for domain specific languages

NIRAJ YADAV 151

WEB APPLICATION DEVELOPMENT

 Customizable environment to help the user to configure the IDE based on the required
settings
 Browser that is built-in within the IDE helps to view content from internet such as help,
source-code, etc. in online mode.

MYSQL:

SQL Server Management Studio (SSMS) is a software application first launched with Microsoft
SQL Server 2005 that is used for configuring, managing, and administering all components within
Microsoft SQL Server. The tool includes both script editors and graphical tools which work with
objects and features of the server.

Microsoft SQL Server Management Studio's features include Object Explorer, which can view and
manage all objects in a SQL Server instance; Template Explorer, which builds and manages files
of boilerplate text that can be reused to speed up query and script development; and Solution
Explorer, which builds the projects used to manage administration items, such as queries and
scripts

Data and information collection mechanism:

Data collection is done during the planning phase of a system development lifecycle for collecting
data for the requirement of the NGO for the website. During the phase, mechanism such as
interview, questionnaires, direct observation are used. The data collection from end users of the
website are collected through the form of the finished website after it has been deployed. The form
presents on the website serves both as a means to review user‘s complaints and suggestion as well
as enquiry about products and services.

Methods of data collection (Fact Finding Techniques) There are certain methods of data collection.
Following are the methods that are suitable for the context of a hospital information system:

NIRAJ YADAV 152

WEB APPLICATION DEVELOPMENT

Questionnaires

The website designer can provide the organization staff with forms which are completed and
returned by respondents. Stakeholders will be given the questionnaire which will be basically
compiled of a moderate amount of question relating to the current system in the respective place.
Research using questionnaires is an inexpensive method that is useful where literacy rates are high
and respondents are co-operative.

Sample of Questionnaires for “Central Zoo” can be:

1. Are you having trouble getting required information from the developed project?
a) Yes
b) No
If yes, where do you find trouble to get information?
__________________
2. Is the database system secure?
Yes
No
No idea
3. Is the developed system fulfilling all the required needs of the users or not?
Yes
No
If no, then what are the areas that are not covered fully?
_________________________________________________________
4. If you have any suggestion to improve the current pharmaceutical system, please note
them.
____________________________

Interviews

NIRAJ YADAV 153

WEB APPLICATION DEVELOPMENT

The website designer can interview certain people such as the general staff and corporate level
staff from the organization about the things that they require in the system. Forms which are
completed through an interview with the respondent are very useful while defining the requirement
specification. Interviews are better for more complex questions, low literacy or less co-operation.

Direct observations

The website designer can make direct observation on the system and analyze the current system
failures and setbacks. The website designer should invest some time touring the workplace and
take notes about what information exchange takes place between different staffs so he can later
incorporate it in the system. Direct measurements are the most accurate method for many variables,
such as catch, but are often expensive. Many methods, such as observer programs, are limited to
industrial fisheries.

Reporting

The main alternative to making direct measurements is to require fishers and others to report their
activities. Reporting requires literacy and co-operation, but can be backed up by a legal
requirement and direct measurements. The website designer might not understand everything
technical in the workplace relating to the industry. Thus, hiring a reporter who could make the
observation and then explain it to the designer would help in determining requirements better.

It is very important to collect the right data to make proper conclusion about the requirement of
the organization. Improper data may result to incorrect information on the company requirements
resulting the failure of the database (Fao, 2015).

The information collected was helpful for designing the website and taking the website into next
level. The information in the content area i.e. popular destination, services etc. was taken from
various sources like the company as well as online sources and books.

NIRAJ YADAV 154

WEB APPLICATION DEVELOPMENT

Product and maintenance techniques:

Deployment involves all the processes for bringing the website to life. The process may include
webhosting, FTP used and many more. It is moving a website from a local environment to live
servers. Website deployment technique can range from user friendly software and services, to more
complex command line tools, to full blown systems with lots of moving parts. While choosing for
website deployment technique for Central Zoo, a certain numbers techniques will be considered
and evaluated. The most suitable option will be chosen to deploy the website for Central Zoo

Webhosting and Domain registration

A domain is an identification label. Some of the domain names are .com, .info, .net, .org. Before
bringing the website to live, its domain should be registered. The company registered the domain
under the name .com and it cost around Rs. 1500. Web hosting is the space needed by any company
for running their website. The space required for running the website differs according to the
content of web page Central Zoo, used 500MB space.

