Upload
sravanti-phanindra
View
215
Download
0
Embed Size (px)
Citation preview
7/31/2019 Cse09 Project Document
1/90
ONLINE TICKET RESERVATION SYSTEM FOR
CINEMA HALLS
A PROJECT REPORT
Submitted by
P.L.SRAVANTI
Regd. No:-0801301043
In the partial fulfillment for the award of the degree
Of
BACHELOR OF TECHNOLOGY
In
COMPUTER SCIENCE ENGINEERING
VIGNAN INSTITUTE OF TECHNOLOGY AND MANAGEMENT
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
BIJU PATNAIK UNIVERSITY OF TECHNOLOGY
May 2012
7/31/2019 Cse09 Project Document
2/90
VIGNAN INSTITUTE OF TECHNOLOGY AND MANAGEMENT
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
CERTIFICATE
This is to certify that the project report ONLINE TICKET RESERVATION
SYSTEMFOR CINEMA HALLSbeing submitted by P.L.SRAVANTI , in
the partial fulfillment of requirement for the award of degree of BACHELOR
OF TECHNOLOGY in CSE is a bonafide work carried out under my/our
supervision.
External Examiner
Mrs. RAJALAXMI PRADHAN Mr. AJAY KUMAR SAHU
HOD INTERNAL GUIDE
Department of CSE & IT LecturerVignan Institute of Technology and Management Department of CSE & IT
Near Bhairabi,Brahmapur
7/31/2019 Cse09 Project Document
3/90
VIGNAN INSTITUTE OF TECHNOLOGY AND MANAGEMENT
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
CERTIFICATE
This is to certify that P.L.SRAVANTI has successfully developed a project on
ONLINE TICKET RESERVATION SYSTEM FORCINEMA HALLS under
our guidance.Her skill set, knowledge on software and sincere effort has
contributed towards successful completion of the project.
Mrs. RAJALAXMI PRADHAN EXTERNAL SUPERVISOR
HODDepartment of CSE & IT
Vignan Institute of Technology and ManagementNear Bhairabi,Brahmapur
7/31/2019 Cse09 Project Document
4/90
VIGNAN INSTITUTE OF TECHNOLOGY AND MANAGEMENT
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
CERTIFICATE
I hereby declare that the matter embodied in this report is originaland has not
been submitted for the award of any other degree.
P.L.SRAVANTI
Department of CSE
7/31/2019 Cse09 Project Document
5/90
Acknowledgement
I take this opportunity with much pleasure to thank all the people who have
helped me through the course of my journey towards producing this thesis. Isincerely thank my thesis guide, Mr. Ajay Kumar Sahu, for his guidance, help
and motivation. Apart from the subjects of my research, I learnt a lot from him,
which I am sure will be helpful in different stages of my life. I would like to
express my gratitude to my Project Coordinator Mr. Kailash Chandra Mishra for
his review and many helpful comments.
I am especially grateful to my collegues for their assistance, criticisms and
useful insights. I am thankful to all the other students of VIGNAN INSTITUTE
OF TECHNOLOGY AND MANAGEMENT with whom I share tons of fun-
filled memories. I would like to acknowledge the support and encouragement of
my friends. My sincere gratitude also goes to all those whoinstructed and taught
me through the years.
Finally, this thesis would not have been possible without the confidence,
endurance and supportof my family. My family has always been a source of
inspiration and encouragement. I wish to thank my parents, whose love,
teachings and support have brought me this far.
Name of the Student
7/31/2019 Cse09 Project Document
6/90
List of Figures
Serialno. Figures Page No.
1. Data Dictionary
(i) Booking_info 48
(ii) Movies 48
(iii) States 48
(iv) States_city 49
(v) Theatres 49
(vi) Users 49
2. Usecase Diagrams
(i) Level 1 50
(ii) Level 2 50
(iii) Level 3 51
3. Data Flow Diagrams
(i) Context Level Diagram 55
(ii) Level 1 DFD 56
(iii) Level 2 DFD 57
4. ER Diagram 58
5. Output Screens 61-63
7/31/2019 Cse09 Project Document
7/90
Table of Contents
Chapter
No.
Topics Page No.
1 Introduction to the project 1-2
2 Software Development Life Cycle 3-4
3 System Analysis Introduction 5-7
4 Initial Study 8
5 Requirement and Feasibility analysis 9-12
6 Software requirement specification 13-14
7 PHP Language 15-16
8 Session management using PHP 17-18
9 Session management over web 19
10 PHP session management 20-21
11 Ajax Framework 22-25
12 jQuery 26-29
13 Database connectivity using PHP & PDO 30-45
14 Structured Query Language 46-47
15 Database Tables 48-49
7/31/2019 Cse09 Project Document
8/90
16 UsecaseDiagrams 50-51
17 Data Flow Diagrams 52-57
18 ER Diagram 58
19 Online Cinema Ticket Booking Description 59-60
20 Screenshots 61-63
21 Coding 64-76
22 Testing 77-79
23 Conclusion 80
References 81
7/31/2019 Cse09 Project Document
9/90
7/31/2019 Cse09 Project Document
10/90
1
1.Introduction to the ProjectThis project is aimed at developing an online ticket reservation system for Cinema Halls. The
Ticket Reservation System is an Internet based application that can be accesses throughout the
Net and can be accessed by anyone who has a net connection. This application will automate thereservation of tickets and Enquiries about availability of the tickets. This application includes
email confirmation for the tickets.
The users interested for booking tickets can perform following operations:
Register with the web site. Request for ticket Book Ticket Check status of the ticket.
The administrator can perform following operations:
Login to the web site. Create movies database. Update movies database. View request of the user then approve them.
System:
Modules:
User Admin
User Options
RegisterThis option allows candidates to register with the web.
Request
Using request option users can send a request to the system to book for ticket.
BookThe user can book the requested ticket
7/31/2019 Cse09 Project Document
11/90
2
Administrative Options
LoginThe admin can login to the website.
Add moviesIt can add movies to the movies database
View requestUsing this option administrator can view the request posed by the user and grant them.
UpdateUsing this option administrator can add/edit/delete options in the movies database.
7/31/2019 Cse09 Project Document
12/90
3
2. SOFTWARE DEVELOPMENT LIFE CYCLE2.1 FEASIBILILTY ANALYSIS
Feasibility study is done so that an ill-conceived system is recognized early indefinition phase.
During system engineering, however, we concentrate ourattention on four primary areas of
interest. This phase is really important asbefore starting with the real work of building the system
it was very importantto find out whether the idea thought is possible or not.
Economic Feasibility: An evaluation of development cost weighted againstthe ultimate income
or benefit derived from the developed system.
Technical Feasibility: A study of function, performance and constraints thatmay affect the
ability to achieve an acceptable system.
Operational Feasibility: A study about the operational aspects of the system.
2.2 ECONOMIC ANALYSIS
Among the most important information contained in feasibility study is CostBenefit Analysis and
assessment of the economic justification for a computerbased system project. Cost Benefit
Analysis delineates costs for the projectdevelopment and weighs them against tangible and
intangible benefits of asystem. Cost Benefits Analysis is complicated by the criteria that vary
withthe characteristics of the system to be developed, the relative size of theproject and the
expected return on investment desired as part of companys strategic plan. In addition, many
benefits derived from a computer-basedsystem are intangible (e.g. better design quality through
iterativeoptimization, increased customer satisfaction through programmable controletc.)As this
is an in-house project for the company, to be used for its ownconvenience and also it is not that
big a project. So neither it requires a hugeamount of money nor any costly tools or infrastructure
need to be set up forit.
7/31/2019 Cse09 Project Document
13/90
4
2.3 TECHNICAL ANALYSIS
During technical analysis, the technical merits of the system are studied andat the same time
collecting additional information about performance,reliability, maintainability and
predictability.Technical analysis begins with an assessment of the technical viability of
theproposed system.
What technologies are required to accomplished system function andperformance?
What new materials, methods, algorithms or processes are required andwhat is their development
risk?
How will these obtained from technical analysis form the basis for anothergo/no-go decision on
the test system? If the technical risk is severe, if models indicate that the desired function can not
be achieved, if thepieces just wont fit together smoothly-its back to the drawing board.
As the software is vary much economically feasible, then it is really importantfor it to be
technically sound. The software will be build among:
MS SQL SERVER as Back End
ASP.NET as Front End
2.4 OPERATIONAL FEASIBILITY
The project is operationally feasible. This project is being made for theconvenience of the
patients and doctors only. This system will greatly reduce a huge burden of doctors. So because
of the above stated advantages theusers of the system will not be reluctant at all.
