CHAPTER ONE

INTRODUCTION
Changamwe sub-county is one of the 6 sub-counties in Mombasa County that has its
entire boundary facing Indian Ocean. It is the administrative and financial capital of
Mombasa County. It has a major sea port that serves Kenya and most of East and Central
Africa. It is also a major tourist destination along the East Africa coastline owing to its
geographical position, and is home to both indigenous and immigrant population,
currently estimated to be about 534,390 people.

1.1 Background
Civil registration is the continuous and permanent compulsory recording of the
occurrence and the characteristics of vital events such as birth and death events, primarily
for their value as legal documents as provided by law and secondarily for their usefulness
as a source of statistics.
According to Don de Savigny (2013),The United Nation defines civil registration as the
continuous, permanent, compulsory and universal recording of the occurrence and
characteristics of vital events pertaining to the population as provided through decree or
regulation in accordance with the legal requirements of a country.Civil registration is
carried out primarily for the purpose of establishing the legal documents provided by the
law. These records are also a main source of vital statistics. Complete coverage, accuracy
and timeliness of civil registration are essential for quality vital statistics.

Vital events that are typically recorded include live birth, death, foetal death, marriage,
divorce, and annulmentof marriage, judicial separation of marriage, adoption,
legitimization and recognition. Among the legal documents that are derived from civil
registration are birth certificates, death certificates and marriage certificates. A family
register is a type of civil register which is more concerned with events within the family
unit and is common in Continental European and Asian countries, such as Germany,
France, Spain, Russia, China, Japan and North and South Korea. In addition to the family
register, also we have birth and death registers.

Civil registration should not be mistaken for population registration, which is present in
many countries. Population registration covers a wider range of events, such as
immigration and change of address, together with some or all of the events of civil
registration, including change of name. Civil registration system must be able to add,
change, correct and enquire about data and events relating to individuals.

According to Errest Linde (2008), Registration of births and deaths was introduced for the
first timein Kenya in 1904, and applied only to Europeans and Americans.In 1928 the
Act,CAPS 149 was enacted. This Act only provided for the compulsory registration of the
deaths of Africans but not for their births.After independence in 1963, compulsory
registration of all births and deaths was extended in phases to other areas beginning with
Nairobi and Nyeri on 1
st
March1963. On 1
st
September1971 it became compulsory to
register all births and deaths occurring in Kenya.

Despite the extension of compulsory registration to all districts (including Mombasa
district, now Mombasa County), the coverage remained low. The government of Kenya,
recognizing the need to improve registration for the benefit of the individual and the
community, sought technical and financial assistance from the United Nations Population
Fund (UNFPA).

In 1979, the Civil Registration Demonstration Project was established with the assistance
of the UNFPA, and launched in 1982 in Muranga, Nyeri and Kirinyaga districts.
LurambiDivision in Kakamega district was also included. The results showed a
remarkable increase in registration in these pilot areas. Kisumu, Kakamega, Uasin Gishu
and Embu districts were brought into the second phase of the project in 1984. In 1985, the
government took over the project from the UNFPA and adopted a community based
system of registration, the Civil Registration Programme.

It also decided to improve the control of registration by moving civil registration from the
Office of the Attorney General to the Office of the President and constituted a fully-
fledged department in 1990. From 1
st
July 1990, registration was decentralized to the
district level.

In spite of these improvements in administration and management of the registration, the
coverage in Kenya is still low because of lack of awareness among the public, lack of
resources, logistical problems of covering expansive and sparsely populated regions
inhabited by nomadic ethnic groups.

