COSC 465 Final Exam

Fall 2018

You have 2 hours to complete the exam
Good luck!

Multiple Choice Questions (2 points each): Circle only one answer for each of the following problems:

What is the primary goal of a scripting language?
1. Allow programmers to write a program as quickly as possible, even if it sacrifices machine efficiency
2. Allow programmers to write a program that executes quickly, even if the programmer requires a significant amount of time to write, test, and debug the program.
3. Allow programmers to write multi-threaded, server applications that simultaneously support multiple client interactions.
4. Allow programmers to create highly interactive web pages that support animations, form validation, and dynamic content.
If I want to maintain session information in PhP across a multi-page web-site and I am using a single server, which of the following is the simplest server-side solution to use?
1. cookies
2. hidden form elements
3. SESSION table
4. database storage
Node.js tends to work best with what type of web application?
1. IO bound applications that tend to make CRUD database requests but require little computational support from the server.
2. Compute bound applications that require considerable computational support from the server, such as for visualization or game-playing engines.
3. Multi-threaded applications that stream audio and video and use integrated cinematic effects.
4. Desktop applications that can be downloaded from the server and then used without any further interaction with the server.
Suppose I want to create a web form that allows a user to query a database and then displays the results. The query will in no way modify the database. What type of method should I use to submit the form?
1. POST
2. GET
3. QUERY
4. REQUEST
In Javascript, why is it important to use the var keyword to declare variables in functions?
1. var causes Javascript to use static, lexical scoping. If you fail to declare the variable using var, then Javascript will use dynamic scoping.
2. var causes Javascript to pass a reference to the argument's value to the local parameter. If you fail to declare the parameter using var, then Javascript copies the arguments's value into the local parameter, which is expensive for objects, such as lists or hash tables
3. var makes the variable a local variable. If you fail to declare the variable using var, then Javascript will make the variable a global variable that will continue to exist once the function exits.
4. var keeps a hash table argument intact as an object. If you fail to declare the variable using var, then Javascript flattens a hash table parameter into a list of the hash table's keys and values.
Why are html events like click and change important?
1. They allow the programmer to connect user actions with functions that either initiate communication with the server or alternatively that update the web page by modifying forms or the html DOM
2. They provide formatting instructions to the web browser that tell it how to lay out the content of different tag elements in the html document for that page.
3. They provide mechanisms for navigating through the HTML DOM and returning pointers to nodes associated with tag elements that the user wishes to manipulate.
4. They initiate contact with different ports on the server and force prescribed actions to be taken on the server depending on which port has been accessed.
In a PHP script, how can I retrieve the value of a form element named "zipcode" if the form has been transmitted using the post method?
1. $a = $POST.zipcode;
2. $a = $_POST['zipcode'];
3. $a = $FORM['zipcode', 'POST'];
4. $a = decode('zipcode', 'POST');
Suppose I wish to iterate through the contents of a PHP array and print each element. One way to do so would be write the following PHP code fragment:
```
for ($index = 0; $index < count($fruits); $index++) {
    print "$fruits[$index]\n";			   
}			    
```
What is a more compact way to write this code fragment?
1. for ($index in @fruits) { print "$fruits[$index]\n"; }
2. foreach $fruit (@fruits) { print "$fruit\n"; }
3. for (@fruits as $fruit) { print "$fruit\n"; }
4. foreach ($fruits as $fruit) { print "$fruit\n"; }
Can your server-side script trust data sent from a web form that has been validated by javascript on the client-side?
1. Yes, as long as the javascript validation functions have used the appropriate regular expressions to validate the data.