7/31/2019 Cse09 Project Document
14/90
5
3. SYSTEM ANALYSIS INTRODUCTION:System analysis is the process of studying the business processors andprocedures, generally
referred to as business systems, to see how they canoperate and whether improvement is
needed.This may involve examining data movement and storage, machines andtechnology used
in the system, programs that control the machines, peopleproviding inputs, doing the processing
and receiving the outputs.
3.1 INVESTIGATION PHASE
The investigation phase is also known as the fact-finding stage or the analysis of the current
system. This is a detailed study conducted with the purpose of wanting to fully understand the
existing system and to identify the basicinformation requirements. Various techniques may beused in fact-finding and allfact obtained must be recorded.A thorough investigation was done in
every effected aspect when determiningwhether the purposed system is feasible enough to be
implemented.
3.1.1 INVESTIGATION
As it was essential for us to find out more about the present system, weused the following
methods to gather the information: -
1. Observation: - Necessary to see the way the system works first hand.2. Document sampling: - These are all the documents that are used in thesystem. They are
necessary to check all the datathat enters and leaves the system.
Questionnaires: - These were conducted to get views of the otheremployees who are
currently employed in the system.
7/31/2019 Cse09 Project Document
15/90
6
3.1.2 ANALYSIS OF THE INVESTIGATION
STRENGTHS OF THE SYSTEM
1. No complex equipment: - The equipment that is used is very simple and nospecial
skills have to be mastered to be able to operatethe system. Therefore no training is
required for theemployees.
2. Low cost: - There is little money spent in maintaining the presentsystem other than
buying the necessary officeequipment and the ledgers.
3.2 CONSTRAINTS AND LIMITATIONS
The constraints and limitation within a system are the drawbacks that occurduring the
implementation of the system. These limitations and constraints cancrop up in almost
every system; the most important fact is to find a way toovercome these
problems.Software design is the first of three technical activities design,
codegeneration, and test that are required to build and verify the software.
Each activity transforms information in manner that ultimately results invalidated
computer software.The design task produces a data design, an architectural design,
aninterface design and component design.The design of an information system produces
the details that clearlydescribe how a system will meet the requirements identified
duringsystem analysis. The system design process is not a step by stepadherence of clear
procedures and guidelines. When I started working onsystem design, I face different
types of problems; many of these are due to constraints imposed by the user or limitations
of hardware and software available. Some times it was quite difficult to enumerate that
complexityof the problems and solutions thereof since the variety of likely problemsis so
great and no solutions are exactly similar however the followingconsideration I kept in
mind during design phased.
7/31/2019 Cse09 Project Document
16/90
7
DESIGN OBJECTIVES:-
The primary objective of the design is to deliver the requirements asspecified in the
feasibility report. These are the some of the objectives, which I kept in mind.
Practicality: The system is quite stable and can be operatedby the people with average
intelligence.
Efficiency: I tried to involve accuracy, timeliness andcomprehensiveness of the system
output.
Cost: It is desirable to aim for the system with a minimum cost subject to the condition
that it must satisfy the entire requirement.
Flexibility: I have tried that the system should be modifiabledepending on the changing
needs of the user. Such modifications shouldentail extensive reconstructing or recreation
of software. It should also beportable to different computer systems.
Security: This is very important aspect which I followed in thisdesigning phase and tried
to covers the areas of hardware reliability,fallback procedures, and physical security of
data.
7/31/2019 Cse09 Project Document
17/90
8
4. INITIAL STUDYINTRODUCTION:
The first step in the Software Development Life Cycle (SDLC) is thepreliminary
investigation to determine the feasibility of the system. Thepurpose of the preliminary
investigation is to evaluate project requests. Itis not a design study nor does it include the
collection of details todescribe the business system in all aspect. Rather it is the collection
of theinformation that helps committee members to evaluate the merits of theproject
request and make an informed judgment about the feasibility of the proposed project.The
preliminary investigation should accomplish the following objectives.
Clarify and understand the project request. Determine the size of the project. Assess costs and benefits of alternative approaches. Determine the technical and operational feasibility of alternative approaches. Report the findings to management; with recommendations outlining the
acceptance or rejection of the proposal.
7/31/2019 Cse09 Project Document
18/90
9
5. REQUIREMENT AND FEASIBILTY ANALYSISINTRODUCTION:
What Is A Feasibility Study?Prior to stating whether the system we have to develop is
feasible or not webelieve that we should emphasize on what is implied by the word
Feasibility.Feasibility is the measure of how beneficial or practical the development of
thesystem will be to the organization. It is a preliminary survey for the
systemsinvestigation. It aims to provide information to facilitate a later in-
depthinvestigation.The report produced at the end of the feasibility study contains
suggestions andreasoned arguments to help management decide whether to commit
furtherresources to the proposed project.Within the scheduled duration we were assigned
to study both the positive andnegative aspects of the current manual system, in which we
have come up witha number of drawbacks that prevent the progress of the clinic if it is
continued tofunction manually.Having gone through all measures of feasibility we report
to the management tofigure out if the objectives of the new system are met.
For e.g. - Is the system within the budget allowed for it?
-Will the organizations needs, be met by the new proposed system asOriginally
envisaged?
If and when the objectives of the system are met and the new system isapproved, then the
more specific details in the proposal should be consideredand approved.
TYPES OF FEASIBILITY:
There are various measures of feasibility that helps to decide whether aparticular project
is feasible or not. These measures include-
Operational Feasibility
Technical Feasibility
Economical and Financial Feasibility
Each of these types will be explained in detail throughout the project report.
7/31/2019 Cse09 Project Document
19/90
10
OPERATIONAL FEASIBILITY
A proposed system is beneficial only if it can be turned into an informationsystem that
will meet the operational requirements of an organization. A systemoften fails if it does
not fit within existing operations and if users resist thechange.Important issues a systemsdeveloper must look into are:
Will the new system be used if implemented in anorganization?
Are there major barriers to implementation or is proposedsystem accepted without
destructive resistance?
The whole purpose of computerizing the Placement System is to handle the work much
more accurately and efficiently with less time consumption. There will be additional
work to be completed, because now the students and the companiescan update their
resumes and profiles online. Their database is maintained separately.
Compared to the semi-computerized system the chances of avoiding errors in
acomputerized system is much higher because the user need not stress himself
unnecessarily resulting in recklessness. Unlike the semi-computerized systemthere would
be backup data for all the information concerning the dailytransactions occurred within
the organization
.
If we are considering the performance and response time for each task, it is verymuch
faster since there is less paper work to be completed. When entering datainto the system
to relieve the user from additional work and typing incorrectdata, the system provides
options such as combo boxes, check boxes, optionbuttons and etc. if the users type in
incorrect data they would be informedimmediately about the error by the error detection
control.
Another important fact to be regarded is the security control, which is handled bythe
system. Since data regarding each student and the company is confidential,security is a
key issue. Information falling into the wrong hands could jeopardizethe entire
organization. Unlike in semi-computerized systems the proposedsystem offers adequate
7/31/2019 Cse09 Project Document
20/90
7/31/2019 Cse09 Project Document
21/90
12
SYSTEM SECURITY
System security is a vital aspect when it comes to developing a system.The system
should ensure the facility of preventing unauthorized personnel from accessing the
information and the data within the system.The system should provide total protection foreach users information sothat the integrity of data is sustained and also prevent hackers
fromhacking the system.
The proposed system ensures the security and the integrity of data. This is doneby
providing a password login system for each authorized users. And for examplethe System
Administrator has access to all kinds of information. By providing this facility
information is properly managed and information isprotected. For example the system
administrators day to day tasks are lessenedand easier because he doesnt have to have a
constant eye on the system andworry about hackers hacking the system.
ECONOMIC AND FINACIAL FEASIBILITY
In making recommendations a study of the economics of the proposedsystem should be
made. The proposed system must be justifiable in termsof cost and benefit, to ensure that
the investment in a new/changedsystem provide a reasonable return.
Cost-benefit analysis of information is complicated by the fact that many of thesystems
cost elements are poorly defined and that benefit can often be highlyqualitative and
subjective in nature.In our proposed system various costs are evaluated. Even though
finding out thecosts of the proposed project is difficult we and assume and estimate the
costsand benefits as follows:
According to the computerized system we propose, the costs can be brokendown to two
categories.