Although the government passed legislation on registration of births and deaths in 1928, it
was not until 1990 that the Department of Civil Registration was created as a fully-
fledged department to manage the operation and implementation of civil registration
services. In issuing the policy guideline, the government recognized that civil registration
should represent a felt need for the whole community and should be a department that is a
part of the national development agenda. Therefore the department needs a policy:-
i. To ensure uniformity in civil registration operations and processes.
ii. To enforce compliance with the law. The mandate of civil registration is to
register all births and deaths occurring in the country. The policy addresses
the gaps emerging as a result of the public failure to comply with the law.
iii. To enforce compliance with International conventions on human rights.
The human rights that form the basis of this policy are for the most part
those set forth in the Universal Declaration of Human Rights, the
Declaration of Rights of the Child, and in the international treaties known
as the International Covenant on Economic, Social and Cultural Rights and
the International Covenant on Civil and Political Rights. These
instruments, couched in general terms, have been supplemented as
necessary by others adopted by the United Nations for specific purposes
such as the convention on consent to marriage, minimum age for marriage
and registration of marriages, The International Convention on Elimination
of all forms of Racial Discrimination, and the Declaration on the
Elimination of Discrimination against women. Although Kenya is a
signatory to these conventions, it has not endeavored to comply fully with
them.
iv. To harmonize all registration policy statements to ensure coordination in
the provision of services and better resource utilization. There is little
coordination between partners and stakeholders with services or issues
touching on civil registration. Consequently, there has been duplication,
gaps in provision of resources, compromised registration system and
eventual underutilization of capacities of the agencies.
v. To enforce inter-dependence of all government agencies in sharing vital
information that has legal consequences. There should be due recognition
to civil registration records as a basis for personal identification and vital
statistics as a source of demographic and health data. This is due to their
timeliness, continuity and completeness.
vi. To develop guidelines amongst all government agencies dealing with
registration activities to lessen the burden of proving identity.
vii. To compel all the registration agents involved in the registration of births
and deaths to undertake civil registration as a core function.

This policy endeavors to ensure that there is comprehensive registration in order to make
the civil registration data reliable for socio-economic and political purposes.

Challenges of Modernization and Technology
In Kenya the whole system of registration management from storage, retrieval and
processing is entirely manual. This has resulted into slow processing of vital statistics and
delay in submission of returns by registration assistants.
Statistical functions as opposed to registration functions are concerned with collection,
compilation, evaluation, tabulation and publication of vital statistics.
According to Errest Linde (2008), there is urgent need for modernization of the civil
registration services. This will reduce manual operation, space for archives and the
preservation of records.

1.2 Statement of the problem
The whole system of registration management from storage, retrieval and processing is
entirely manual. This has resulted into delay in submission of returns by registration
assistants as they submit the birth and death registers to registrars office as they wish.
Registration of births and deaths is done manually by the registration assistants on the
ground. The registration assistants are assistant chiefs in the sub-locations who capture
birth and death events occurring at homes and health personnel who capture events
occurring in the health institutions. The system of registration of births and deaths in
place is community based where the community is empowered to report for notification
of all births and deaths at the place of occurrence (health institutions and sub-location).
And since registration is done manually, sometimes there is delay in submission of
monthly returns to the district civil registration office, which in turn, sometimes result in
loss of birth and death registers rendering some of the birth and death eventsunregistered.
Manual operation at the registry is a hindrance to efficient service delivery to customers
becausewhen customers loose birth notifications or burial permits they are referred to
registration agent (health institutions or ass/chief to get a copy of the same). This is very
cumbersome for our customers yet if our records were computerized searches would be
made simple.

The proposed system that will be developed will address the inefficiency by having the
following non-functional requirements:

Usability The system will have a well-developed graphical user interface that the users
will find easy and appealing to use. Usability will focus on speed, accuracy and
satisfaction.
i. The system will have an intuitive graphical user interface that is user-friendly.
ii. The number of users accessing the system will not impair the system use.
iii. The system will have an effective in-built error checking capability to validate
the users input.
iv. Values passed from one access page to another should be encrypted.
v. User account information will not be secured from the system administrators
modification.
Usability goals can also be tied to the following five characteristics. Each user need
statement can be turned into a usability goal or requirements. For example, requirements
can be specified with a range of acceptable values, such as:
Efficient The users see registration as a simple task and are not willing to spend
much time on it, especially compared to filling in a paper form.
Error Tolerant They are concerned that the system might make mistakes in
processing their choices, and want good validation, confirmation and error
notification during the process. They also want to be sure that they can change their
minds without needing to start the process over.
Engaging Some users expect to have options or features explained during the
registration process. Users want clear, understandable presentation, citing difficult
paper forms they have encountered in the past as problems.
Effective Users assume that they would be registered correctly. This characteristic is
placed lower on the list because of user emphasis on error handling to prevent
problems.
Easy to Learn Because they see the task as simple, users assume that they should be
able to complete it without assistance.
Portability The proposed system will be designed using HTML and PHP standard web
programming languages that are accessible across different platforms. Moreover, the
system will be accessible through the internet.

Performance To ensure efficiency the system will be designed to incorporate fast
responses times, efficient input, output and storage of data and efficient back up.

Ease of use The system will require minimal training since the web pages will be
hosted on the World Wide Web designed with simple graphical user interface.

The proposed system will have the following functionalities:
i. Administration - The system administrator will be able to create user accounts
and give them various rights to access the system.
ii. Login system For security and data integrity. The user will have to provide a
user name and a password in order to log into the system.
iii. Registration system The user will be able to select either a birth or death
register and key in information pertaining a particular birth or death event.
iv. Report generation system With ability to generate report on the number of
births and deaths registered on daily, weekly, monthly and quarterly basis
depending on request.



1.3 Objectives

General objective
To create and test the acceptability of an online system for efficient registration of births
and deaths.

Specific objectives
i. To determine the user requirements of online system for registration of births and
deaths.
ii. To develop an easy to use online system for registration of births and deaths.
iii. To test the acceptability of the online system for registration of births and deaths.

1.4 Justification
Online registration is secure and accessible at all times, anywhere, and birth and death
events are captured instantly. This eliminates delay in submission of monthly returns as
submissions are done instantly (online) by the registration assistants on the ground. This
in turn ensures that once an event is captured it is secure.

Online registration provides up-to-date information on the number of births and deaths
registered as births and deaths events are captured and submitted instantly. Also,
processing and production of vital statistics by civil registration officers is done with
minimal paperwork.

1.5 Scope
The scope of this project is Changamwe sub-county and specifically the civil registration
department and its registration areas which include all the7 sub-locations and the24health
facilities that fall under its jurisdiction. Although the project has been designed for use
atthe sub-county level, the basic principles can also be applied at the county level.

1.6 Target Users
This project is intended for civil registration officers and registration assistants on the
ground. It has been designedto be used by assistant chiefs in the sub-locations and health
personnel in the health facilities.

1.7 Limitation
Civil registration systems are very complex. Civil registration requires linking each
individual to his family members creating a family tree for each individual. Developing a
registration system that can link an individual to his family members has proven to be a
very difficult task.