2. No, the CGI transmission protocol is highly prone to drop bits and hence transmit faulty data
3. No, hackers may have entered malicious data on the web form that javascript functions cannot detect
4. No, hackers may be able to by-pass the web form by calling your script directly with malicious data
What happens when I type the url "http://web.eecs.utk.edu/~bvz/foo.php" into a web browser?
1. The web browser generates a request to execute foo.php on the indicated server, the server executes the .php script to generate an .html page and transmits the page back to the browser, and the browser displays the generated .html page.
2. The web browser executes the .php script on the client's machine, the client's machine generates a .html page and transmits the page back to the browser, and the browser displays the generated .html page
3. The web browser executes the .php script in the browser's own virtual machine, thus generating a .html page that the browser can then display.
4. An error message gets printed because only .html files can be interpreted by a web browser
Scripting languages tend to use a prototype-instance object model rather than a class-instance object model because:
1. They allow the programmer to rapidly modify the appearance of an interface by modifying properties of the prototype object and having the modifications propagate to all instance objects.
2. They allow the programmer to rapidly modify the appearance of an interface by modifying the properties of each instance object.
3. They allow the programmer to efficiently access properties of an object by positioning each property at a fixed offset from the beginning of the structure representing the object.
4. They allow the programmer to control access to an object's properties by declaring the properties as private, protected, or public.
A cross-site scripting attack occurs when a hacker attempts to spoof your server-side script into returning links to the client-side that could cause a user to click to a malicious web-site. PhP provides which of the following types of functions to stop this type of attack and make it apparent to the user that an attack was being attempted:
1. functions that insert \'s in front of html special characters, such as < and >
2. functions that insert \'s in front of single and double quotes
3. functions that delete all single quotes, all double quotes, and all html special characters from a string
4. functions that convert html special characters, such as < and > to their corresponding entity codes
Suppose in a file named confirm.php I want to write a PhP code fragment that echos out a person's first and last name. Assume that a previous script named info.php retrieved the first and last name from the user and 1) stored the first and last name in PhP variables named $firstname and $lastname, and 2) stored the first and last names in a session table with the key names 'firstname' and 'lastname'. Which of the following PhP code fragments correctly echos out the first and last name? You should assume that the web page that invoked this php fragment did not transmit the first and last names. You have to use the first and last names that were saved by info.php.
1. echo "$firstname $lastname";
2. echo $_SESSION['firstname'] . " " . $_SESSION['lastname'];
3. echo $_REQUEST['firstname'] . " " . $_REQUEST['lastname'];
4. echo info.php['firstname'] . " " . info.php['lastname'];
5. echo "$info.php.firstname $info.php.lastname";
Suppose that I want to write an SQL prepared statement that will be called from a PHP script. The prepared statement should return all students in a course who received a score greater than some amount. The parameters will be the course id and the score. The attributes returned will be the studentId, score, and letter grade. How should I write the prepared statement, assuming that the relation has the following attributes:
```
Grades(courseId, studentId, score, letterGrade)
    
```
1. SELECT studentId, score, letterGrade FROM Grades WHERE courseId = $courseId AND score >= $score;
2. SELECT studentId, score, letterGrade FROM Grades WHERE courseId = $1 AND score >= $2;
3. SELECT studentId, score, letterGrade FROM Grades WHERE courseId = ? AND score >= ?;
4. SELECT studentId, score, letterGrade FROM Grades WHERE courseId = ?[1] AND score >= ?[2];

