&6)LQDO3URMHFW )DOO %RRN6WRUH'DWDEDVH :HE%DVHG 0DQDJHPHQW,PSOHPHQWDWLRQ 7R 'U6RQ&DR7UDQ )URP 7HDP %R'X <X3DQ ;LQ[LD$Q ^EGX\SDQ[DQ`#FVQPVXHGX 'DWH'XH'HFHPEHU 'DWH6XEPLWWHG'HFHPEHU
Purpose: Web-based database management is used in a lot of areas in today s world. This project is to implement an online bookstore. This design uses MySQL as the core DBMS and CGI (Common Gateway Interface) to generate web page to manage the data in the tables. The system will provide super-user (or manager) to access and manipulate the database entry. The users can use the web pages to register to our online bookstore, to place and modify orders. The system will also give user a query method to retrieve the information from the database as to certain criteria. Design: The URL of the whole system is: http://www.cs.nmsu.edu/~bdu/project482.htm There are three functional modules in the system. The manager of the bookstore has the ability to access all the database tables and do browsing and modifications (insertion and deletion). The manager can also maintain the database of the customer. The customer can register to the bookstore for the first time user. They can modify their own personal profile and make orders of purchase or cancel the orders. Any ordinary user can browses the bookstore database either use HTML browsing or use SQL command browsing. We are trying out best to make this looks more like a real online bookstore. Therefore the whole project has been divided into several modules with different security levels. The basic scheme of our design is showed in Appendix A. There are 4 tables used in this system, as listed in Appendix B-1. Commands used to create these tables are listed in Appendix B-2. To make our design work, the E/R diagram is the first step to make the relationships clear in the whole database. The E/R diagram is attached in Appendix C. For each entry in the database, some of them can be a NULL value, but some are required, thus appropriate constraints are necessary. The constraints that we enforced are listed in Appendix D. The "HTML Browse" part of this project includes two functionalities - providing a interface for the users/customers to look up the book information (no user and order information) from the book table, and a interface for the managers to browse all the content of all the tables. 1. Book Look-up Interface The book look-up interface for the users is implemented by a single perl cgi script, not a
HTML file. The main reason for this is to avoid to hard-code the column names inside a HTML page, so it may still work fine if the attribute names of the book table get changed in the future. We distinguish between the attributes of character type and the attributes of numeric type while taking and handling the input conditions for search from the users. For the numeric attributes, i.e., the price,pages,copy,year and edition attributes, we require the users to have a relation operator like >, <, =, >= and so on in each of the input fields in the interface. The embedded javascript will alert the user if this requirement is not met. These operators are directly used to construct a SQL query. For all attributes of character type, we just take the input conditions and construct a SQL query using a 'like' clause. The users have the choice on which columns to display in the query output. Each column is associated with a checkbox. When checked, the corresponding column will appear in the output tuples. For each of the output tuples which are not out of stock, a link to the "Add a new book order" page, is attached. So the users could order a book directly on their look-up results. (For Dubo,The bookid is not sent over yet because the add-new-order program reads input from STDIN, not from an environment variable) 2. DB Table Browse Interface While the book look-up interface just allows the users to look up book information, the DB Table Browse Interface allows the managers to browse all the content of all the tables including the user table and orderinfo table. This interface includes a drop-down list to choose a table to browse and a multiple selection list to choose which columns of this table to display. One feature of this interface is that both the drop-down list and multiple selection list are generated dynamically by looking up the databases. That is, there is no hard-code component in the implementation and it will always work whatever changes the managers make on the database structure. Both of these interfaces also provide the capability of searching by performing a query.
Conclusion: This database implementation system utilizes the MySQL DBMS and using CGI to manipulate the data in the database. It is a very good practice of what we have learned in the database course. In the design of this application system, we successfully implement modulo design and every team member did a very good job. We considered the security issues in the real world and give a primitive yet efficient implementation. In considering of the future development, the whole system is very expandable. It leaves enough space and corresponding interface to add more functional modules.
Appendix A. Basic function stucture: Book Store Management (password protected) User Applications Add Modify Delete User Order Browse Error Book Entry Entry Deletion Operation Database Report Entry (2) (3) (4) (5) (6) (7) (1) (password protected) Place a Cancel User HTML SQL New Order an order Browse Query Add a New User Change User Information Work Load: - Yu Pan: 1, 2, 3 - Bo Du: 4, 5, 7 - Xinxia An: 6
Appendix B-1. Tables used in the system Table Schemas: Table1. book: +-----------+--------------+------+-----+----------+-------+ Field Type Null Key Default Extra +-----------+--------------+------+-----+----------+-------+ BookID varchar(15) PRI CallNo varchar(10) Title varchar(100) ISBN varchar(20) Author varchar(100) YES NULL Subject varchar(20) YES NULL Edition int(11) YES 1 Pages int(11) YES 0 Copy int(11) YES 0 Status varchar(20) YES in stock Price float YES 0 Year year(4) YES NULL Publisher varchar(100) YES NULL Memo varchar(255) YES NULL +-----------+--------------+------+-----+----------+-------+ Table2. user: +-------------+--------------+------+-----+---------+-------+ Field Type Null Key Default Extra +-------------+--------------+------+-----+---------+-------+ ID varchar(9) PRI firstname varchar(10) lastname varchar(10) gender char(1) YES NULL age int(11) YES NULL address varchar(50) YES NULL email varchar(30) phone varchar(10) YES NULL description varchar(100) YES NULL +-------------+--------------+------+-----+---------+-------+ Table3. orderinfo: +-----------+-------------+------+-----+------------+-------+ Field Type Null Key Default Extra +-----------+-------------+------+-----+------------+-------+ OrderID varchar(10) PRI User varchar(9) BookID varchar(15) OrderDate date 0000-00-00 Quantity int(11) 0 Status varchar(10) Canc tinyint(1) 0 +-----------+-------------+------+-----+------------+-------+
Table4. passwd: +-------+-------------+------+-----+---------+-------+ Field Type Null Key Default Extra +-------+-------------+------+-----+---------+-------+ ssn varchar(9) PRI pwd varchar(12) +-------+-------------+------+-----+---------+-------+ There is another password file for the security concern.