CHAPTER 2
LITERATURE REVIEW
2.1 Introduction
This chapter examines the related literature on the development of online birth and death
registration system in different organizations globally.
Internet as one of the first growing technology as it explore in rural areas which will be
easier for people to do some research, E-payment, E-banking, e-shopping and e-registration .
With wide use of internet, a lot of online shopping, online business and online portal are
developing to ease the user to do their work. Users just need to use few mouse clicks and will
be able toaccess all the resources they need . With this few mouse clicks, user do not need
to queue up for a long time to pay for the goods over the counter or queue lines for
registration
2.2 Theoretical Review
By convergence of the world into a global village, civil registration has several thousand
miles has become so common for not only attaining certificates but also for population
statistics. Due to the fast paced nature of the world today, Civil department is considered as
one of the first choice among several modes of registration to save time due to increase in
population. Developed countries have advanced to a level, where civil registration is done
online the system of systems being run by independent vendors or service providers. This has
resulted in tough competition among the civil departments in the world to attract more and
more technological improvement; most countries offered their services over the World Wide
Web.
User interface design
User Interface design requirements is the design of websites, computers, appliances,
machines, mobile communication devices, and software applications with the focus on the
user's experience and interaction. The goal of user interface design is to make the user's
interaction as simple and efficient as possible, in terms of accomplishing user goalswhat is
often called user-cantered design.
According to professor Ben Shneiderman(2008), efficiency can be described as the speed
(with accuracy) in which users can complete the thanks for which they use the
product.ISO9241 defines efficiency as the total resources expended in a task. Efficiency
metrics include the number of clicks or keystrokes required or total time on task
Good user interface design facilitates finishing the task at hand without drawing unnecessary
attention to itself. Graphic design may be utilized to support its usability, influencing how the
user performs certain interactions and improving the aesthetic appeal of the design; design
aesthetics may enhance or detract from the ability of users to use the functions of the
interface.
[1]
The design process must balance technical functionality and visual elements (e.g.,
mental model) to create a system that is not only operational but also usable and adaptable to
changing user needs.
Interface design is involved in a wide range of projects from computer systems, to cars, to
commercial planes; all of these projects involve much of the same basic human interactions
yet also require some unique skills and knowledge. As a result, designers tend to specialize in
certain types of projects and have skills centered around their expertise, whether that be
software design, user research, web design, or industrial The designshould be capable of
interacting with hardware and software interfaces. The interface should consider the
following practices in order to allow the system acceptable:
Keep the interface simple. The best interfaces are almost invisible to the user. They avoid
unnecessary elements and are clear in the language they use on labels and in messaging
which allows the users to operate effectively.
Create consistency and use common UI elements. By using common elements in your UI,
users feel more comfortable and are able to get things done more quickly. It is also important
to create patterns in language, layout and design throughout the site to help facilitate
efficiency. Once a user learns how to do something, they should be able to transfer that skill
to other parts of the system hence easy adaptability of the system.
Strategically use colour and texture. You can direct attention toward or redirect attention
away from items using colour, light, contrast, and texture to your advantage.




Functional requirement
Functional requirement is a description of the facility or feature required. Functional
requirements deal with what the system should do or provide for users. They include
description of the required functions, outlines of associated reports or online queries, and
details of data to be held in the system.In the past applications have been developed using the
distributed systems technology but these apps were lacking adaptability in the business
process changes and reusability factor was also too low. The modern system built on web
technologies offer centralized reusable services based on SOA (Service Oriented
Architecture). These systems dramatically enhance the system flexibility along with
providing a mechanism for information sharing with other systems. These services are
achieved through development and implementation of online systems (Lang, Wojtkowski and
Wojtkowski 2008).
First step in design of online should describe web application functionality, by using UML
classes for each module and use-cases state diagrams to describe web scenario. The most
important class indesign is Action.php page which serves as a controller in design pattern and
which processes all requests anddispatches data to appropriate View pages, by putting itinto
session.
Online system has the strong capability to reduce errors that might have occurred when using
a manual system of registration. The online system makes it suitable for customers to register
Since it has database running on SQL where it will be easy for users for real time querying
which improve the efficiency of the system.
Database design establish a database in support of CEAP that will house the collective data
assembled or generated during transaction activities. The database will support a
variety of data types and formats, including but not limited to: spatial data - vector,
raster, imagery, and tabular; tabular data static and time-series; spreadsheets;
documents; reports; photographs



Platform requirement
The online system consists two main parts -- a central database management system for the
storage, and management of data and a client application to allow
users access and interact with the data.
The rule for selecting hardware and software is that the components/application must be
functionally efficient, capable of interfacing with other software, and easy to maintain.
The System shall operate with the following Web browsers: Microsoft Internet Explorer
versions 5.0 and 6.0, Netscape Communicator version 4.7, Netscape versions 6 and 7, and
FireFox. The System shall operate on Certified and Accredited servers running the current
corporate approved versions ofoperating systems as appropriate.
The online system shall permit user access from the corporate Intranet and, if a user is
authorized for outside access through the corporate firewall, from an Internet connection
at the users home

