CS 242 Spring 2012 : Assignment 2.2

This page last changed on Mar 12, 2012 by cemeyer2.

Assignment 2.2 – Threaded Comments


  • CC Chapter 8: Defensive Programming
The reading is due before lecture as usual, on Monday, March 26th.


The tutorial is due before lecture as usual, on Monday, March 26th.

Formal final project proposal

For the last 4 weeks of the semester, each of you will complete your own final project. The project can cover any domain using any language, toolkit, or framework, but you cannot have your final project for this course be part of a project or assignment for another course you are currently taking. See the Final Project Details page for more firm details on the final project. Before you can begin your final project, you must first write up a formal proposal and submit it to your section leader for approval. The proposal must contain:

  • Summary of application including functionality, language used, libraries needed, platforms targeted, etc
  • Why you chose this application (i.e. to learn something, to solve a problem…)
  • Who will use this application when it is completed
  • List of features
  • How you plan to test the application (will you use junit, nunit, selenium, etc)
  • Documentation plan
  • A weekly schedule
    • You have 4 weeks to complete the project
    • For each of the 4 weeks, you need to commit to which portions and features will be complete

Expect your proposal to be at least 2 pages in length.

We expect you to spend the same amount of time each week on the final project that you spend on each of the other assignments so far this semester, so plan out each week accordingly. Your TA or moderator might ask you to revise your proposal after submitting it if he thinks that you are trying to do to much or too little. Submit your proposal as a pdf via email to your section leader by 4:00PM on Monday, March 26th 2012. This gives us time to review your proposals so you will still have a full week to work on the first week of your final project. You cannot start on your final project until you get approval from your section leader, so the earlier you submit it and get approval the earlier you can begin working. Lastly, please submit your proposals in PDF format to eliminate chances of any problems when trying to read them.

Take a look at the example proposal done by a former student for a rough guide of what a proposal from the past looked like. The requirements for the proposal have slightly changed since this proposal was written, so just use this one as a guide for how much detail we are expecting.

Again, the final proposal is due by 4:00PM on Monday, March 26th

Studio Assignment

For this week’s assignment, you will be using a combination of PHP and SQL to create an interactive threaded comments discussion board for your portfolio.

This assignment is due on before the start of your discussion section on March 29th and 30th in Subversion in a folder named Assignment2.2. In addition, you must also submit your work to cPanel.
Please include a short README.txt file along with your submission this week that instructs your moderator how to access your portfolio on cPanel. This README should also have the SQL statement(s) used to generate your schema along with comments describing what each of the fields are used for.

Instructions on what services are available on cPanel as well as how to access them are located at https://wiki.engr.illinois.edu/display/engineeringit/Web+Hosting+for+Student+Projects. That page also has basic information on how to execute SQL queries against the MySQL database on the cPanel server.

Using your own environment

You are more than welcome to use your own Apache/PHP/MySQL environment to develop this assignment, but in the end, it must run on the university cPanel server. So, feel free to develop elsewhere, but test and deploy on your cPanel account. This is to ensure that there are no issues that arise from technical difficulties when we are trying to evaluate and grade your work each week.

Getting started

There are three main functional requirements this week:

  1. Creating a threaded discussion board for each of your projects
  2. Securing your discussion boards against attacks
  3. Adding content filtering to your discussion boards

Step 1 – Making a Design

The first step you will need to do is figure out how you want to store your data in the database. Think about what table(s) you need and what columns each of those tables needs to have. Hint: Think about the discussion board for each of your projects as a multi-level tree, where the root is the project, and interior nodes and leaves are each comments left on the project. The parent of any comment node in the tree is the comment that it is replying to or if the parent is the project, then it is a top level comment. How can you store this in a relational database? Feel free to use the PHPMyAdmin that is built into cPanel to construct your tables and play around with your design, but remember to include the statement(s) that generated your schema in your README.

If you are unfamiliar with SQL, we suggest you go through this SQL tutorial.

Advanced Topic: ORMs

ORM stands for Object Relational Mapping. In essence, they are libraries that allow you to map objects in your code directly onto tables in the database and vice-versa, where attributes of your objects are columns in the corresponding database table. They handle all of the transactional work behind the scenes for you. There are two main patterns used for ORMs, Active Record and Data Mapper. Active Record was popularized by the Ruby on Rails framework several years ago. For more information on ORMs, read this Wikipedia article.

You do not have to use an ORM if you do not wish to this week, but we will leave that choice completely up to you. There is a good discussion on Stack Overflow regarding various PHP ORM libraries.

Step 2 – Implementing the PHP

The second step this week is to create some basic forms and display pages to show your comments. You will need to add to your XSLT document generated last week to add the information to your main portfolio page to allow it to interface with your comments PHP. Note that you should not put any PHP code in your XSLT document, as it will not be evaluated by the parser before being echoed back out to the client. Use CSS to style these pages and make them look presentable. How can you indicate that a comment is in reply to another? How do you place the tree of comments on a single page. Take a look at the comment pages on sites like Slashdot and Reddit for inspiration.

Step 3 – Locking things down

Using the proper techniques such as prepared statements and other ideas as discussed in lecture, secure your code at minimum against SQL Injection Attacks. Add defense against Cross-site Scripting Attacks as well. Use the internet to find resources about how to accomplish these goals with PHP.

Step 4 – Content Filtering

For the last step, you will need to implement a basic content filtering system. You will need to compile a list of “red flag” words/phrases and acceptable replacement words/phrases. This list must have at least 8 entries, but feel free to add as many as you would like. When a user enters a comment with a “red flag” word or phrase, it should be automatically replaced with the corresponding replacement word. This should be done using regular expressions. See the tutorials from last week and this week for examples with regular expressions. Store your “red flag” words/phrases and their corresponding replacements in the database. Do your substitution via the new relations you store. Also add an “administrator form” where an admin can add/remove from this table.


For this week, we require basic integration testing. That is, you should have some test code that creates comments, replies to comments, checks for proper filtering, checks for proper SQL injection attack prevention, etc. Your tests should work by invoking the scripts you wrote to post comments, then verify they are properly placed in the database. Feel free to use one of the many PHP test runners out there, but do not feel obligated to. If you choose to not use a PHP testing suite, you will need to write your own custom test harness/runner to run your tests and report results.


Criteria Weight Comment
Basic preparation 3  
Code submission 6 submitted on time and to the correct location
Decomposition 6  
Documentation 6 Final Project Plan
Documentation 3 Good comments and README.txt
Naming 3  
Overall design 6  
Participation 3 How you critique others code.
Presentation 3 How you critique your code.
Requirements – Attack Prevention 6 Ability to prevent SQL Injection attacks and XSS
Requirements – Comments Posting 6 Ability to post comments
Requirements – Comments Viewing 6 Ability to view comments
Requirements – Content Filtering 6  
Requirements – Schema 3 Thoughtful schema design able to handle all required features
Testing 3  

example_proposal.pdf (application/pdf)
Document generated by Confluence on Mar 29, 2012 02:55

  1. I have bad blogging habits. Well, WordPress may think they’re good—I leave my main internet pages (including you-know-what!) up and running all day. I must change that if I’m going to finish my WIPs in this lifetime.So I’m soon going to switch to evenings only for the blog, except for my posting days. That’s my least creative time of day. The most productive times should be devoted to writing, when possible.

  2. Natasha: Bit of creative license taken admittedly – I know not all vegetarians are "snail strokers" as you so brilliantly put it :)A couple of people have recommended that lobster essay. I will seek it out.

  1. No trackbacks yet.