1. Costs associated with the development of the system2. .2. Costs associated with operating the system.
7/31/2019 Cse09 Project Document
22/90
13
6. Software Requirement SpecificationThe software requirement specification is produced at the culmination of the analysis
task. The function and performance allocated to software aspart of system engineering
are refined by establishing a completeinformation description, a detailed functional
description, a representationof system behavior, an indication of performance
requirement and designconstraints appropriate validation criteria, and other information
pertinentto requirement.The introduction to software requirements specification states the
goalsand objectives of the software, describing it in the context of the computerbased
system.The Information Description provides a detailed description of the problemthat
the software must solve. Information content, flow and structure aredocumented.A
description of each function required to solve the problem is presentedin the Functional
Description.
Validation Criteria is probably the most important and ironically the mostoften neglected
section of the software requirement specification.Software requirement specification can
be used for different purpose. Hereare the major uses.not clearly understood by the
developer. If this is the case, a carefulanalysisinvolving much interaction with the user
should be devoted toreaching a clear statement of requirements, in order to avoid
possiblemisunderstandings.Sometimes, at the beginning of a project, even the user has no
clear ideaof what exactly the desired product is. Think for instance of userinterface , a
user with no previous experience with computer productsmay not appreciate the
difference between , say menu driven interactionand a command line interface. Even an
exact formation of system functions and performance may be missing an initial
description produced by an inexperienced user.
7/31/2019 Cse09 Project Document
23/90
14
A statement of the requirements for the implementation:
Specifications are also used as a reference point during productimplementation. In fact, theultimate goal of the implementation is to builda product that needs specification. Thus the
implementers usespecifications during design to make design decisions and during
theverification activity to check that the implementation compiles with specifications.
7/31/2019 Cse09 Project Document
24/90
15
7. PHP LANGUAGE:PHP is a programming language for building dynamic, interactive Web sites. As a general rule,
PHP programs run on a Web server, and serve Web pages to visitors on request. One of the key
features of PHP is that you can embed PHP code within HTML Web pages, making it very easyfor you to create dynamic content quickly. What exactly does the phrase dynamic, interactive
Web sites mean? A dynamic Web page is a page whose contents can change automatically each
time the page is viewed. Contrast this with a static Web page, such as a simple HTML file,
which looks the same each time its displayed (at least until the page is next edited). Meanwhile,
an interactive Web site is a site that responds to input from its visitors. A Web forum is a good
exampleusers can post new messages to the forum, which are then displayed on the site for
all to see. Another simple example is a contact us form.where visitors interact with the page by
filling out and sending a form, which is then emailed to the Webmaster.
PHP stands for PHP: Hypertext Preprocessor, which gives you a good idea of its core purpose: to
process information and produce hypertext (HTML) as a result. (Developers love recursive
acronyms, and PHP: Hypertext Preprocessor is a good example of one.)
PHP is a server - side scripting language , which means that PHP scripts, or programs, usually
run on a Webserver. (A good example of a client - side scripting language is JavaScript, which
commonly runs within a Web browser.) Furthermore, PHP is an interpreted language a PHP
script is processed by the PHP engine each time its run.
The process of running a PHP script on a Web server looks like this:
1. A visitor requests a Web page by clicking a link, or typing the page s URL into the browser
s address bar. The visitor might also send data to the Web server at the same time, either using a
form embedded in a Web page, or via AJAX (Asynchronous JavaScript And XML).
2. The Web server recognizes that the requested URL is a PHP script, and instructs the PHP
engine to process and run the script.
3. The script runs, and when its finished it usually sends an HTML page to the Web browser,
which the visitor then sees on their screen.The interesting stuff happens when a PHP script runs.
Because PHP is so flexible, a PHP script can carry out any number of interesting tasks, such as:
Reading and processing the contents of a Web form sent by the visitor Reading, writing, and creating files on the Web server
7/31/2019 Cse09 Project Document
25/90
16
Working with data in a database stored on the Web server Grabbing and processing data from other Web sites and feeds Generating dynamic graphics, such as charts and manipulated photos And finally, once its finished processing, it can send a customized HTML Web page
back to the visitor.
Why Use PHP ?
One of the best things about PHP is the large number of Internet service providers (ISPs) and
Web hosting companies that support it. Today hundreds of thousands of developers are using
PHP, and its not surprising that there are so many, considering that several million sites are
reported to have PHPinstalled.
Another great feature of PHP is that it s cross - platform you can run PHP programs on
Windows, Linux, FreeBSD, Mac OS X, and Solaris, among others. What s more, the PHP
engine can integrate with all common Web servers, including Apache, Internet Information
Server (IIS), Zeus, and lighttpd. This means that you can develop and test your PHP Web site on
one setup, then deploy it on a different type of system without having to change much of your
code. Furthermore, its easy to move your PHP Website onto another server platform, if you ever
need to.
7/31/2019 Cse09 Project Document
26/90
17
8.SESSION MANAGEMENTCookies
Cookies are often used to store application state in a web browser. As with data sent with the
GET or POST methods, cookies are sent with HTTP requests made by a browser. A cookie is anamed piece of information that is stored in a web browser. A browser can create a cookie using
JavaScript, but a cookie is usually sent from the web server to the client in the Set-Cookie header
field as part of an HTTP response.
A cookie can have a date and time at which it expires. The browser includes the cookie in
requests up until that date and time. If no expiry date is given, the cookie is remembered only
while the browser is running. Cookies that are kept only while the browser is running are known
as session cookies.
A domain limits the sites to which a browser can send the cookie. If no domain is set, the
browser includes the cookie only in requests sent to the server that set the cookie.
Browsers don't include the cookie in requests for resources that aren't in the specified path. This
is useful if only part of a web site requires that a cookie be sent. For example, if the path is set to
/admin, requests for resources in that path, such as http://localhost/admin/home.php include the
cookie, while requests for resources in other paths, such as http://localhost/winestore/home.php,
do not.
A cookie can also be marked as secure, instructing the browser to send the cookie only when
using a secure connection through the Secure Sockets Layer protocol. This prevents sensitive
data stored in a cookie from being transmitted in an insecure form.
Cookies can be included in an HTTP response using the header( ) function; however, the
developer needs to know how to encode the cookie name, value, and the other parameters
described earlier in the Set-Cookie header field. To simplify cookie creation, PHP provides the
setcookie( ) function that generates a correct header field.
When an HTTP request that contains cookies is processed, PHP makes the values of the cookies
available to the script in the global associative array $HTTP_COOKIE_VARS. If
register_globals is enabled, a variable with the name of the cookie is also initialized by PHP; the
register_globals feature in the php.ini file is discussed in Chapter 5.Example 8-1 tests to see if
the variable $count has been set from a cookie, and either sets the value to 0 or increments
7/31/2019 Cse09 Project Document
27/90
18
$count accordingly. The script also creates a cookie named start, with the value set to the current
time, when the $count is set to 0. The cookie start is set only at the beginning of this stateful
interaction.
Cookies can be used for simple applications that don't require complex data to be kept between
requests. However, there is a limit on the number and size of cookies that can be set: a browser
can keep only the last 20 cookies sent from a particular domain, and the values that a cookie can
hold are limited to 4 KB in size. Also, there are arguments about both the privacy and the
security of applications that use cookies, and users often disable cookie support in their browsers.
7/31/2019 Cse09 Project Document
28/90
19
9. SESSION MANAGEMENT OVER WEBStoring the state in the web server--the middle tier--can solve the problem of increased request
size and protect the state of an application from accidental or intentional changes a user might
make.
A session is a way to identify and manage the state--the session variables--for a particular user.
When a user sends an HTTP request, the middle tier must process the current request in the
context of the user's session. When a session is started, the client is given a session identifier--
often a cookie--that is included with subsequent requests to the server. The server uses the
session identifier to locate the corresponding session before processing the request.
Rather than storing all the variables needed to maintain state and include them with each request,
the browser stores a single session identifier that finds and initializes the variables stored on the
server. The session identifier is like the ticket given at a cloak room. The ticket is much easier to
carry around and ensures that the holder gets her own hat and coat.
One implication of storing session variables in the middle tier is that data needs to be stored for
each session. The question is, for how long? Because HTTP is stateless, there is no way to know
when a user has finished with a session. Ideally, the user logs out of an application, and thelogout script ends the session. However, because a server can never be sure if a user is still there,
the server needs to clean up old sessions that have not been used for a period of time. This last
point is important, because sessions consume resources on the server, and dormant sessions may
present a security risk.