Suppose you are given the following PUG template and PUG instantiation from Express. What html code will be created by the PUG template?

// From Express
var locals = { flowers: ['roses', 'daisies', 'violets'] };
res.render("index", locals);

// index.pug
ol
    - for (flower of #{flowers})
        li= flower

ol
    li roses
    li daisies
    li violets
<ol>
<li> roses daisies violets </li>
</ol>
<ol>
    <li> roses </li>
    <li> daisies </li>
    <li> violets </li>
</ol>
1. roses
2. daisies
3. violets

Multiple Answer Questions: The following questions have more than one correct answer and each correct answer is worth 1 point. Each question states the number of correct answers. If you choose more than the indicated number of answers, you will one point for each additional answer.

In which ways does a Javascript program typically modify the appearance of a web page once the web page has been loaded (4 correct answers):
1. By modifying one or more properties of a tag element's style object
2. By changing the text property of a tag element
3. By adding, removing, or changing tag elements in the HTML DOM
4. By adding, removing, or changing tag elements in the XML DOM
5. By changing the innerHTML property of a tag element
6. By modifying rules in the document's CSS object
7. By calling the writeln function
8. By calling the alert function
9. By filling in one or more form elements with information, such as from an address book.
Which of the following statements are true of a single page application (SPA) (3 correct answers)?
1. It is a web application that consists of a single static page with the remaining pages being dynamically generated by the server in response to user interaction.
2. It is a web application that downloads a desktop application from a server and then runs the application in the browser rather than a separate window. Once it has downloaded the application, it severs its ties with the server and uses the client's CPU and file system, just like an ordinary desktop application.
3. It is a web application that runs in a single web page and provides a user experience that is similar to a desktop application, but which interacts with a server rather than the client's file system to acquire the data it needs to run the application.
4. It is a computationally expensive web application that loads all of the application's resources immediately, runs in a single page on the client-side, and utilizes the client's CPU and file system so as to minimize the resource requirements of the server.
5. It is a web application that encodes the business logic for the web application on the client-side rather than the server-side.
6. It generally sends less data over the network than a web application which uses web pages that are dynamically generated by the server and hence can seem more responsive to the user.
7. Both its front and back ends must be written in javascript.
8. It downloads most of the required application resources immediately and acquires any subsequent data it needs via Ajax calls to a web API.
9. It initially downloads only the application resources required to get the application running and then lazily acquires additional application resources via AJAX calls, even if these resources require considerable bandwidth and delay the application.
Which of the following statements are true of Node.js (5 correct statements)?
1. It is single-threaded and hence should be used primarily with IO bound applications.
2. It is multi-threaded and hence should be used primarily with compute bound applications.
3. The server is started by executing a javascript program that starts listening for requests on a certain port.
4. It requires server-side software like Apache to automatically invoke the appropriate javascript script when a request arrives from the client.
5. It uses an event loop to process incoming requests and the event loop uses a massive if-then-else statement to route the request to the appropriate javascript callback function.
6. Forms on the client-side use their action methods to specify a .js file that should be called on the server side to handle the form.
7. Forms on the client-side use a route, which is like a pathname, to request an appropriate action from the server side.
8. Each Node.js script generates a dynamic web-page that is then returned to the browser.
9. Node.js is the protocol for AJAX that specifies how AJAX request objects are sent to the server and how AJAX response objects are returned to the browser.
10. Node.js allows programmers to use javascript to implement both the client and server sides of a web application.
11. Node.js is the protocol for JSON that specifies how JSON strings are decoded on the browser side.
What are the advantages of PhP SESSION variables over cookies? (3 correct answers)
1. They allow client-side scripts to access the data
2. They allow more session data to be stored because they are stored on the server rather than the client and hence are subject to the server's size limitations rather than the browser's size limitations.
3. They prevent hackers from corrupting the data since the client side can not access it
4. They allow multiple servers to handle the same web session
5. They can be preserved between web sessions, which means that the user can close their web browser, re-open it, and the data will still be available.
6. They consume less bandwidth because the data is not transmitted from the client to the server each time a server-side script is invoked
Which of the following strings match the following regular expression. (4 correct answers)
```
    /^\w{3,5}$/ 
  
```
1. br6d
2. Betty
3. Sal!
4. Ba
5. bi?
6. SARAH
7. 62Yifan
8. Pa_rt
Which of the following strings match the following regular expression. (3 correct answers)
```
 /^((\d+(-)?\d{3})|(0\.\d+))$/
 