Server-side technology:

We have used PHP to get a basic database-driven website. The important thing to understand about
using server-side technology is that everything takes place on the server, and the results are sent
to the browser. PHP also makes a suitable back end for an RIA.

The Version Control Piece:

Version control doesn't automatically handle deployment. Projects are kept in repositories (or
"repos"). They can have multiple contributors. Files are kept in sync. It is the contributor ‘s job to
make sure they have the latest code and their new code fits. There is a record of all changes. Git is

NIRAJ YADAV 155

WEB APPLICATION DEVELOPMENT

probably the most common version control tool. Version control software is just that, software
which can be installed in the servers.

FTP:

FTP (File Transfer Protocol) is the simplest and most secure way to exchange files over the
Internet. We have used Filezilla as an FTP Client to transfer files back-and-forth between
computers over the Internet as it is capable of running in Windows, Mac OS X and Linux. Some
Snapshot showing the use of Filezilla tool for uploading the website:

Fig: Filezilla Interface

NIRAJ YADAV 156

WEB APPLICATION DEVELOPMENT

Fig: Using Filezilla

Maintenance:

After the design and registration the web page is ready for use. The page could be accessed by
anyone from all over the world. The web page contains all the details about the company and
services provided by it so, it is the duty of the company to keep its website up-to-date so that the
customers can get appropriate information. The company should also look for errors occasionally
and remove the error if found.

Recommendation for the developed “Central Zoo”:

Central Zoo is concerned website that is built in order to perform many operations. It has its own
features. But, it should be fully secured. In order to secure users, the users must type very strong
password. They should have valid email address. They should have knowledge about the phishing.
There are many options in PHP for the security. There’s a lot of outdated information on the Web
that leads new users astray, propagating bad practices and insecure code. PHP offers the Right
Ways an easy-to-read, quick reference for PHP popular coding standards, links to authoritative

NIRAJ YADAV 157

WEB APPLICATION DEVELOPMENT

tutorials around the Web and what the contributors consider to be best practices at the present time
and also maintains the security level of the web application. Some Recommendation can be:

 The website has not use images. Investing in professional photographers for
photographing images for the website would raise the standard of the website. The
images should be copy righted to ― Central Zoo
 The 'Login' or 'Log out' button at the bottom of a Web form can be the ugliest part of a
website. These buttons should be made appealing for the users. The buttons should
change colors, opacity, and gradient and font treatment when cursor is hovered over it.
 A professional website tester should be hired to test the designed website as the designer
might not be able to see all the improvements that can be made to his design.
 Code cleanup also should be used to minimize the unnecessary CSS codes.

Conclusion:

In this report documentation for the support and maintenance of the website has been created. It
also consist the methodologies used for design, choice of tools, task breakdown approach, data
collection mechanism, product deployment and maintenance technique and maintenance. The
maintenance of the website can be done easily using FileZilla was documented in this report. This
documentation should serve as a user manual as well as a technical documentation for the
respective users and administrators.

Introduction

In this task, I am designing and create the onscreen help form or help menu on the Main form of
the developed Central Zoo application that can help and guide the users of the system to operate
the system in a scientific and easy way. Introduction of onscreen help in this application help will
many users and admins of this application to be friendly with this application and helps the user
of this application to know the step-by-step guide to perform CRUD (create, read, update and
delete) and any other activities in the application.