In summary, there are three characteristics session management over the Web must exhibit:
1. Information or state must be stored. For example, a selected bottle of wine in a shopping cart,
a customer name, or a credit card number must be maintained across multiple HTTP requests.
2. Each HTTP request must carry an identifier that allows the server to process the request in the
context of the stored state. For example, when an order is submitted, it must be processed with
the correct items and customer details.
3. Sessions need to have a timeout. Otherwise, if a user leaves the web site, there is no way the
server can tell when the session should end.
7/31/2019 Cse09 Project Document
29/90
20
10. PHP Session Management
With the release of PHP4, session management was introduced as an extension to the PHP
language. PHP provides several session-related functions, and developing applications that use
PHP sessions is straightforward. The three important features of session management are mostly
taken care of by the PHP scripting engine.
Starting a Session
PHP provides a session_start( ) function that creates a new session and subsequently identifies
and establishes an existing one. Either way, a call to the session_start( ) function initializes a
session.
The first time a PHP script calls session_start( ), a session identifier is generated, and, by default,
a Set-Cookie header field is included in the response. The response sets up a session cookie in
the browser with the name PHPSESSID and the value of the session identifier. The PHP session
management automatically includes the cookie without the need to call to the setcookie( ) or
header( ) functions.
The session identifier (ID) is a random string of 32 hexadecimal digits, such as
fcc17f071bca9bf7f85ca281094390b4. As with other cookies, the value of the session ID is madeavailable to PHP scripts in the $HTTP_COOKIE_VARS associative array and in the
$PHPSESSID variable.
When a new session is started, PHP creates a session file. With the default configuration, session
files are written in the /tmp directory using the session identifier, prefixed with sess_, for the
filename.
If a call is made to session_start( ), and the request contains the PHPSESSID cookie, PHP
attempts to find the session file and initialize the associated session variables as discussed in the
next section. However, if the identified session file can't be found, session_start( ) creates an
empty session file.
7/31/2019 Cse09 Project Document
30/90
21
Using Session Variables
Variables need to be registered with the session_register( ) function that's used in a session. If a
session has not been initialized, the session_register( ) function calls session_start( ) to open the
session file. Variables can be registered--added to the session file--with the session_register( ) .
Once registered, session variables are made persistent and are available to scripts that initialize
the session. PHP tracks the values of session variables and saves their values to the session file;
there is no need to explicitly save a session variable before a script ends.
Variables can be removed from a session with the session_unregister( ) function call; again, the
name of the variable is passed as the argument, not the variable itself. A variable that is
unregistered is no longer available to other scripts that initialize the session. However, the
variable is still available to the rest of the script immediately after the session_unregister( )
function call.
Scripts that initialize a session have access to the session variables through the associative array
$HTTP_SESSION_VARS, and PHP automatically initializes the named session variables if
register_globals is enabled.
Session variables can be of the type Boolean, integer, double, string, object, or arrays of those
variable types. Care must be taken when using object session variables, because PHP needs
access to the class definitions of registered objects when initializing an existing session. If
objects are to be stored as session variables, you should include class definitions for those objects
in all scripts that initialize sessions, whether the scripts use the class or not.
PHP stores session variables in the session file by serializing the values. The serialized
representation of a variable includes the name, the type, and the value as a stream of characters
suitable for writing to a file.
7/31/2019 Cse09 Project Document
31/90
22
11.Ajax FrameworkAn Ajax framework is a framework that helps to develop web applications that use Ajax, a
collection of technologies used to build dynamic web pages on the client side. Data is read from
the server or sent to the server by JavaScript requests. However, some processing at the server
side may be required to handle requests, such as finding and storing the data. This is
accomplished more easily with the use of a framework dedicated to process Ajax requests. The
goal of the framework is to provide the Ajax engine and associated server and client-side
functions.
This Ajax engine is intended to suppress the delays perceived by the user when a page attempts
to access the server. A framework eases the work of the Ajax programmer at two levels: on theclient side, it offers JavaScript functions to send requests to the server. On the server side, it
processes the requests, searches for the data, and transmits them to the browser. Some
frameworks are very elaborate and provide a complete library to build web applications.
Types of frameworks
Ajax frameworks can be loosely grouped into categories according to the features they offer and
the skills required of the user:
Direct Ajax frameworks
These frameworks require HTML, CSS and Ajax expertise: a developer is expected to author
pages directly in HTML, and framework APIs deal directly with HTML elements. Cross-browser
APIs are provided for a variety of purposes, commonly including communications, DOM
manipulation, event handling, and sizing/moving/animating HTML elements.
These frameworks are generally smaller. They are commonly used for a web site such as a
shopping experience, but not for a web application such as web-based email, at least not without
further frameworks layered on top.
7/31/2019 Cse09 Project Document
32/90
23
Indirect Ajax frameworks
These frameworks are based on compiler technology, where, instead of writing direct Ajax and
Javascript, a high-level language is used instead, along with a compiler that turns the high-level
language into Javascript. Indirect frameworks therefore require knowledge of the high-level
language, CSS and HTML, and do not necessarily require a great deal of Ajax or Javascript
expertise. The Indirect frameworks are typically accompanied by convenient libraries, modules
and classes (written in the high-level language) that take care of communications, DOM
manipulation including HTML element manipulation, and event handling.
The advantages of Indirect Ajax frameworks - compilation to Javascript - are:
The developer can effectively create their own Ajax framework using programmingconcepts and techniques appropriate to the high-level language (e.g. modules and classes)
which are simply not present in the Javascript language.
the to-javascript compiler can enforce strong type-checking and definition rules thatstandalone javascript does not
A developer can program the web front-end in the same programming language as thatwhich the server-side code is written in.
The high-level web widget sets of the Indirect Ajax frameworks have far more incommon with Desktop widgets than they do with "traditional" web development.
The framework, through the compiler, can create code that takes care of browserincompatibilities at run-time, and thus can present a common browser-independent API
to the developer.
Indirect Ajax frameworks have distinct and significant advantages:
Compared to Ajax component frameworks, the developer can use the available base classwidgets to create their own widgets, in the high-level language with which they are
familiar, instead of trying to get to grips with javascript.
The developer is therefore neither burdened by the bloat of Ajax component frameworksnor bound by their rigidity.
7/31/2019 Cse09 Project Document
33/90
24
The developer has both the advantages of the Ajax component frameworks, and theirassociated widgets, as well as the advantages of the freedom of Direct Ajax frameworks.
Indirect Ajax frameworks can be used to even greater effect in combination with aServer-driven framework (typically using JSONRPC or XMLRPC).
Interestingly, Python and Ruby are a good match for compilation to Javascript, and a far better
match than Java, because Java (and Java Virtual Machines) lack some of the run-time dynamic
capabilities of Javascript, Python and Ruby. Fortunately for Java (and for GWT), it's Java that is
less dynamically capable than Javascript. The "class" capability of these high-level languages
can be emulated using Javascript "prototype".
Ajax component frameworks
These frameworks offer pre-built components, such as tabbed panes, which automatically create
and manage their own HTML. Components are generally created via JavaScript or XML tags, or
by adding special attributes to normal HTML elements. These frameworks are generally larger,
and intended for web applications rather than web sites.
Some component frameworks require the developer to have extensive HTML/CSS/Ajax
experience and to do cross-browser testing. For example, grids, tabs, and buttons may be
provided, but user input forms are expected to be authored directly in HTML/CSS and
manipulated via Ajax techniques. Other frameworks provide a complete component suite such
that only general XML and/or JavaScript abilities are required.
Ajax component frameworks can enable more rapid development than direct Ajax frameworks,
but with less control, hence it is key that an Ajax component framework provides the following:
customization APIs, e.g., an event that fires when the user stops editing within a grid skinning facilities, where appearance can be changed without affecting behavior or layout programmatic control, e.g., dynamically adding tabs or dynamically creating components
based on user data
extensibilitycreation of new components based on other components, so that thebenefits of a component-based framework are not lost
7/31/2019 Cse09 Project Document
34/90
25
Server-driven Ajax frameworks
Several frameworks offer a server-side component-based development model with some degree
of Ajax support.
Components are created and manipulated on the server using a server-side programming
language. Pages are then rendered by a combination of server-side and client-side HTML
generation and manipulation. User actions are communicated to the server via Ajax techniques,
server-side code manipulates a server-side component model, and changes to the server
component model are reflected on the client automatically.