```
1. 146
2. 86235
3. 42-5868
4. 0.62
5. -586
6. 5-837
7. .387
8. 23
Which of the following features typically distinguish web programming from traditional programming that is performed in a compiled language such as C or C++? (6 correct answers)
1. output is typically stored in a file or printed to the console
2. output is typically displayed as a web page
3. input comes from a file or console
4. input comes from forms
5. web programs are typically more computationally efficient than programs written in compiled languages
6. state information is retained no matter how many different client and server side scripts are required to complete the user's interaction
7. state information is lost on the client side if a web page is re-loaded
8. state information is lost on the server side once a script finishes execution
9. client-side scripting languages may be unable to read/write files in order to make programs written in them safe (i.e., trustworthy) for execution in client browsers.
10. web programming languages typically provide better support for general-purposing computing (e.g., the ability to write programs to accomplish arbitrary tasks)
11. error messages may be non-existent or terse in order to thwart hackers from learning how to break into your server.
Which of the following features can Ajax support on a web-page for a news site that could not be supported by javascript or html alone? Assume that the operation needs to be performed without re-generating the entire web-page. (4 correct answers)
1. Update the time when an article was last modified on the server (e.g., some articles might say "last updated at 2:53pm").
2. Provide animations for a story by cycling through a series of images that were downloaded from the server when the page was first loaded.
3. Change the color of a headline when the amount of time that has elapsed since its last update exceeds a certain threshold.
4. Query the server to get updates to the scores of games in progress and update the scores on the web page.
5. Periodically query the server for new or deleted headlines and incrementally add any new headlines and remove any deleted headlines.
6. Allow a user to move to a page that displays a full article by clicking on the article's headline.
7. Boldface all headlines and show the summary for each article in a plain font.
8. Lay out the elements of the site using a table so that they are formatted attractively on the page.
9. Display a login form and allow users to interact with the forms by filling in the user id and password fields.
10. Allow new photos to be periodically downloaded from the server and displayed in the same location.
Fill in the blanks for each of the following questions.
(8 points) For each of the following definitions, select the most appropriate language/protocol/library/database from the following list that matches it:

