In completing this assignment you MAY use/access the following resources:
You may NOT use/access:
- Resources not expressly listed above, including, but not limited to,
the following ...
- Source code not provided as part of this assignment. (Obviously, this
includes, but is not limited to, source code written by other students
whether current or in the past).
- Code-generating tools (of which ChatGPT is one example).
- Any web sites not directly linked to from the homework assignment.
Failure to abide by these guidelines will result in a zero for the assignment
and the incident will be reported to the university provost as a violation of
the university academic integrity policy. A second incident of academic
dishonesty (whether from this course or another computer science course) will
result in an F in the course.
At the end of this assignment your book selling application should have the following
functionality:
- delete-book.php
- This page will be called if the user clicks the delete
button on a book detail page. This page will not display anything. Instead
it will accept a book id as a parameter and will attempt to delete the
specified book. After successful completion you should redirect to the
home page. You should include code to send the following error conditions
to error.php: (a) cannot connect to database, (b) query parameter
not sent or not valid, (c) delete command fails.
- modifying a book
- This action is trigged if the user clicks the update
button on a book detail page. You will simply link to the add-book.php
page and pass the book's id as a query parameter. Most of the code
in add-book.php will work for the modify action. In places where you
need unique behavior your can use the existence of a query parameter to
determine whether an add or modify was requested.
- adding CSRF protection
- Remember that CSRF attacks only apply to
write actions. Depending on how you approach some things you may need
to convert links to forms with post actions in order to provide the CSRF
token to the page that will do the saving. In my case delete-book.php
needed the token passed in the post array so I made that link a form
action. Since add-page.php had its own form I handled the CSRF
token in the form on that page.
DELETE FROM yourschema.books WHERE book_id=12
To delete the book
whose id is 12.
UPDATE sergeant.books SET title='Greetings', condition=4, price='9.99' WHERE book_id=12
To update the book whose id is 12 to have the specified title, condition, and price.