1(a) The video table consists of the following fields: VideoID, VideoName, Presenter, Topic.

(i) Describe what is meant by the term primary key.

[2]

(ii) Write an SQL query that finds the name and presenter of all videos on the Topic of “The CPU”.

[4]

© OCR 2024. You may photocopy this page. 1 of 17 Created in ExamBuilder

 (b) The Big Brains exam board has produced a website that allows students to access revision videos.

All pages in the site contain the following tag in the head section.

The exam board wants to use a database to keep track of which videos each student has viewed. The structure
it plans to use is shown below:

(i) Identify one reason why this structure would not be suitable.

[1]

(ii) Draw a new version of the structure to solve this problem.

[3]

© OCR 2024. You may photocopy this page. 2 of 17 Created in ExamBuilder

 2(a) A company sells garden furniture. It has decided to create a relational database. A first, incomplete database
design includes two tables PRODUCT and ORDER.

PRODUCT (ProductId, ProductType, Size, Price,…)

ORDER (OrderId, OrderDate, ProductId,…)

For example, the product which has ProductId 12345 is a large bench which has a price of £150.

A CUSTOMER table is added. An entity-relationship (E-R) diagram is shown.

Explain why this design would be inefficient for customers.

[2]

© OCR 2024. You may photocopy this page. 3 of 17 Created in ExamBuilder

 (b) Some of the Structured Query Language (SQL) for this database is

SELECT Surname, Title, PhoneNo

FROM CUSTOMER
WHERE Town = “Coventry”
ORDER BY Surname

Describe the purpose of this code and give one situation in which it may be used.

[5]

3(a) A web forum stores all its content in a database.

The forum stores details of its users in the table called Users. An extract of Users is shown below.

userID username passwordHash locked

1 Zeus 8dfa46a79248037752bba6166fcb34f8 1
2 Hera 74d39d60507eb55e000c6ec5c1265891 0
3 Poseidon b015d770d0208ddcce2c2c719fe29371 0

Describe what is meant by the term ‘primary key’, giving an example from the table above.

[2]

© OCR 2024. You may photocopy this page. 4 of 17 Created in ExamBuilder

 (b) The user’s password is passed to a function that generates a hash and the result is stored in passwordHash.

(i) Describe what is meant by the term ‘hash’.

[1]

(ii) Describe one advantage to storing the password as a hash.

[2]

© OCR 2024. You may photocopy this page. 5 of 17 Created in ExamBuilder

 (c)
Write an SQL statement to get just the passwordHash and locked values of the user Apollo.

[3]
(d)
Sometimes users can have their accounts locked if they behave inappropriately. When this is the case the
locked field is set to 1 rather than 0.

Write an SQL statement that locks the account of the user Hades

[3]

© OCR 2024. You may photocopy this page. 6 of 17 Created in ExamBuilder

 (e) The function checkAccess takes in the password the user has entered (givenPassword) along with the
password hash (passwordHash) and locked value (locked).

passwordHash and locked have already been extracted from the database before being passed to the
function. It should return the value true if a user should be allowed access to a system and false if they aren’t.

Your function should make use of the pre-written function hash() which takes in a string and returns the hash
of that string.

e.g.

hash("Hello") returns f7ff9e8b7bb2e09b70935a5d785e0cc5d9d0abf0

Complete the function checkAccess.

function checkAccess (givenPassword, passwordHash, locked)

© OCR 2024. You may photocopy this page. 7 of 17 Created in ExamBuilder

 endfunction
[4]

4(a) Explain what the code in Fig. 8.1 does.

[5]

© OCR 2024. You may photocopy this page. 8 of 17 Created in ExamBuilder

 (b) In certain scenarios the user's IP address is logged in a database.

(i) Describe what is meant by an IP Address.

[2]

(ii) Explain why the programmers have chosen to store the user's IP address.

[2]

(c) An extract from the database is shown below:

(i) The username admin is entered into the form.

State what the value of statement would be after line 03 of the code in Fig. 8 .1 is run.

[1]

(ii) State what the value of hashInDB would be after line 04 of the code in Fig. 8.1 is run.

[1]

© OCR 2024. You may photocopy this page. 9 of 17 Created in ExamBuilder

 (d) In SQL the character ; denotes the next statement and the characters –– denote a comment.