NIRAJ YADAV 158

WEB APPLICATION DEVELOPMENT

Some of the operations included within the system are:

ADMIN

 Admin must log in

 Admin can edit and manage users

USER

 User can view all the table information

 User can contact with company using website

Scope

The documentation here clearly shows the scope of the Central Zoo. Central Zoo needed the system
to replace old paper work system for more efficiency and productivity. The change was necessary
as this is technological era where people are easily attracted toward modern application system.
The application provided a complete goals and objective that they expected to be. The system aims
and objective are solely to increase the rate of productivity for business and handle all those
operation that were not possible in the past. It does every operation automatically without any
human intervention. There is also a possibility of more advancement to the system in future. The
possibility of advancement thus has no boundary as we are using technology.

Some of the main advantages are mentioned below:

 Time and cost saving

 Less use of human manpower
 Easy search option for user

NIRAJ YADAV 159

WEB APPLICATION DEVELOPMENT

 Data management with less redundancy

Definition

The system developed for Central Zoo is a window based web application developed using PHP
and MYSQL server. The .php itself is a strong programming language platform that can automate
the system service and can provide data to build robust and agile system.

User Manual

Introduction

This is the general user guidance to show how to navigate and operate the Central Zoo application.
The aim is to provide a clear perspective of how to use the website along what are its requirements
for environment.

Overview

Central Zoo application is an advanced window based web application. The system allows the user
to see any things about zoo area, manage food, animal spiceis etc. The system clearly guides you
through steps in case of any confusion or doubts. There are forms and links that can store user data
and information which send the data into database which later can be retrieved, changed and
deleted as per user request.

Hardware and Software Specification

Hardware:

NIRAJ YADAV 160

WEB APPLICATION DEVELOPMENT

 RAM: 1 GB or more
 Hard Disk: Minimum 50 MB disk space
 Processor: AMD Series or i Series

Software:

 XAMPP
 Operating System: Windows

System Configuration

The Central zoo application is compatible with every windows version which are past after
Windows XP. Since, it is desktop based window application it can also run on hand held devices
like mobile and phones. The system requires internet connection in order to operate operations
such as adding data, deleting and modifying information in the database. Likewise, the system runs
amazingly on all browsers such as Chrome, Firefox, and Internet Explorer etc.

Diagrammatic Guidance

This section helps you to navigate the website with clear picture and direction.

Login helps the user to log into the system. Use the username and password provided by the Zoo
admin to login. If the user is supplier, he/she should check the box, I am supplier to login to the
page.

NIRAJ YADAV 161

WEB APPLICATION DEVELOPMENT

Fig. Login Form

Dashboard:

After login success, dashboard will open.

Fig. Dashboard

NIRAJ YADAV 162

WEB APPLICATION DEVELOPMENT

Adding User

1. To Add Manager

To add user, click on arrow

The add user and list user will be appear, now click on add user. Following form will be appear,
now enter the user details

NIRAJ YADAV 163

WEB APPLICATION DEVELOPMENT

Now, click on Add button,

User has been successfully added.

2. To Add Clerk
Fill out the form as below

NIRAJ YADAV 164

WEB APPLICATION DEVELOPMENT

From Dropdown menu choose Secretary

Click on Add

NIRAJ YADAV 165

WEB APPLICATION DEVELOPMENT

To add Clerk

Follow the same process as above. Now from dropdown select Clerk

Fill out the form as below and click add, the clerk will be successfully added.

List User

To add user, click on arrow

NIRAJ YADAV 166

WEB APPLICATION DEVELOPMENT

The add user and list user will be appear, now click on list user.

Following table will be appear and show all the data store in database

To delete User

Go to the List User, all user available user in database will be shown

NIRAJ YADAV 167

WEB APPLICATION DEVELOPMENT

Now click on the delete button

Alert dialogue will be appeared to confirm the decision

Now, click on OK the selected user will be deleted.

NIRAJ YADAV 168

WEB APPLICATION DEVELOPMENT

All the module performs same operation like Add, edit and delete.