Appendix B-2. SQL commands used to create the tables in Appendix B-1: CREATE TABLE book ( BookID varchar(15) PRIMARY KEY, CallNo varchar(10) NOT NULL, Title varchar(100) NOT NULL, ISBN varchar(20) NOT NULL, Author varchar(100), Subject varchar(20), Edition int DEFAULT 1, Pages int DEFAULT 0, Copy int DEFAULT 0, Status varchar(20) DEFAULT "in stock", Price float DEFAULT 0, Year year(4), Publisher varchar(100), Memo varchar(255) ); CREAT TABLE user ( ID varchar(9) PRIMARY KEY, firstname varvhar(10) NOT NULL, lastname varchar(10) NOT NULL, gender char(1) CHECK(gender in ( F, M )), age int, address varchar(50), email varchar(30) NOT NULL, phone varchar(10), description varchar(100) ); CREATE TABLE orderinfo ( OrderID varchar(10) PRIMARY KEY, User varchar(9) NOT NULL, BookID varchar(15) NOT NULL, OrderDate date NOT NULL, Quantity int NOT NULL, Status varchar(10) NOT NULL, Canc bool NOT NULL ); CREATE TABLE passwd ( ssn varchar(9) PRIMARY KEY, pwd varchar(12) NOT NULL );
Appendix C. E/R diagram Title CallNo Pages Subject ISBN BookID Author Edition Price Copy Year Book Publisher Memo Status Orderinfo OrderID OderDate Canc Quantity phone address User email description gender age lastname firstname ID
Appendix D. Constraints 1. Constrains on the tables: For the Book Insertion part: INSERT INTO book (BookID, CallNo, Title, ISBN [, Author] [, Subject] [, Edition] [, Pages] [, Copy] [, Status] [, Price] [, Year] [, Publisher] [, Memo]) VALUES (<newid>, <newcallno>, <newtitle>, <newisbn>, [, <newauthor>] [, <newsubject>] [, <newedition>] [, <newpages>] [, <newcopy>] [, <newstatus>] [, <newprice>] [, <newyear>] [, <newpublisher>] [, <newmemo>]); For the Book deletion part: Delete from book Where [BookID like %<value1>% ] [and CallNo like %<value2>% ] [and ISBN like %<value3>% ] [and Title like %<value4>% ] For the Book Information Update part: UPDATE book SET BookID = <newid>, CallNo = <newcallno>, Title = <newtitle>, ISBN = <newisbn> [, Author = <newauthor>] [, Subject = <newsubject> ] [, Edition = <newedition>] [, Pages = <newpages>] [, Copy = <newcopy>] [, Status = <newstatus>] [, Price = <newprice>] [, Year = <newyear>] [, Publisher = <newpublisher>] [, Memo = <newmemo>]) [Where] [BookID like %<value1>% ] [and CallNo like %<value2>% ] [and ISBN like %<value3>% ] [and Title like %<value4>% ] 2. Constrains on the operation: For the Book Insertion part: 1. BookID, CallNo, Title, and ISBN must have a value, warning information will be returned if no value presents and operation will fail. 2. The length of user input for each field are controlled according to the database schema. 3. Only digits are allowed for Edition, Copy, Pages, and Year fields. Warning information will be returned for invalid user input and operation will fail. 4. There won t be warning information for invalid input of Price field. It is the user s responsibility of giving correct floating point number. The operation will fail without notifying the user. For the Book Insertion part: 1. User can enter any string for BookID, CallNo, Title, and ISBN. All records that satisfies the condition will be returned.
2. All records that satisfies the condition will be deleted once user confirm the deletion and can not be take back. For the Book Information Update part 1. User can enter any string for BookID, CallNo, Title, and ISBN or leave them empty. But if multiple records that satisfy the condition found, a warning information will be returned and ask the user to redefine the search condition. 2. All constrains for insertion will still hold for update. 3. User can even change the BookID. But if the same BookID was already in the database, warning information will be returned and operation will fail. For user insertion and modification part, similarly, all required fields in the database are checked using Javascript before the value get into the database tables.