These frameworks offer familiarity and efficiency for server-side developers at the possible
expense of power and performance. Ajax frameworks that handle presentation completely within
the browser may offer greater responsiveness if they handle more user interactions without
server involvement. In a server-driven model, some UI interactions can react slowly, for example
when an input field is dynamically enabled based on server-requests. Furthermore, server-
dependent Ajax frameworks cannot offer offline support. The approach is still popular for
situations where the benefits of a full Ajax architecture can't be captured or where server
interaction is needed anyway.
Extending a framework may require the developer to understand which parts of the presentation
are handled on the client vs on the server, and to code in JavaScript/Ajax as well as server-side
code (an issue which can be overcome through the use of an Indirect Ajax framework, by
choosing an Indirect Ajax framework with a compiler that accepts the same language as the
server-side code).
7/31/2019 Cse09 Project Document
35/90
26
12.jQueryjQuery is great library for developing ajax based application. jQuery is great library for the
JavaScript programmers, which simplifies the development of web 2.0 applications. You can use
jQuery to develop cool web 2.0 applications. jQuery helps the programmers to keep code simple
and concise. The jQuery library is designed to keep the things very simple and reusable.
jQuery library simplifies the process of traversal of HTML DOM tree. You can use jQuery to
handle events, perform animation, and add the ajax support into your web applications with ease.
Why jQuery?
You can use simple JavaScript to perform all the functions that jQuery provides. Then whyjQuery? The jQuery library is providing many easy to use functions and methods to make rich
applications. These functions are very easy to learn and even a designer can learn it fast. Due to
these features jQuery is very popular and in high demand among the developers. You can use
jQuery in all the web based applications irrespective of the technology.
jQuery is java script and can be used with JSP, Servlets, ASP, PHP, CGI and almost all the web
programming languages.
The jQuery code is very simple and easy to learn.
Features of jQuery
Query have lot of functionalities but some of the key features are given below :
Selection of DOM elements :
The jQuery selector provide us capability to select DOM elements so that we can add
functionality to them using methods of jQuery. It is using CSS 3.0 syntax which provide us
freedom to select one or more elements. Using CSS , you can select element by id, class and
collaborate with events to increase it's functionality.
7/31/2019 Cse09 Project Document
36/90
27
The wrapped set
The selected elements reside inside a object known as wrapped set. It contain all the selected
DOM elements, it has array like structure. You can traverse through this like an array and can
select elements using index.
Events
jQuery provide simplified event handling, You can easily bind and unbind events and for
supported browsers it also provide a normalized event model due to this it is very easy to handle
events.When any event occurs , it is called under the context of the event that triggered it.
Extensibility through plug-ins
The jQuery architecture provide us freedom to extend functionality using plug-ins . The plug-ins
are easy to use and easy to clip with your page. You just need to set parameters to use these
jQuery plug-ins and also need to include plug-in file. Some the main jQuery plug-ins are :
1. XML and XSLT tools
2. Cookie handling
3. Datagrids
4. Drag and drop events.
5. odal windows
6. Dynamic lists
7. Webservices
8. Ajax helpers
9. Even a jQuery-based Commodore 64 emulator.
Cross-browser support
In JavaScript, the DOM implementations for event handling vary considerably between
browsers. Where as jQuery providing a normalized event model for all supported browsers that
makes it very easy to handle events.
7/31/2019 Cse09 Project Document
37/90
28
Ajax support
AJAX stands for Asynchronous JavaScript and XML . Using AJAX we can connect to database
and also can fetch the data from the server's database without refreshing the page. JQuery have
very effective AJAX methods library to extend the functionality of AJAX.
Compatibility with languages
The jQuery script can be used with nearly all the web languages. Some of Frequently used
languages with jQuery are given below:
1. PHP
2. JSP
3. ASP
4. Servlet
5. CGI
HOW TO USE jQuery
The jQuery library helps the developer to develop rich internet applications. This is one of the
most used framework on the web. Its easy to learn and use language. Here is the highlights of
jQuery:
jQuery is a JavaScript based Library that runs in browser. Its is client side ajaxframework.
jQuery simplifies the development of ajax based application using JavaScriptprogramming language.
jQuery is easy to learn and use language. Programmer's can learn it easily. Lot's of support. There are many examples and tutorials available on internt.
The jQuery is designed to do more work in less coding. It's very easy to work with jQuery. It
support all the serverside web application development technologies. You can use JSP,Servlets,
Struts, Spring MVC, ASP, .NET, CGI, PHP, Perl etc. as server-side language and user jQuery to
dynamically fetch data from the server.
So, jQuey is very useful tool. Let's see how it works and we can use it in programming.
7/31/2019 Cse09 Project Document
38/90
29
Traditionally developer's are using Window.onload() function to initiate some action on page
load. There is one drawback with this function. It does not fires until all the images including the
advertisement banner are loaded. So, window.onload() can be painfully slow. The jQuery
provides the solution for this problem. The $(document).ready(function(){}) solves the issue. It
is fired once the Document Object Model is ready. So, you can use this to run any type of
JavaScript to suite your business needs.
7/31/2019 Cse09 Project Document
39/90
30
13.Database Connectivity Using PHP and PDO
PHP makes it easy to write scripts that access databases, enabling you to create dynamic web
pages that incorporate database content. PHP includes several specialized database-accessinterfaces that take the form of separate sets of functions for each database system. There is one
set for MySQL, another for Inter-Base, another for PostgreSQL, and so forth. However, having a
different set of functions for each database makes PHP scripts non-portable at the lexical (source
code) level. For example, the function for issuing an SQL statement is named mysql_query(),
ibase_query(), or pg_exec(), depending on whether you are using MySQL, InterBase, or
PostgreSQL.
In PHP 5 and up, we can avoid this problem by using the PHP Data Objects (PDO) extension.
PDO supports database access in an engine-independent manner based on a two-level
architecture:
The top level provides an interface that consists of a set of classes and methods that is the same
for all database engines supported by PDO. The interface hides engine-specific details so that
script writers need not think about which set of functions to use.
The lower level consists of individual drivers. Each driver supports a particular database engine
and translates between the top-level interface seen by script writers and the database-specific
interface required by the engine. This provides you the flexibility of using any database for
which a driver exists, without having to consider driver-specific details.
Writing PDO Scripts:
Scripts that use the PDO interface to access MySQL generally perform the following operations:
1. Connect to the MySQL server by calling new PDO() to obtain a database handle object.
2. Use the database handle to issue SQL statements or obtain statement handle objects.
3. Use the database and statement handles to retrieve information returned by the statements.4. Disconnect from the server when the database handle is no longer needed.
7/31/2019 Cse09 Project Document
40/90
31
Connecting to and Disconnecting from the MySQL Server:
To establish a connection to a MySQL server, specify a data source name (DSN) containing
connection parameters, and optionally the username and password of the MySQL account that
you want to use. To connect to the MySQL server on the local host to access the test database
with a username and password of test user and testpass, the connection sequence looks like this:
$dbh = new PDO("mysql:host=localhost;dbname=test", "testuser", "testpass");
For MySQL, the DSN is a string that indicates the database driver (mysql), and optionally the
hostname where the server is running and the name of the database you want to use. Typical
syntax for the DSN looks like this:
mysql:host=host_name;dbname=db_name
The default host is localhost. No default database is selected if dbname is omitted.
The MySQL driver also recognizes port and unix_socket parameters, which specify the TCP/IP
port number and Unix socket file pathname, respectively. If you use unix_socket, do not specify
host or port.
For other database engines, the driver name is different (for example, pgsql for PostgreSQL) andthe parameters following the colon might be different as well.
When you invoke the new PDO() constructor method to connect to your database server, PDO
determines from the DSN which type of database engine you want to use and acesses the low-
level driver appropriate for that engine. This is similar to the way that Perl or Ruby DBI scripts
reference only the top-level DBI module; the connect() method provided by the top-level module
looks at the DSN and determines which particular lower-level driver to use.
If new PDO() fails, PHP throws an exception. Otherwise, the constructor method returns an
object of the PDO class. This object is a database handle that you use for interacting with the
database server until you close the connection.
An alternative to putting the connection code directly in your script is to move it into a separate
file that you reference from your main script. For example, you could create a file
pdo_testdb_connect.php that looks
7/31/2019 Cse09 Project Document
41/90
32
like this:
Then include the file into your main script and call testdb_connect() to connect and obtain the
database handle:
require_once "pdo_testdb_connect.php";
$dbh = testdb_connect ();
This approach makes it easier to use the same connection parameters in several different scripts
without writing the values literally into every script; if you need to change a parameter
sometime, just change pdo_testdb_connect.php. Use of a separate file also enables you to move
the code that contains the connectionparameters outside of the web servers document tree. That
has the benefit of preventing it from being displayed literally if the server becomes
misconfigured and starts serving PHP scripts as plain text.