Software requirement
1: Backup Software Data and applicationbackups will be managed through fully supported
backup software solutions.
2: HTTP and GIS Server Applications As the Web will be the primary delivery protocol
for the application, HTTP and related GIS server applications will be required to support
system functionality.
3: Web Browsers and Browser Plug-ins In support of External Interface requirements,
commonly supported web browsers will be used to implement a thin-client architecture.
The use of Browser plug-ins will be judicously restricted on an as-needed basis.
4: Email Services As a secondary delivery protocol for alerts, data, and other information
from the system, email server applications will be required to support
system functionality
5: Relational Database Management System - As the primary data storage mechanism for
the corporate standard relational database management system, Microsoft SQL Server will
be required to support system functionality.
6: The system will use, where appropriate,the standard software resources This includes, but
is not limited to, MS ASP/Java Scripts, C++/C#, MS SQL server and IIS, or the use
of PHP/Perl, JB scripts, C++/C#,MySQL server, and Apache server

2.3 System Review
By convergence of the world into a global village, entails various civil registration systems
but there is no one general prototype that can be applied to all types of Situation. We have
several management systems with varying degrees of functionalities depending on the user or
customer needs. Several systems has gone thousand miles has become so common for not
only providing certificates but also for population statistics. Due to the fast paced nature of
the world today, Civil department is considered as one of the first choice among several
modes of registration to save time due to increase in population. The first nationwide
universal system of civil registration was introduced in 1979 via the Births and Deaths
Compulsory Registration Decree 39. This was further modified in 1992 by another decree.
The modification gave the responsibility for civil registration to the National Population
Commission (NPC). The provisions of the decree were further reinforced by section 24 of the
third schedule of the 1999 constitution. The act makes provision for a passive hierarchical
national registration system. There are positions such as Registrar-General (Chair, NPC),
Chief Registrars (State Directors), Deputy Chief Registrar (Comptrollers of Local
Government Areas) and Registrars (manning the various registration centres).
In 2007, the NPC developed a strategy document on birth registration for 2008-2011. A targe
of 60% completeness for birth registration was set for the year 2010 and 100% for 2015.
Included in the strategies was a gradual reduction of population sizes ofcatchment areas from
60,000 to 40,000 in 2008 and 30,000 in 2009 with a resultant increase in the number of
registration centers from 3560 in 2008 to 4665 in 2009
This has resulted in tough competition among the civil departments in the world to attract
more and more technological improvement; most countries offered their services over the
World Wide Web. The existing systems are as follows:



2.3.1 Savanna civil registration system
Savanna civil registration System is found in Kerala used to deal with all the day to day
operations in details of all births, deaths and marriages electronically registered in Local
Governments (Registration units) where SEVANA application software of Information
Kerala Mission is being used uninterruptedly for registering these events. The have been
developed using the distributed systems technology but these apps were lacking adaptability
in the business process changes and reusability factor was also too low.. The result of an
assessment by the NPC showed that birth registration coverage improved from about 18% for
2006 to 35% in 2007 (NPC, 2010). Some of the notable problems with the Savanna civil
registration system are the following among others:

Bureaucratic inefficiency
Poor data management
Poor incentives
Lack of proper stakeholders engagement and weak feedback systems
Poor coverage in registration of vital events
The system also run on desktop operating system platform which does not support multiple
access hence single user to handle civil registration. Applicants submit the applications
forms manual and they are keyed in the system by the administrator hence it is tiresome.
Sevana civil registration they use centralized database which its stored on single The user
interface for Savanna system the arrangements of menus and data fields are not arranged
properly in line which give users difficulty time during registration. The savanna Civil
Registration system should be capable of interacting with hardware and software interfaces.
Customers should be able to share the permissible data from the registration database in a
predefined format and mechanism allow users to input the data by themselves

Figure 2.1 Sevanna civil registration system

2.3.2 Durdans Civil registry system
The system automates all core functions civil operation processes that take place within
Colombo, Sri Lanka. The system runs on distributed database which allow Customers to be
able to share the permissible data from the registration database in a predefined format and
mechanism. As this system is meant to be used by a huge group of audience having different
levels of capabilities and exposure to the IT, system is easy to use, self explanatory and user
friendly. It guide the user properly both through the regular process of registration and any
exceptional cases that may come across. Lang, Wojtkowski and Wojtkowsk (2008), states
that a local area network should be incorporated into the system for communication between
the various departmental systems that are used for individual citizen data usage.