The username DenverJ34'; DROP TABLE users; –– is entered into the form.

(i) State what the value of statement would be after line 03 is run.

[1]

(ii) Describe what happens when line 04 is run.

[2]

(iii) State the name of a law the user has broken by entering the username
DenverJ34'; DROP TABLE users; --

[1]

© OCR 2024. You may photocopy this page. 10 of 17 Created in ExamBuilder

 5(a) An airport holds details of flights in a database using the table Flight. An extract of the table is shown below.

FlightID FlightNumber DestinationCode DestinationName DepartureDate DepartureTime

1355 OC0089 JFK John F. Kennedy 03/07/18 09:50
1453 CS1573 LHR Heathrow 03/07/18 10.30
1921 OC7750 JFK John F. Kennedy 04/07/18 8.30
1331 AM0045 YHZ Halifax 04/07/18 14.25
1592 HB0326 RTM Rotterdam 04/07/18 19.10
1659 CS0123 LHR Heathrow 04/07/18 07.20

Describe what the SQL statement below does.

SELECT FlightNumber FROM Flight WHERE DestinationCode='JFK'

[2]

© OCR 2024. You may photocopy this page. 11 of 17 Created in ExamBuilder

 (b) The airport cancels all its flights to Heathrow on 4th July 2018.

The SQL statement below shows all the data for flights going to Halifax. Rewrite it so it instead removes all
flights to Heathrow on 4th July 2018.

SELECT * FROM Flight WHERE DestinationName='Halifax'

[3]

END OF QUESTION PAPER

© OCR 2024. You may photocopy this page. 12 of 17 Created in ExamBuilder

 Mark Scheme

Question Answer/Indicative content Marks Guidance

1 a i A field that has a unique value / a 2 Up to 2 marks for a valid description.

unique identifier (1) for every record in
that table (1) – in this case VideoID (1).

ii SELECT VideoName, Presenter (1) 4 For 4 marks.

FROM Video (1) WHERE Topic (1)
=“The CPU” (1). Do not award first mark if any other field or
SELECT *

SELECT VideoName, Presenter FROM

Video WHERE Topic=“The CPU”

b i Many to Many relationships are not 1 For 1 mark.

allowed / in 3NF (1).

ii Table added between student and 3 For 3 marks.

video (1).
Student to middle table 1:M
relationship (1).
Middle table to video M:1 relationship
(1).

Total 10

2 a Only one product can be on an order 2

Customer would have to make a Examiner's Comments
separate order for each product
required A few candidates showed a lack of
understanding of the E-R Diagram and
said that customers would not be able to
see the products, but most were able to
correctly analyse what was asked for.

b Lists attributes Surname, Title, 5 Accept other relevant purposes

PhoneNo
from the table CUSTOMER
for all customers in Coventry
in ascending order of Surname Allow A - Z / alphabetical
e.g. for local promotions / new store
opening Examiner's Comments

Another question that was targeted at

precise technical language, it was clear
from the candidates responses that some
only had very superficial knowledge of this
topic.

Total 7

© OCR 2024. You may photocopy this page. 13 of 17 Created in ExamBuilder

 Mark Scheme

Question Answer/Indicative content Marks Guidance

3 a A field which has a unique value for every 2

record / A unique identifier. (1)
(AO1.1 –

E.g. userID (1) 1, AO2.1

-1)

Examiner’s Comments
Well received and answered by most
candidates.

b i A result generated by applying an 1

algorithm / numeric process to a value. (1)
(AO1.1)

ii Hash functions are one way / can’t 2

be reverse (1)

If someone gains access to the (AO1.2 1

database they cannot access user’s
password. (1)
mark,
Examiner’s Comments
AO2.1 Many candidates achieved the mark in
part i) few achieved both marks in part ii)
1 mark) mostly stating as opposed to describing the
advantage e.g. ‘those who gain
unauthorised access cannot access
passwords’ without going on to say ‘hash
functions are one way’.

c SELECT passwordHash, locked (1) 3 Do not award first mark for SELECT *
FROM Users (1)
WHERE username=‘Apollo’ (1) (AO 3.2)

Examiner’s Comments
In most cases, candidates who achieved
marks in c) went on to achieve marks in d)
with few candidates achieving all marks in
either. Many candidates did not use correct
SQL statement structure or syntax e.g.
confusing attribute names with string
literals.