Any of the PHP file-inclusion statements can be used, such as include or require, but
require_once prevents errors from occurring if any other files that your script uses also reference
pdo_testdb_connect.php.
When youre done using the connection, close it by setting the database handle to NULL:
$dbh = NULL;
After that, $dbh becomes invalid as a database handle and can no longer be used as such.
If you do not close the connection explicitly, PHP does so when the script terminates.
7/31/2019 Cse09 Project Document
42/90
33
While the database handle is open and you are using it to issue other PDO calls, you should
arrange to handle errors if they occur. You can check for an error after each PDO call, or you can
cause exceptions to be thrown. The latter approach is simpler because you need not check for
errors explicitly; any error raises an exception that terminates your script. If you enable
exceptions, you also have the option of catching them yourself instead of allowing them to
terminate your script. By doing this, you can substitute your own error messages for the defaults,
perform cleanup operations, and so on.
To enable exceptions, set the PDO error mode as follows after connecting:
$dbh->setAttribute (PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
That statement is something you could add to the testdb_connect() function if you want the error
mode to be set automatically whenever you connect.
Issuing Statements
After obtaining a database handle by calling new PDO(), you can use it to execute SQL
statements:
For statements that modify rows and produce no result set, pass the statemen t string to the
database handle exec() method, which executes the statement and returns an affected-rows count:$count = $dbh->exec ("some SQL statement");
For statements that select rows and produce a result set, invoke the database handle query()
method, which executes the statement and returns an object of the PDOStatement class:
$sth = $dbh->query ("some SQL statement");
This object is a statement handle that provides access to the result set. It enables you to fetch the
result set rows and obtain metadata about them, such as the number of columns.
To illustrate how to handle various types of statements, the following discussion shows how to
create and populate a table using CREATE TABLE and INSERT (statements that return no
result set). Then it uses SELECT to generate a result set.
7/31/2019 Cse09 Project Document
43/90
34
Issuing Statements That Return No Result Set
The following code uses the database handle exec() method to issue a statement that creates a
simple table animal with two columns, name and category:
$dbh->exec ("CREATE TABLE animal (name CHAR(40), category CHAR(40))");
After the table has been created, it can be populated. The following example invokes the exec()
method to issue an INSERT statement that loads a small data set into the animal table:
$count = $dbh->exec ("INSERT INTO animal (name, category)
VALUES
(snake, reptile),
(frog, amphibian),
(tuna, fish),
(racoon, mammal)");
exec() returns a count to indicate how many rows were affected by the statement. For the
preceding INSERT statement, the affected-rows count is 4.
Issuing Statements That Return a Result Set
Now that the table exists and contains a few records, SELECT can be used to retrieve rows from
it. To issue statements that return a result set, use the database handle query() method:
$sth = $dbh->query ("SELECT name, category FROM animal");
printf ("Number of columns in result set: %d\n", $sth->columnCount ());
$count = 0;while ($row = $sth->fetch ())
{
printf ("Name: %s, Category: %s\n", $row[0], $row[1]);
$count++;
}
7/31/2019 Cse09 Project Document
44/90
35
printf ("Number of rows in result set: %d\n", $count);
A successful query() call returns a PDOStatement statement-handle object that is used for all
operations on the result set. Some of the information available from a PDOStatement object
includes the row contents and the number of columns in the result set:
The fetch() method returns each row in succession, or FALSE when there are no more rows.
The columnCount() methods returns the number of columns in the result set.
Note: A statement handle also has a rowCount() method, but it cannot be assumed to reliably
return the number of rows in the result set. Instead, fetch the rows and count them, as shown in
the preceding example.
Other Ways To Fetch Result Set Rows
fetch() accepts an optional fetch-mode argument indicating what type of value to return. This
section describes some common mode values. Assume in each case that the following query has
just been issued to produce a result set:
$sth = $dbh->query ("SELECT name, category FROM animal");
PDO::FETCH_NUMReturn each row of the result set as an array containing elements that correspond to the columns
named
in the SELECT statement and that are accessed by numeric indices beginning at 0:
while ($row = $sth->fetch (PDO::FETCH_NUM))
printf ("Name: %s, Category: %s\n", $row[0], $row[1]);
PDO::FETCH_ASSOC
Return each row as an array containing elements that are accessed by column name:
while ($row = $sth->fetch (PDO::FETCH_ASSOC))
printf ("Name: %s, Category: %s\n", $row["name"], $row["category"]);
7/31/2019 Cse09 Project Document
45/90
36
PDO::FETCH_BOTH
Return each row as an array containing elements that can be accessed either by numeric index or
by column name:
while ($row = $sth->fetch (PDO::FETCH_BOTH))
{
printf ("Name: %s, Category: %s\n", $row[0], $row[1]);
printf ("Name: %s, Category: %s\n", $row["name"], $row["category"]);
}
PDO::FETCH_OBJ
Return each row as an object. In this case, you access column values as object properties that
have the same names as columns in the result set:
while ($row = $sth->fetch (PDO::FETCH_OBJ))
printf ("Name: %s, Category: %s\n", $row->name, $row->category);
If you invoke fetch() with no argument, the default fetch mode is PDO::FETCH_BOTH unless
you change the default before fetching the rows:
The query() method accepts an optional fetch-mode argument following the statement string:
$sth = $dbh->query ("SELECT name, category FROM animal", PDO::FETCH_OBJ);
while ($row = $sth->fetch ())
printf ("Name: %s, Category: %s\n", $row->name, $row->category);
Statement handles have a setFetchMode() method to set the mode for subsequent fetch() calls:
$sth->setFetchMode (PDO::FETCH_OBJ);
while ($row = $sth->fetch ())
printf ("Name: %s, Category: %s\n", $row->name, $row->category);
Another way to fetch results is to bind variables to the result set columns with bindColumn().
Then you fetch each row using the PDO::FETCH_BOUND fetch mode. PDO stores the column
7/31/2019 Cse09 Project Document
46/90
37
values in the variables, and fetch() returns TRUE instead of a row value while rows remain in the
result set:
$sth = $dbh->query ("SELECT name, category FROM animal");
$sth->bindColumn (1, $name);
$sth->bindColumn (2, $category);
while ($sth->fetch (PDO::FETCH_BOUND))
printf ("Name: %s, Category: %s\n", $name, $category);
Using Prepared Statements
exec() and query() are PDO object methods: You use them with a database handle and they
execute a statement immediately and return its result. It is also possible to prepare a statement for
execution without executing it immediately. The prepare() method takes an SQL statement as its
argument and returns a PDOStatement statement-handle object. The statement handle has an
execute() method that executes the statement:
$sth = $dbh->prepare ($stmt);
$sth->execute ();
Following execution, other statement-handle methods provide information about the statementresult:
For a statement that modifies rows, invoke rowCount() to get the rows-affected count:
$sth = $dbh->prepare ("DELETE FROM animal WHERE category = mammal");
$sth->execute ();
printf ("Number of rows affected: %d\n", $sth->rowCount ());
For a statement that produces a result set, the fetch() method retrieves them and the column -
Count() method indicates how many columns there are. To determine how many rows there are,
count them as you fetch them. (As mentioned previously, rowCount() returns a row count, but
should be used only for statements that modify rows.)
7/31/2019 Cse09 Project Document
47/90
38
$sth = $dbh->prepare ("SELECT name, category FROM animal");
$sth->execute ();
printf ("Number of columns in result set: %d\n", $sth->columnCount ());
$count = 0;
while ($row = $sth->fetch ())
{
printf ("Name: %s, Category: %s\n", $row[0], $row[1]);
$count++;
}
printf ("Number of rows in result set: %d\n", $count);
If you are not sure whether a given SQL statement modifies or returns nows, the statement
handle itself enables you to determine the proper mode of processing. See Determining the
Type of a Statement.
As just shown, prepared statements appear to offer no advantage over exec() and query() because
using them introduces an extra step into statement processing. But there are indeed some benefits
to them:
Prepared statements can be parameterized with placeholders that indicate where data values
should appear. You can bind specific values to these placeholders and PDO takes care of any
quoting or escaping issues for values that contain special characters. Placeholders and
Quoting discusses these topics further.