Figure 2.2 Durdans Civil registry system










2.3.3 Odisha E- Municipality
The system automates all core functions of civil registration that take place in the country it
is an online system that can be acceded through the internet. Reduce time and cost for people
to access civil registration systems, It consist of birth registration within municipality or rural
areas, the death rate within the urban area or rural areas and also gives the overall population

Figure 2.3 Odisha civil Registration system






2.4 System Critique
Sevanna civil registration system is a Multi-specialty system that consists of various modules.
These include: certificate search, state registration clock, online form submission official
verification, graphical representation and vital statistics the system enable customers to
submit details and search for their certificates when they are ready to avoid frequent walking
into offices. The death registration module it also does the same as the birth registration. The
system it does not give out marriage registration and it does not analyze population in various
districts.
Odisha E- Municipality its an online system that allows people to submit there details of birth
registration and death registration, the for some time they move to civil registration office to
gate the certificates Changamwe Online civil registration system will allow users to register
for their certificates (birth certificate ,marriage certificates and dearth certificates ) users can
submit their details and can search if their certificates are ready to avoid frequent traveling to
their offices to check if the certificates are ready
Durdans Civil registrysystem that consists of various modules like: birth registration, Death
registration and population analysis, Unlike Changamwe civil registration system, it does not
manage its information such as birth notifications are collected and forwarded to respective
offices in the headquarter which consumes more time to the clients for long queuing .the
Durdans civil registry system its desktop application hence it involve lot off paper works and
more workers to operate it since there will be long queuing for submission of birth
notification and dearth notification.
The existing systems most of then are using desktop application unlike Changamwe online
civil registration system which is a web application. Desktop applications are sometimes hard
to use if the user works from a remote location. Web applications are flexible. It can be
accessed from any computer no matter where you are. This is due to the fact that a web
application only exists online. Furthermore, the above systems only manage data that is
within the changamwe sub-county manages existing records and also information about the
population

2.5 Summary
After analyzing existing system to see which of there feature were useful and how they could
be improved, there was also a small amount of research done into finding out what users of
existing systems felt would improve the service offered to them. From this research the
requirement for this project where drawn up.
It was decided when the website was produced for this project will allow users to sign up to
the site enabling them to update the details, check for certificates and will also enable the
county to use the population within the county for future planning.

.













CHAPTER 3
METHODOLOGY/ ANALYSIS & DESIGN
3.1 Introduction
This chapter involves the analysis of the methodology technique put in use to aid in the
creation of the proposed system and the successful development and implementation of the
system. The methodology that will be used is Water fall method.
3.2 Development Approach

The methodology that will be used through out the development process will be a variation
on the waterfall life cycle. As the requirements for the project are unlikely to change
dramatically this methodology will fit the project. If the project looked like the requirements
would be changing often a more agile methodology would have been chosen. The waterfall
lifecycle works by following a strict path through the development process not moving on to
the next stage until the previous stage has been completed. The stages for this project will
be:
The first stage of the project will involve researching into existing systems, user expectation
and then drawing up the requirements of the project.
Once we have the functional requirements have been decided upon the second stage will
involve research into the non-functional requirements of the project for instance security and
accessibility.
Once the functional and non-functional requirements have been decided upon and the
technologies to be used has been decided the system will be design. Once the design
process has been completed the implementation stage can begin, although there will be no
formal test driven development for this project when new features are added or code is
edited the system will be tested to ensure that no bugs have been introduced into the
program. Once the implementation has been completed the entire system will be thoroughly
tested.