© OCR 2024. You may photocopy this page. 14 of 17 Created in ExamBuilder

 Mark Scheme

Question Answer/Indicative content Marks Guidance

d UPDATE Users (1) 3 Allow other updating method

SET locked=1 (1) e.g. a DELETE statement followed by an
INSERT statement, for full marks e.g.
(AO 3.2)
WHERE username=‘Hades’ (1)

Examiner’s Comments
In most cases, candidates who achieved
marks in c) went on to achieve marks in d)
with few candidates achieving all marks in
either. Many candidates did not use correct
SQL statement structure or syntax e.g.
confusing attribute names with string
literals.

e Takes a hash of givenPassword 4 Example code:

(NB this may be done inline e.g.
if hash (givenPassword)==pa (AO 3.2)
sswordHash and locked==0
then (1)

Returns true if password is correct

and account is unlocked. (1) Candidates may have taken a different
approach - any solution that fulfils the
Returns false if account is locked (1) criteria on the left should get them marks.

Returns false if password is

incorrect (1)
Examiner’s Comments
Candidates were asked to complete a
function in this question. Although many
students demonstrated reasonable logic in
solving this problem, some used output
statements rather than returned values
from the function, therefore, not gaining full
marks.

Total 15

© OCR 2024. You may photocopy this page. 15 of 17 Created in ExamBuilder

 Mark Scheme

Question Answer/Indicative content Marks Guidance

4 a Any five from: 5

Takes the username and password from
the form (1)
Uses the username to create an SQL
statement (1) to get the passwordHash
belonging to the given username (1) Runs
the SQL Statement (1) hashes the given
password and compares it to the retrieved
hash (1)
If they match it generates a success
webpage, otherwise it records the user’s IP
address. (1)

b i Any two from: 2

A numerical address made of 4 numbers
each between 0 and 255 / 32 hexadecimal
digits (1)
That uniquely identifies a device on a
network. (1)
It is a logical identifier (i.e. can change on a
physical device) (1)

ii IP address can help identify a user… (1) 2

…so company can potentially track users
attempting to gain unauthorised access (1)

c i SELECT passwordHash FROM users 1

WHERE name = ‘admin’

ii 0e5a511 1

d i SELECT passwordHash FROM users 1

WHERE name = ‘DenverJ34’; DROP
TABLE users; ’ --

ii Gets passwordHash for username 2

DenverJ34 (1)
then deletes the table called users. (1)

iii Computer Misuse Act 1

Total 15

© OCR 2024. You may photocopy this page. 16 of 17 Created in ExamBuilder

 Mark Scheme
Question Answer/Indicative content
5 a - Gets/selects/outputs the flight
numbers from the ‘Flight’ table
- Of flights with the destination JFK
- It returns OC0089 and OC7750
(1 Mark per -, Max 2)
b - SELECT * changed to DELETE
- Halifax changed to Heathrow
DestinationName='Heathrow'/
DestinationCode='LHR'
- Added AND
DepartureDate=4/7/18
(1 Mark per -, Max 3)
Total
© OCR 2024. You may photocopy this page.
Powered by TCPDF (www.tcpdf.org)
Marks Guidance
2 (AO2.2)
Examiner’s Comments
Many candidates achieved full marks on
this question. Candidates were credited for
describing the statement and/or stating the
output. Those who did not achieve full
marks generally stated that the statement
‘outputs the flight numbers of flights with
the destination of JFK’ omitting to state that
the flight numbers will be extracted from
the flight table.
3 (AO3.2) DELETE FROM Flight WHERE
DestinationName='Heathrow' AND
DepartureDate=4/7/18
Accept quotation marks or #s around the
date.
Do not give first mark if asterisk is kept (i.e.
DELETE *)
The Departure Date condition could be
placed before the Destination Name.
Examiner’s Comments
Most candidates did not achieve the first
mark for the DELETE statement because
they included the wildcard i.e. DELETE *.
Many went on to achieve the rest of the
marks giving the criteria, using correct SQL
statements.
5
17 of 17 Created in ExamBuilder