Supplier Regristration

First login as admin to the application,

After login, the dashboard will be appear:

NIRAJ YADAV 169

WEB APPLICATION DEVELOPMENT

Expand the supplier by clicking the dropdown button

Click on Add supplier, after clicking above dropdown button

After clicking to Add User, the form will be appear, now fill out the form as below, remember the
email and password and provide to the supplier

NIRAJ YADAV 170

WEB APPLICATION DEVELOPMENT

Now click add, after success message will appear

Provide the email address and login password to the supplier.

Supplier Login

NIRAJ YADAV 171

WEB APPLICATION DEVELOPMENT

In login page, provide username and password of supplier provided by the admin and click login

Supplier user has been successfully login. Now the supplier can view order list and processed the
order item.

To List Supplier

Expand the supplier by clicking the dropdown button

NIRAJ YADAV 172

WEB APPLICATION DEVELOPMENT

Click on List supplier, after clicking above dropdown button

After clicking to List Supplier, all the data from database will be displayed in table as below

NIRAJ YADAV 173

WEB APPLICATION DEVELOPMENT

Zoo Area

From Dashboard expand the arrow near to the Zoo Area and click on List Zoo Area

NIRAJ YADAV 174

WEB APPLICATION DEVELOPMENT

Following screen will be appeared, now fill out the form to add the zoo area, below you can find
all the zoo area information presented in database

Thus, other module also follow the same pattern. User can follow the above process to complete
any action in the web application.

To Logout

NIRAJ YADAV 175

WEB APPLICATION DEVELOPMENT

Click on logout link as above, the user will be terminated from the account.

Conclusion:

In this task, I created a user documentation to help end users to use this application. Using this
application is not so tough. However, I have created this documentation, in case they need any
kind of help while using the Central Zoo application. Hence, I presented every single screen shots
with steps to guide the users of Central Zoo application.

NIRAJ YADAV 176

WEB APPLICATION DEVELOPMENT

Reference

 Novell. (2016) Web services and application guide [Online] Available from:
http://www.novell.com/documentation/oes11/web_services_lx/data/brqwipy.html
 Bhakti Satalkar. (2011). Advantages of web based applications. Available:
http://www.dayasolusi.com/articles/webdevelopment/127-advantages-of-web-
basedapplications.
 Apache. (2013). PHP advantages and disadvantages. Available:
http://my.safaribooksonline.com/book/operating-systems-and-
serveradministration/apache/0672322749/php/ch18lev1sec2.
 Gumpshen (7th Feb 2011). Web User. Available:
http://www.gumpshen.com/blog/2011/2/7/the-4-types-of-website-users/.
 Y Thomas. (2012).Web User. Available:
http://search.conduit.com/corse/?ctid=CT3289075&octid=CT3289075&SearchSource=
11&CUI=UN34577574182508251&SSPV=&Lay=2&UM=1&fq=https%3A%2F%2Ffanyv88.com%3A443%2Fhttp%2Fipv
4. google.com%2Fsorry%2FIndexRedirect%3Fcontinue%3Dhttp%3A%2F.
 Vexxhost. (2007) Top 5 features in PHP5 [Online] Available from:
http://vexxhost.com/blog/2007/01/03/top-5-new-and-cool-features-in-php5-that-
youprobably-haven%E2%80%99t-heard-of /
 Webopedia, n.d.MySQl[Online] Available from:
http://www.webopedia.com/TERM/M/MySQL.html
 Oracle (2014). Overview of MySQL database management system [Online] Available
from: http://dev.mysql.com/doc/refman/4.1/en/what-is-mysql.html
 Pierce, B. (2002) Types and Programming Languages. MIT Press.
 Schach, S. (2006) Object-Oriented and Classical Software Engineering. 7th Ed.
McGrawHill.
 Safari Books Online. PHP Advantages and Disadvantages [Online] Available from:
my.safaribooksonline.com/book/operating-systems-and-server-admnistration/apache
 W3schools.com. PHP Exception Handling [Online] Accessed from:
http://www.w3schools.com/php/php_exception.asp