Figure 3.1 the waterfall model


3.2 REQUIREMENT SPECIFICATION

The following functional requirements were decided upon.
1. Allow registration of users
2. Allow someone to register to become a user.
3. The system will send out automated emails to validated users.
4. The user signup form should test that the form is filled in by a human and not a
computer program.
5. Allow admin/staff users to add:
certificates
Users
Assign staff for specific tasks
Task description
6. Allow admin/staff users to edit and delete:
Users details
Staff Job categories
7. The System will allow for semi automated emails, including:
Job update in the system

8. The system will allow registered users to search for their certificates availability by:
Date
Category
Certificate number

9. A registered user should be able to edit some of their information
Contact Details
Address
Telephone Number
Email address
Marital status
Password
10. The system will allow admin/staff users to make changes to certain settings
Including:
Database
Username
Password
Database Name
Style and Formatting, without having to edit any PHP or CSS code.
11. The system should be simple to use for every staff
3.2.1 Security
Programming for the Internet requires programmers to consider different security issues that
may not necessarily be a problem when programming for single machine programs.
Problems can occur when a perfectly innocent user types in some invalid content into a form
on your website or a malicious user of the site takes advantage of holes in your security to
gain access to sensitive data or delete/edit your database.

Good practice PHP programming involves checking all user input, including checking that a
user has not entered incorrect data. Programmers should test not only for invalid input, for
instance a user entering an invalid date, or a string when an int is required, but also that a
user is not entering malicious content into your form.

3.2.2 Structured Query Language (SQL) Injection
A malicious user of your site may attempt to replace your SQL query with their own by
entering their own SQL statements in to the form field on your website. This could allow the
malicious user to add, edit or delete data in your database when they should not be able to.
SQL queries are so insecure because most of the time they require a user to make a
selection or enter a string on a form to complete the SQL statement before it is used to query
the database. Most users will use a form or search facility on a website as they are intended
to be used. However a malicious user see web forms as an opportunity to attempt to create
their own SQL statements and use your program to query their SQL statements on your
database, instead of your intended SQL statement.

Preventing SQL Injection
The main way to protect a website again SQL injection attacks is to ensure that SQL
statements are constructed carefully when the variables are received from the users. This
can be done by removing any characters that can be used by malicious users to construct
their own SQL statement to be queried on your database. Implementing layers of abstraction
between user input and the SQL statement being queried on a database there are methods
available in PHP for assisting with this.

3.2.3 Cross Site Scripting (XSS)
For this method of hacking a hacker uses forms on your website to introduce malicious
markup or client side script (i.e. Java Script or VB Script) then relies on other users of the
site activating the code. A cross site can be used for session hijacking and stealing users
account details. There are two types of Cross Site Scripting (XSS). The first is remote site to
Application site.
This type of attack is not initiated on your site but from a link on another website or in an
email. A user is convinced to fill in a form or follow a link which contains the malicious code.
This code now has its affect on the page the user is forwarded to. The second type of XSS
attack is application site to same or remote site. This method relies on what the malicious
user enter into a form on your website being displayed to other users of your site. The
malicious user enters the markup or script into a form and that information is subsequently
displayed elsewhere. The malicious user then waits for another user of the site to activate
the script by following a link or with extra coding even just hovering over a link.

Preventing XSS
The use of POST requests makes a site more secure from XSS attack than using GET
requests. So web site developers should use POST requests as much as possible to
strengthen their websites again XSS attacks. Another method of protecting against XSS
attacks is to not allow any HTML markup to be entered into forms on a website unless it is
absolutely necessary. Any HTML markup can simply be removed by the program processing
the incoming data. If HTML input is required then rather than allowing all tags to be used
filter, input and remove certain tags, for instance:
<applet>
<embed>
<script>
<object>
Scripts should also remove attributes from the tags as these can contain Java
Script.Programs should allow filter and URLs that are inputted. Normal procedure for many
web applications is to remove any GET variables from the end of the URL.
3.3 LOGICAL DESIGN