PhP Pug Javascript MongoDB

JSON Common Gateway Interface (CGI) SQL JQuery

node.js Express css
1. ____________________ A client-side scripting language that handles user interactions with a web page.
2. ____________________ An encoding that allows PhP to transmit a hash table back to the client side so that Javascript can easily re-create the hash table.
3. ____________________ A server-side scripting language that generates dynamic web pages by allowing the user to intermix static html content with "code islands" that generate dynamic html content.
4. ____________________ A standard protocol for encoding and transmitting parameters from the client to the server and for converting the parameters to a usable form in the web program running on the server.
5. ____________________ A means for storing collections of non-structured data for efficient retrieval.
6. ____________________ A template-based library for creating dynamic web pages in node.js.
7. ____________________ A javascript library that makes it easier to search/retrieve objects in the DOM, create animation effects, and generate AJAX requests.
8. ____________________ A runtime environment/library that makes it possible to use javascript as a server-side scripting language.
Javascript questions. The following html markup applies to questions 25-28. <form name="tax" method="POST"> <input id = "amount" type="text" name="amount" maxlength="8"><br> <input id = "taxrate" type="text" name="taxrate" maxlength="4"><br> <input id = "salestax" type="text" name="salestax" maxlength="5"><br> </form>
(2 points) Suppose I want to call a function named calculateTax() whenever a text box pointed to by the variable amount has its string changed to a new value. The function should be passed a reference to the text box as an argument. Which of the following statements will cause calculateTax() to be called (only one statement is correct)?
1. amount.addEventListener("click", function() { calculateTax(this); });
2. amount.addEventListener("change", function() { calculateTax(this); });
3. amount.addEventListener("focus", function() { calculateTax(this); });
4. amount.change = calculateTax(this);
5. amount.change = calculateTax(amount);
6. onchange(amount, function() { calculateTax(this); }
7. onchange(amount, function() { calculateTax(amount); }
(2 points) Suppose as part of the above form I wanted to ask a user to specify the acceptable colors of the item they want to order and that there are 6 possible colors that a user could specify. What type of form element should I use assuming that they can specify multiple colors?
1. radio buttons
2. menu
3. text box
4. check boxes
(4 points) Suppose as part of the CalculateTax function I have already performed the following two tasks:
- computed the sales tax amount and placed it in a variable called salestax_amount.
- retrieved a reference to the sales tax text box and assigned it to a variable named salestax_textbox.
The final thing I want to do is make the color of the text in the sales tax textbox be red if the sales tax amount is more than $50 and black otherwise. Which of the following javascript fragments will do that?
1. ```
if (salestax_amount > 50) 
    salestax_textbox.style.color = 'red'
else
    salestax_textbox.style.color = 'black'
```
2. ```
if (salestax_amount > 50) 
    salestax_textbox.color = 'red'
else
    salestax_textbox.color = 'black'
```
3. ```
if (salestax_amount > 50) 
    salestax_textbox.innerCOLOR = 'red'
else
    salestax_textbox.innerCOLOR = 'black'
```
4. ```
if (salestax_amount > 50) 
    salestax_textbox.setColor('red');
else
    salestax_textbox.setColor('black');
```
(4 points): In the above form, suppose that instead of using a text box for sales tax, I had the following html element:
```
sales tax: <span id="tax">0<span>
```
Which of the following javascript statements will correctly assign the computed sales tax amount to the sales tax element. For this question, do not worry about showing the amount in red if the tax amount is more than $50. All I care about is the statement that alters the content of the html page.
1. #tax.innerHTML = salestax_amount;
2. #tax.text = salestax_amount;
3. document.getElementById('tax').text = salestax_amount;
4. document.getElementById('tax').innerHTML = salestax_amount;
5. document.getElement('#tax').text = salestax_amount;
6. document.getElement('#tax').innerHTML = salestax_amount;
(4 points) Suppose you are given the following html and css specification: <head> <style> p { color: blue; } .intro { text-decoration: underline; color: black; } #intro { color: green; font-weight: bold; } </style> </head> <body> <p class="intro"> The fast, brown fox jumped over <p> the fence and escaped from the dog named <span id="intro">hopeless</span>. </body> What will the rendered output look like in a browser?
1. The fast, brown fox jumped over
  the fence and escaped from the dog named hopeless.
2. The fast, brown fox jumped over
  the fence and escaped from the dog named hopeless.
3. The fast, brown fox jumped over
  the fence and escaped from the dog named hopeless.
4. The fast, brown fox jumped over
  the fence and escaped from the dog named hopeless.
(6 points) For each of the following characteristics of a web page, circle whether that characteristic should be specified using html or css.
1. html css layout of elements on the page (i.e., their positions)
2. html css the images, such as jpegs or gifs, that appear on the page
3. html css organizing content into tables
4. html css specifying the appearance of elements, such as their color, their width, their height, or their margins.
5. html css dividing the content into sections using horizontal rules (horizontal lines) and headings.
6. html css specifying form widgets
(8 points) Write a regular expression to represent each of the following patterns. Just write the pattern and nothing else. For example, if I told you to write a pattern for a date that has the form mm-dd-yy, with month and day being one or two digits and year being exactly two digits, I would expect your answer to read /^\d{1,2}-\d{1,2}-\d{2}$/. The more compact your specification, the more points you will receive.
1. An airline flight code that gives the flight and the from and to airports. An example would be UL3010-TYC-LAX. The flight code should be constructed such that: 1) the first two letters are one of UL, AA, or DL, 2) the flight number is 1-4 digits with the first digit being non-zero (e.g., 0300 is not allowed), 3) a dash, 4) the from airport specified as exactly three uppercase letters, 5) a dash, and 6) the to airport specified as exactly three uppercase letters.
```
    
```
2. A string that specifies a zipcode as containing exactly 5 digits, followed by an optional group that contains a dash followed by 4 digits. For example, 37920 and 37920-2886 are legitimate zip codes.
```
    
```

PhP	Pug	Javascript	MongoDB
JSON	Common Gateway Interface (CGI)	SQL	JQuery
node.js	Express	css