NIRAJ YADAV 177

WEB APPLICATION DEVELOPMENT

 O, Thomas. (2002) Secure Programming in PHP. [Online] Accesses from:

www.cgisecurity.com/lib/php-secure-coding.html
 Dev.mysql.com, (n.d.). MySQL :: MySQL 5.0 Reference Manual :: 6.1.3 Making MySQL
Secure Against Attackers. [online] Available at:
http://dev.mysql.com/doc/refman/5.0/en/security-against-attack.html
 Bollaert, J. (2014). Using Web Widgets Wisely, Part 2 Advantages and disadvantages of
client-side scripts. [online] Opensourcetutorials.com. Available at:
http://www.opensourcetutorials.com/tutorials/design-and-layout/usability/web-
widgetspart-2/page2.html
 Hosting, S. (2014). Connect PHP & MySQL Tutorial. [online] Siteground.com. Available
at: http://www.siteground.com/tutorials/php-mysql/connect-mysql/
 Princeton.edu, (2016). Client-side scripting. [online] Available at:
http://www.princeton.edu/~achaney/tmve/wiki100k/docs/Client-side_scripting.html
 Princeton.edu, (2015). Server-side scripting. [online] Available at:
https://www.princeton.edu/~achaney/tmve/wiki100k/docs/Server-side_scripting.html
 Rouse, M. (2016). What is scripting language? - Definition from WhatIs.com. [online]
Searchwindevelopment.techtarget.com. Available at:
http://searchwindevelopment.techtarget.com/definition/scripting-language
 Serverschool.com, (2012). Benefits and Disadvantages of Server-Side Scripting. [online]
Available at: http://www.serverschool.com/server-software/benefits-and-
disadvantagesof-server-side-scripting/
 Sqa.org.uk, (2013). Advantages and Disadvantages of Scripting Languages. [online]
Available at: http://www.sqa.org.uk/e-learning/ClientSide01CD/page_22.htm
 Novell. (2016) Web services and application guide [Online] Available from:
http://www.novell.com/documentation/oes11/web_services_lx/data/brqwipy.html
 Bhakti Satalkar. (2011). Advantages of web based applications. Available:
http://www.dayasolusi.com/articles/webdevelopment/127-advantages-of-web-
basedapplications.

NIRAJ YADAV 178

WEB APPLICATION DEVELOPMENT

 Apache. (2013). PHP advantages and disadvantages. Available:

http://my.safaribooksonline.com/book/operating-systems-and-
serveradministration/apache/0672322749/php/ch18lev1sec2.
 Gumpshen (7th Feb 2011). Web User. Available:
http://www.gumpshen.com/blog/2011/2/7/the-4-types-of-website-users/.
 YThomas. (2012).Web User. Available:
http://search.conduit.com/corse/?ctid=CT3289075&octid=CT3289075&SearchSource=
1
1&CUI=UN34577574182508251&SSPV=&Lay=2&UM=1&fq=https%3A%2F%2Ffanyv88.com%3A443%2Fhttp%2Fipv4
. google.com%2Fsorry%2FIndexRedirect%3Fcontinue%3Dhttp%3A%2F.
 Vexxhost. (2007) Top 5 features in PHP5 [Online] Available from:
http://vexxhost.com/blog/2007/01/03/top-5-new-and-cool-features-in-php5-that-
youprobably-haven%E2%80%99t-heard-of/
 Webopedia, n.d.MySQl[Online] Available from:
http://www.webopedia.com/TERM/M/MySQL.html
 Oracle (2014). Overview of MySQL database management system [Online] Available
from: http://dev.mysql.com/doc/refman/4.1/en/what-is-mysql.html
 Pierce, B. (2002) Types and Programming Languages. MIT Press.
 Schach, S. (2006) Object-Oriented and Classical Software Engineering. 7th Ed.
McGrawHill.
 Safari Books Online. PHP Advantages and Disadvantages [Online] Available from:
my.safaribooksonline.com/book/operating-systems-and-server-admnistration/apache
 W3schools.com. PHP Exception Handling [Online] Accessed from:
http://www.w3schools.com/php/php_exception.asp
 O, Thomas. (2002) Secure Programming in PHP. [Online] Accesses from:
www.cgisecurity.com/lib/php-secure-coding.html
 Dev.mysql.com, (n.d.). MySQL :: MySQL 5.0 Reference Manual :: 6.1.3 Making MySQL
Secure Against Attackers. [online] Available at:
http://dev.mysql.com/doc/refman/5.0/en/security-against-attack.html

