Contents
Application Development
1. Three-Tier Architecture
┌─────────────────────┐
│ Presentation Layer │ → User Interface (HTML, CSS, JavaScript)
│ (Web Browser) │ What user sees and interacts with
└──────────┬──────────┘
│ HTTP/HTTPS
┌──────────▼──────────┐
│ Web Server │ → Handles HTTP requests
│ (Apache, Nginx) │ Routes to application
└──────────┬──────────┘
│
┌──────────▼──────────┐
│ Application Server │ → Business Logic
│ (Business Logic) │ Processing, validation
│ (Java, Python) │ JSP, Servlets, PHP
└──────────┬──────────┘
│ SQL
┌──────────▼──────────┐
│ Database Server │ → Data Storage & Retrieval
│ (MySQL, Oracle) │ CRUD operations
└─────────────────────┘Presentation Layer
- • User Interface (UI)
- • Client-side logic
- • HTML, CSS, JavaScript
- • Renders data
Application Layer
- • Business logic
- • Processing & validation
- • JSP, Servlets, PHP
- • Connects UI to DB
Database Layer
- • Data storage
- • CRUD operations
- • MySQL, PostgreSQL
- • Data integrity
2. Application Types
| Type | Technology | Pros | Cons |
|---|---|---|---|
| Web App | HTML, CSS, JS | Cross-platform, No install | Needs internet, Slower |
| Native App | Platform-specific | Fast, Offline support | Costly, Platform-dependent |
| Hybrid App | Web + Native wrapper | Cross-platform, Cheaper | Slower than native |
4. SQL Injection
Definition: Malicious SQL code inserted into input fields to manipulate database queries.
Vulnerable Code Example
// ❌ VULNERABLE - Never do this!
String query = "SELECT * FROM users WHERE userid = " + userInput;
// If attacker inputs: 160 or 1=1
// Resulting query becomes:
SELECT * FROM users WHERE userid = 160 or 1=1;
// ↑ Returns ALL users! (1=1 is always true)Common SQL Injection Patterns
160 or 1=1→ Always returns true, bypasses authentication
160 or 99=99→ Always returns true
' OR '1'='1→ String-based injection
'; DROP TABLE users; --→ Deletes entire table!
Prevention Methods
// ✅ SAFE - Use prepared statements
PreparedStatement pstmt = conn.prepareStatement(
"SELECT * FROM users WHERE userid = ?"
);
pstmt.setInt(1, userInput);
ResultSet rs = pstmt.executeQuery();
// ✅ SAFE - Input validation
if (!userInput.matches("[0-9]+")) {
throw new IllegalArgumentException("Invalid input");
}
// ✅ SAFE - Escape special characters
String safeInput = StringEscapeUtils.escapeSql(userInput);5. Embedded SQL
Definition: SQL statements embedded within host language code (C, Java, etc.). Identified by EXEC SQL prefix.
Syntax
// Declare section
EXEC SQL BEGIN DECLARE SECTION;
char username[50];
int userid;
EXEC SQL END DECLARE SECTION;
// Execute query (variables prefixed with :)
EXEC SQL SELECT name INTO :username
FROM users
WHERE id = :userid;
// Check for errors
if (SQLCODE != 0) {
printf("Error: %d\n", SQLCODE);
}Key Points
- •
EXEC SQLidentifies SQL statements - • Variables prefixed with
:(colon) - • SQL mixed with host language (C, Java, etc.)
- • Requires preprocessor to compile
Storage Management
6. Disk Access Time
Formula
Total Access Time = Seek Time + Rotational Latency + Transfer TimeSeek Time
Time to move read/write head to correct track
Rotational Latency
Time for sector to rotate under head
Average Rotational Latency = 1 / (2 × RPM) × 60 secondsTransfer Time
Time to read/write data
Transfer Time = Data Size / Data Transfer RateExample Calculation
Given:
- • Seek Time = 12 ms
- • Rotational Delay = 3.5 ms
- • Block Size = 4 KB
- • Data Rate = 256 KB/sec
Solution:
7. MTBF (Mean Time Between Failures)
Formula
MTBF(array) = MTBF(one disk) / Number of disksExample
Given:
- • MTBF(one disk) = 600,000 hours
- • MTBF(array) = 800 hours
Find: Number of disks
8. File Organization Types
| Type | Structure | Insertion | Search | Use Case |
|---|---|---|---|---|
| Heap | Unordered | Fast O(1) | Slow O(n) | Write-heavy |
| Sequential | Ordered by key | Slow | Fast O(log n) | Read-heavy |
| Hash | Hash function | Fast O(1) | Fast O(1) avg | Key-based lookup |
9. Disk Scheduling Algorithms
FCFS (First Come First Serve)
Process requests in order received. Simple but inefficient.
SSTF (Shortest Seek Time First)
Process nearest request first. Better than FCFS but may cause starvation.
SCAN (Elevator Algorithm) ⭐
Move in one direction, service requests, reverse at end. Minimum head direction changes.
Example: Requests [98, 183, 37, 122, 14, 124, 65, 67], Current: 53, Direction: Increasing
Order: 65, 67, 98, 122, 124, 183, [reverse], 37, 14
C-SCAN (Circular SCAN)
Move in one direction, jump to start (don't service on return). More uniform wait time.
10. Quick Formulas Reference
Total Time = Seek + Rotational Latency + TransferTransfer Time = Data Size / Data RateAvg Latency = 1 / (2 × RPM) × 60 secondsMTBF(array) = MTBF(one disk) / Number of disksCapacity = Platters × Surfaces × Tracks × Sectors × Sector_SizeCylinders = Tracks per surfaceBlock Size = Sector Size × Sectors per BlockPractice Problems
Problem 1: Calculate total disk access time. Seek=10ms, Rotation=4ms, Block=8KB, Rate=512KB/s
Show Solution
Transfer Time = 8 KB / 512 KB/s = 0.015625 s = 15.625 ms
Total Time = 10 + 4 + 15.625 = 29.625 msProblem 2: MTBF(one disk)=500,000 hrs, Array fails every 625 hrs. How many disks?
Show Solution
Number of disks = MTBF(one disk) / MTBF(array)
= 500,000 / 625
= 800 disksProblem 3: Identify the SQL injection: SELECT * FROM users WHERE id = 100 or 1=1
Show Solution
The "or 1=1" part is malicious.
Since 1=1 is always true, this returns ALL users.
Prevention: Use prepared statements:
PreparedStatement pstmt = conn.prepareStatement(
"SELECT * FROM users WHERE id = ?"
);
pstmt.setInt(1, userId);Quick Tips
✓ SCAN algorithm has minimum head direction changes
✓ Always use prepared statements to prevent SQL injection
✓ Sessions are more secure than cookies
✓ Block size must be multiple of sector size
✓ Heap file: Fast insert, slow search
✓ Sequential file: Slow insert, fast search
Continue Learning
You've completed application development and storage! Next, dive into indexing, hashing, and transactions.