Separating statement preparation from execution can be more efficient for statements to be
executed multiple times because the preparation phase need be done only once. For example, if
you need to insert a bunch of rows, you can prepare an INSERT statement once and then execute
it repeatedly, binding successive row values to it for each execution.
7/31/2019 Cse09 Project Document
48/90
39
Placeholders and Quoting
A prepared statement can contain placeholders to indicate where data values should appear. After
you prepare the statement, bind specific values to the placeholders (either before or at statement-
execution time), and PDO substitutes the values into the statement before sending it to the
database server.
PDO supports named and positional placeholders:
Anamed placeholder consists of a name preceded by a colon. After you prepare the statement,
use bindValue() to provide a value for each placeholder, and then execute the statement. To
insert another row, bind new values to the placeholders and invoke execute() again:
$sth = $dbh->prepare ("INSERT INTO animal (name, category)
VALUES (:name, :cat)");
$sth->bindValue (":name", "ant");
$sth->bindValue (":cat", "insect");
$sth->execute ();
$sth->bindValue (":name", "snail");
$sth->bindValue (":cat", "gastropod");
$sth->execute ();
As an alternative to binding the data values before calling execute(), you can pass the values
directly to execute() using an array that associates placeholder names with the values:
$sth->execute (array (":name" => "black widow", ":cat" => "spider"));
Positional placeholders are characters within the statement string. You can bind the values prior
to calling execute(), similar to the previous example, or pass an array of values directly to
execute():
$sth = $dbh->prepare ("INSERT INTO animal (name, category)
VALUES (?, ?)");
# use bindValue() to bind data values
$sth->bindValue (1, "ant");
7/31/2019 Cse09 Project Document
49/90
40
$sth->bindValue (2, "insect");
$sth->execute ();
# pass values directly to execute() as an array
$sth->execute (array ("snail", "gastropod"));
Positional placeholder numbers begin with 1.
An alternative to bindValue() is bindParam(), which adds a level of indirection to value-binding.
Instead of passing a data value as the second argument to bindParam(), pass a variable to
associate the variable with the placeholder. To supply a value for the placeholder, assign a value
to the variable:
$sth = $dbh->prepare ("INSERT INTO animal (name, category)
VALUES (?, ?)");
$sth->bindParam (1, $name);
$sth->bindParam (2, $category);
$name = "ant";
$category = "insect";
$sth->execute ();
$name = "snail";
$category = "gastropod";
$sth->execute ();
The preceding examples use INSERT statements, but placeholder techniques are applicable to
any type of statement, such as UPDATE or SELECT.
One of the benefits of using placeholders is that PDO handles any quoting or escaping of special
characters or NULL values. For example, if you bind the string "abc" to a placeholder, PDO
inserts "a\b\c" into the statement. To bind the SQL NULL value to a placeholder, bind the
PHP NULL value. In this case, PDO inserts the word NULL into the statem ent without
surrounding quotes. (Were quotes to be added, the value inserted into the statement would be the
string "NULL", which is incorrect.)
7/31/2019 Cse09 Project Document
50/90
41
PDO also provides a database handle quote() method to which you can pass a string and receive
back a quoted string with special characters escaped. However, I find this method deficient. For
example, if you pass it NULL, it returns an empty string, which if inserted into a statement string
does not correspond to the SQL NULL value. Use quote() with care if you use it.
Determining the Type of a Statement
When you issue a statement using a database handle, you must know whether the statement
modifies rows or produces a result set, so that you can invoke whichever of exec() or query() is
appropriate. However, under certain circumstances, you might not know the statement type, such
as when you write a script to execute arbitrary statements that it reads from a file. To handle such
cases, use prepare() with the database handle to get a statement handle and execute() to execute
the statement. Then check the statements column count:
If columnCount() is zero, the statement did not produce a result set . Instead, it modified rows
and you can invoke rowCount() to determine the number of affected rows.
If columnCount() is greater than zero, the statement produced a result set and you can fetch the
rows. To determine how many rows there are, count them as you fetch them.
The following example determines whether a statement modifies rows or produces a result set,
and then processes it accordingly:
$sth = $dbh->prepare ($stmt);
$sth->execute ();
if ($sth->columnCount () == 0)
{
# there is no result set, so the statement modifies rows
printf ("Number of rows affected: %d\n", $sth->rowCount ());
}
else
{
# there is a result set
printf ("Number of columns in result set: %d\n", $sth->columnCount ());
$count = 0;
7/31/2019 Cse09 Project Document
51/90
42
while ($row = $sth->fetch (PDO::FETCH_NUM))
{
# display column values separated by commas
print (join (", ", $row) . "\n");
$count++;
}
printf ("Number of rows in result set: %d\n", $count);
}
Handling Errors
When you invoke new PDO() to create a database handle, occurrance of an error causes a
PDOException to be thrown. If you dont catch the exception, PHP terminates your script. To
handle the exception yourself, use a try block to perform the connection attempt and a catch
block to catch any error that occurs:
try
{
$dbh = new PDO("mysql:host=localhost;dbname=test", "testuser", "testpass");
}catch (PDOException $e)
{
print ("Could not connect to server.\n");
print ("getMessage(): " . $e->getMessage () . "\n");
}
A PDOException is an extension of the PHP Exception class, so it has getCode() and
getMessage() methods that return an error code and descriptive message, respectively. (However,
I find that getCode() always returns 0 for connection errors and is meaningful only for PDO
exceptions that occur after the connection has been established.)
After you successfully obtain a database handle, further PDO calls that use it are handled
according to the PDO error mode. There are three modes:
7/31/2019 Cse09 Project Document
52/90
43
PDO::ERRMODE_SILENT
When an error occurs in silent or warning mode for a given object method, PDO sets up error
information that you can access when the method returns. This is the default error mode.
PDO::ERRMODE_WARNING
This is like silent mode but PDO also displays a warning message in addition to setting up error
information when an error occurs.
PDO::ERRMODE_EXCEPTION
PDO sets up error information when an error occurs and throws a PDOException.
PDO sets error information for the object to which the error applies, regardless of the error mode.
This information is available via the objects errorCode() and errorInfo() methods. errorCode()
returns an SQLSTATE value (a five-character string). errorInfo() returns a three-element array
containing the SQLSTATE value, and a driver-specific error code and error message. For
MySQL, the driverspecific values are a numeric error code and a descriptive error message.
To handle errors in silent mode, you must check the result of each PDO call. The following
example shows how to test for errors during an operation that uses a database handle, $dbh, and
a statement handle, $sth (you would not necessarily print all the available information as the
example does):
if (!($sth = $dbh->prepare ("INSERT INTO no_such_table")))
{
print ("Could not prepare statement.\n");
print ("errorCode: " . $dbh->errorCode () . "\n");
print ("errorInfo: " . join (", ", $dbh->errorInfo ()) . "\n");
}
else if (!$sth->execute ())
{
print ("Could not execute statement.\n");
print ("errorCode: " . $sth->errorCode () . "\n");
print ("errorInfo: " . join (", ", $sth->errorInfo ()) . "\n");
}
Testing the result of every call can become messy quickly. Another way to deal with failures is
7/31/2019 Cse09 Project Document
53/90
7/31/2019 Cse09 Project Document
54/90
45
Using Transactions
In MySQL, some storage engines are transactional, which enables you to perform an operation
and then commit it permanently if it succeeded or roll it back to cancel its effects if an erroroccurred. PDO provides a mechanism for performing transactions that is based on the following
database-handle methods:
To start a transaction, invoke beginTransaction() to disable autocommit mode so that database
changes do not take effect immediately.
To commit a successful transaction or roll back an unsuccessful one, invoke commit() or
rollback(), respectively.
The easiest way to use these methods is to enable PDO exceptions and use try and catch to
handle errors:
$dbh->setAttribute (PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
try
{
$dbh->beginTransaction (); # start the transaction
# ... perform database operation ...
$dbh->commit (); # success
}
catch (PDOException $e)
{
print ("Transaction failed: " . $e->getMessage () . "\n");
$dbh->rollback (); # failure
}
For additional paranoia, you can place the rollback() call within a nested try/catch construct so
that if rollback() itself fails and raises another exception, the script doesnt get terminated.
http://www.
7/31/2019 Cse09 Project Document
55/90
46
14.STRUCTURED QUERY LANGUAGESQL is a set of commands that all programmers and users must use to access data with
inORACLE database. The Oracle 8i server provides full SQL commands to level 2 and
fullimplementation of the integrity enhancement features. The SQL consists of facilities for
defining accessing and managing relational database.