NIRAJ YADAV 179

WEB APPLICATION DEVELOPMENT

 Tuxradar.com, (2014). Cookies and Sessions | Practical PHP Programming | TuxRadar

Linux. [online] Available at: http://www.tuxradar.com/practicalphp/10/0/0
 Bollaert, J. (2016). Using Web Widgets Wisely, Part 2 Advantages and disadvantages of
client-side scripts. [online] Opensourcetutorials.com. Available at:
http://www.opensourcetutorials.com/tutorials/design-and-layout/usability/web-
widgetspart-2/page2.html
 Hosting, S. (2016). Connect PHP & MySQL Tutorial. [online] Siteground.com. Available
at: http://www.siteground.com/tutorials/php-mysql/connect-mysql/

NIRAJ YADAV 180

1 Borghello
No ratings yet
1 Borghello
18 pages
Venom Whitepaper
No ratings yet
Venom Whitepaper
27 pages
Hosts For PUBG Global
No ratings yet
Hosts For PUBG Global
2 pages
BSE Limited National Stock Exchange of India Limited
No ratings yet
BSE Limited National Stock Exchange of India Limited
390 pages
Useless Data
No ratings yet
Useless Data
45 pages
Scsu PDF
No ratings yet
Scsu PDF
18 pages
Hotbnb Info
No ratings yet
Hotbnb Info
20 pages
Promotor Parallel Hierarchy
No ratings yet
Promotor Parallel Hierarchy
2 pages
Top 3 Plumber Services in Guntur
No ratings yet
Top 3 Plumber Services in Guntur
22 pages
Paper 3. Zerocoin Anonymous Distributed E-Cash From Bitcoin
No ratings yet
Paper 3. Zerocoin Anonymous Distributed E-Cash From Bitcoin
15 pages
Srscse 320 Gpay
No ratings yet
Srscse 320 Gpay
21 pages
Bitcoin and Blockchain Fundamentals: L2 - Bitcoin Paradigm in 5Ws - Part 1 (Why, Where, Who)
No ratings yet
Bitcoin and Blockchain Fundamentals: L2 - Bitcoin Paradigm in 5Ws - Part 1 (Why, Where, Who)
60 pages
INF221 - Web Design & Development: REST: Isaac S. Mwakabira
No ratings yet
INF221 - Web Design & Development: REST: Isaac S. Mwakabira
22 pages
Untitled
No ratings yet
Untitled
72 pages
How To Play The Undead Blocks Beta v3
No ratings yet
How To Play The Undead Blocks Beta v3
18 pages
ZK EVM
No ratings yet
ZK EVM
34 pages
Serviceworker
No ratings yet
Serviceworker
6 pages
Defi Protocol Risks
No ratings yet
Defi Protocol Risks
36 pages
Crypto Currency Business
No ratings yet
Crypto Currency Business
3 pages
Cryptocurrency New
No ratings yet
Cryptocurrency New
55 pages
Ridecoin Whitepaper
50% (2)
Ridecoin Whitepaper
28 pages
En6000 - User1 - Backup
No ratings yet
En6000 - User1 - Backup
25 pages
Ticket Details 7th Aug 2022 S1
No ratings yet
Ticket Details 7th Aug 2022 S1
94 pages
Untitled
No ratings yet
Untitled
89 pages
Adresses Exchanges
No ratings yet
Adresses Exchanges
4 pages
Log
No ratings yet
Log
26 pages
To-Do List: Notifications Inbox Posts & Stories Planner Ads Insights All Tools
No ratings yet
To-Do List: Notifications Inbox Posts & Stories Planner Ads Insights All Tools
1 page
Google Tokens
No ratings yet
Google Tokens
3 pages
User Login Credentials
No ratings yet
User Login Credentials
242 pages
International Strategy To Better Protect The Financial System Against Cyber Threats
No ratings yet
International Strategy To Better Protect The Financial System Against Cyber Threats
242 pages
Digital Certificates - Price List
No ratings yet
Digital Certificates - Price List
10 pages
16
No ratings yet
16
15 pages
IoT Intership Report
No ratings yet
IoT Intership Report
31 pages
Cointool TRX 692098
No ratings yet
Cointool TRX 692098
15 pages
Bitcoin: The Money Revolution
No ratings yet
Bitcoin: The Money Revolution
8 pages
Final Presentation
No ratings yet
Final Presentation
36 pages
Meta Rise
No ratings yet
Meta Rise
2 pages
NFT Document Work
No ratings yet
NFT Document Work
83 pages
XML Security - OWASP Cheat Sheet Series
No ratings yet
XML Security - OWASP Cheat Sheet Series
2 pages
HP Re Fuel Card User Guide 170216
No ratings yet
HP Re Fuel Card User Guide 170216
4 pages
OWASP 2FA Social Engineering
No ratings yet
OWASP 2FA Social Engineering
68 pages
The Application of Blockchain Technology in China
No ratings yet
The Application of Blockchain Technology in China
4 pages
Untitled
No ratings yet
Untitled
1 page
Gce Computer p2 and p1: Science 595 Mark Guide
No ratings yet
Gce Computer p2 and p1: Science 595 Mark Guide
8 pages
Coin Risk Rating Publication 8.22.2022
No ratings yet
Coin Risk Rating Publication 8.22.2022
32 pages
Cointool TRX 383681
No ratings yet
Cointool TRX 383681
9 pages
Script Greenville
No ratings yet
Script Greenville
14 pages
Anubis: Synopsis
100% (1)
Anubis: Synopsis
18 pages
Factor Affecting Adoption of e Wallet in Sarawak1
No ratings yet
Factor Affecting Adoption of e Wallet in Sarawak1
14 pages
Cyber Forensic Report Data Recovery Module
No ratings yet
Cyber Forensic Report Data Recovery Module
54 pages
Introduction To Nethereum Blockchain in DotNetCore
No ratings yet
Introduction To Nethereum Blockchain in DotNetCore
11 pages
Booking Confirmation On IRCTC, Train: 12218, 06-Apr-2022, 3A, NDLS - MAO
No ratings yet
Booking Confirmation On IRCTC, Train: 12218, 06-Apr-2022, 3A, NDLS - MAO
1 page
Log Cat 1651224228688
No ratings yet
Log Cat 1651224228688
62 pages
NS Writeup 03
No ratings yet
NS Writeup 03
7 pages
Untitled Yaml
No ratings yet
Untitled Yaml
1 page
ISD Cheat Sheet
No ratings yet
ISD Cheat Sheet
2 pages
GRP7 - It Era - Trends and Issues in Computing
No ratings yet
GRP7 - It Era - Trends and Issues in Computing
30 pages
A 4chan Approach For Trading & Investing in Cryptocurrencies
No ratings yet
A 4chan Approach For Trading & Investing in Cryptocurrencies
12 pages
Blockchain 2510793
No ratings yet
Blockchain 2510793
41 pages
Programming the Photon: Getting Started with the Internet of Things
From Everand
Programming the Photon: Getting Started with the Internet of Things
Christopher Rush
5/5 (1)
Fond Rouge Data
No ratings yet
Fond Rouge Data
232 pages
Wide Area Nework: Niraj Yadav
No ratings yet
Wide Area Nework: Niraj Yadav
142 pages
Project
No ratings yet
Project
106 pages
Web Design
No ratings yet
Web Design
81 pages
System Analysis and Design: Academic Portal of Falcon College
No ratings yet
System Analysis and Design: Academic Portal of Falcon College
68 pages
Rearch Paper of Economics
No ratings yet
Rearch Paper of Economics
1 page