Advantages of SQL:
1. SQL has become a database language of choice because it is flexible, powerfuland easyto learn.
2. SQL is non procedural language ito Process sets of records rather than just one at a time.o Provides automatic navigation to the data.
3. SQL Provides commands for a variety of tasks including querying data, creating,updatingand replacing objects and inserting, updating and deleting rows.
4. All major RDBMS supports SQL. Thus one can transfer all the skills gained withSQLfrom one RDBMS to another.
5. Programs written in SQL are portable; they can often be moved from onedatabase systemto another with little modification.
SQL Commands
The SQL Commands are divided into three categories:
Data Definition Language Commands (DDL) Data Manipulation Language Commands (DML) Transaction Control Commands.
7/31/2019 Cse09 Project Document
56/90
47
TYPES OF SQL OPERATORS
Query data.
Updating.
Inserting and Deleting database Objects.
Controlling access to the database.
Providing for data integrity and consistency.
7/31/2019 Cse09 Project Document
57/90
48
15.Database Tables:1. Booking_info
2. Movies
movi
eid
Movie
name
Tagline Dateofrel
ease
Synopsi
s
Posterid Running_ti
me_in_min
Language cbfcrati
ng
Adde
by
Int(5)
NOT
ULL
Varch
ar(50)
NOT
NULL
L
Varchar
(50)
DEFA
ULT
NULL
Date NOT
NULL
Long
text
Varchar(50
)
DEFAULT
NULL
Int(11)
DEFAULT
90
NOT
NULL
DEFAULT
ENGLISH
NOT
NULL
DEFAU
LT U
Varc
50)
DEFA
LT
NUL
3. StatesStateid State
Int(3) unsigned NOT NULL Varchar(40) NOT NULL
Bookingid Userid Showid Bookeddate bookedseat
Int(5)NOT
NULL
Varchar(50)
NOT
NULL
Int(5)
NOT
NULL
DATE NOT
NULL
Varchar(4
NOT
NULL
7/31/2019 Cse09 Project Document
58/90
49
4. State_city
Cityid Stateid State
Int(10) unsigned NOT NULL Int(3) unsigned NOT
NULL
Varchar(40) DEFAULT
NULL
5. Theaters
heatre
d
Theatre
name
Addres
s1
Addres
s2
Area City State Country Screens Adde
nt(5)
Unsigne
d NOT
NULL
Varchar
(30)
NOT
NULL
Varchar
(50)
NOT
NULL
Varchar
(50)
DEFAU
LT
NOT
NULL
Varchar(30)
NOT NULL
Varchar(30)
NOT NULL
Varchar(30)
NOT NULL
Varchar(3
0)
NOT
NULL
DEFAUL
T
INDIA
Varchar(1
0)
UNSIGN
ED NOT
NULL
DEFAUL
T 1
Varch
DEFA
NULL
COMM
WHO
ADDE
IT
6. Usersseri Emailid Passwo
rd
First_n
ame
Middle
_name
Last_n
ame
Phone
_num
ber
State City Doj Activate
d_user
Cha
pas
on_
log
nt(5) Varchar(50)
Varchar(40)
Varchar(50)
Varchar(50)
Varchar(50)
Varchar(13)
Varchar(2)
Varchar(3)
TIMESTAMPNOT NULL
DERAULF
CURRENT_TIM
ESTAMP
Binary(1) NOT
NULL
DEFAU
LT 0
BinNO
DE
1
7/31/2019 Cse09 Project Document
59/90
50
16.Usecase Diagrams:
Usecase Diagram 1
<
Usecase Diagram 2
Check bymovie
Chek by
cinema hallCheck moviedata
Registration
Check by time
Login
Request ticket
Book ticket
Check status ofticket
Registered user
Unregistered user
7/31/2019 Cse09 Project Document
60/90
51
Usecase Diagram 3
Administrator
login
Register newadministrator
Create movie
database
Update moviedatabase
Approve userre uest
Administrator
7/31/2019 Cse09 Project Document
61/90
52
17. DATA FLOW DIAGRAM:A data flow diagram is graphical tool used to describe and analyze movement of data through a
system. These are the central tool and the basis from which the other components are developed.
The transformation of data from input to output, through processed, may be described logically
and independently of physical components associated with the system. These are known as the
logical data flow diagrams. The physical data flow diagrams show the actual implements and
movement of data between people, departments and workstations. A full description of a system
actually consists of a set of data flow diagrams. Using two familiar notations Yourdon, Gane
and Sarson notation develops the data flow diagrams. Each component in a DFD is labeled with
a descriptive name. Process is further identified with a number that will be used for
identification purpose. The development of DFDs is done in several levels. Each process in
lower level diagrams can be broken down into a more detailed DFD in the next level. The top-
level diagram is often called context diagram. It consists a single process bit, which plays vital
role in studying the current system. The process in the context level diagram is exploded into
other process at the first level DFD.
The idea behind the explosion of a process into more process is that understanding at one level of
detail is exploded into greater detail at the next level. This is done until further explosion is
necessary and an adequate amount of detail is described for analyst to understand the process.
Larry Constantine first developed the DFD as a way of expressing system requirements in a
graphical from, this lead to the modular design.
A DFD is also known as a bubble Chart has the purpose of clarifying system requirements and
identifying major transformations that will become programs in system design. So it is the
starting point of the design to the lowest level of detail. A DFD consists of a series of bubblesjoined by data flows in the system.
7/31/2019 Cse09 Project Document
62/90
53
DFD SYMBOLS:
In the DFD, there are four symbols
1. A square defines a source(originator) or destination of system data2. An arrow identifies data flow. It is the pipeline through which the information flows3. A circle or a bubble represents a process that transforms incoming data flow into outgoing
data flows.
4. An open rectangle is a data store, data at rest or a temporary repository of data
Process that transforms data flow
External entity
External Entity
Data flow
Data Store
Output
7/31/2019 Cse09 Project Document
63/90
54
Salient Features of DFDs
1. The DFD shows flow of data, not of control loops and decision are controlledconsiderations do not appear on a DFD.
2.
The DFD does not indicate the time factor involved in any process whether the dataflowtake place daily, weekly, monthly or yearly.
3. The sequence of events is not brought out on the DFD.Types of Data Flow Diagrams
1. Current Physical2. Current Logical3. New Logical4. New Physical
DATA FLOW
1) A Data Flow has only one direction of flow between symbols. It may flow in bothdirections between a process and a data store to show a read before an update. The
later is usually indicated however by two separate arrows since these happen at
different type.
2) A join in DFD means that exactly the same data comes from any of two or moredifferent processes data store or sink to a common location.
3) A data flow cannot go directly back to the same process it leads. There must be atleast one other process that handles the data flow produce some other data flow
returns the original data into the beginning process.
4) A Data flow to a data store means update (delete or change).5) A data Flow from a data store means retrieve or use.6)
A data flow has a noun phrase label more than one data flow noun phrase can appearon a single arrow as long as all of the flows on the same arrow move together as one
package.
7/31/2019 Cse09 Project Document
64/90
55
Context Diagram
Send Output
Admin id andPassword
No IdentityRequired
Send Output
User id andPassword
Send Output
ADMINISTRATOR
UNREGISTERED USER
REGISTERED USER
Admin views userdetails,movie/cinemahall
Get cinematicket(s
Viewmovie/cinema
hall details
www.movie.jagzlabs.com
7/31/2019 Cse09 Project Document
65/90
56
Level 1 Dataflow Diagram
Administrator
Assign
movie
details
Assign
movie
details
1.2
Cinema hall
details
1 .3
Modifying
show details
1.4
Movie
details
Movie
details
Cinema hall details
Cinema hall details
7/31/2019 Cse09 Project Document
66/90
57
Level 2 Dataflow Diagram
Booked details
User details
Movie details
User Login2.1
Selectmovieselect status2.1.1
Select dateselect show
2.1.2
Cinema show timedetails
Cinemashow time
details
Movie
status
7/31/2019 Cse09 Project Document
67/90
58
18.Entity Relationship Diagram
7/31/2019 Cse09 Project Document
68/90
59
19.Online Cinema Ticket Booking Description
Welcome to newly designed website cinema ticket booking is a faster, cleanerand a tad more
personal website, specially designed to make your bookingexperience better. Log on, navigate
and find out for yourselves and if time permits leave your valuable feedback.Customers may
view the contents of any movie show at any time and may bookany movie ticket as needed. The
program automatically calculates the subtotal and grand total. When a visitor decides to finally
book the ticket, the