Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Moayad mohammed databases week3 #27

Open
wants to merge 12 commits into
base: main
Choose a base branch
from
3 changes: 2 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,5 @@ node_modules/
**/*-secret.json
**/*.sh
.idea
.env
.env
/Week3/.vscode
17 changes: 17 additions & 0 deletions .vscode/settings.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
{
"sqltools.connections": [
{
"mysqlOptions": {
"authProtocol": "default",
"enableSsl": "Disabled"
},
"previewLimit": 50,
"server": "localhost",
"port": 3306,
"driver": "MySQL",
"name": "hyfDvConnection",
"database": "assignmentDatabase",
"username": "hyfuser"
}
]
}
38 changes: 38 additions & 0 deletions Week3/Assignment/Exercise 1 : SQL Normalization/Normalization.md

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice !

Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
# Normalization
## 1. What columns violate 1NF?
`food_code` and `food_description`
___
## 2. What entities do you recognize that could be extracted?
The following entities could be extracted:
1. Members
2. Dinner
3. Venues
4. Food
___
## 3. Name all the tables and columns that would make a 3NF compliant solution.

1. Members:
- member_id
- member_name
- member_address

2. Dinners:
- dinner_id
- dinner_date
- venue_code

3. Venues:
- venue_code
- venue_description

4. Foods Table:
- food_code
- food_description

5. Member_Dinner (junction table):
- member_id
- dinner_id

6. Dinner_Food Table (junction table):
- dinner_id
- food_code
96 changes: 96 additions & 0 deletions Week3/Assignment/Exercise 2 : SQL Transactions/transaction.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@

const { createConnection } = require('mysql2');


// Create a connection to the database
const connection = createConnection({
host: 'localhost',
user: 'hyfuser',
password: 'hyfpassword',
database: 'Transactions',
});

// Connect to the database
connection.connect((err) => {
if (err) {
console.error('Error connecting to the database: ' + err.stack);
return;
}
console.log('Connected to the database.');
});

connection.beginTransaction((err) => {
if (err) {
console.error('Error starting transaction: ' + err.stack);
return;
}

const senderAccountNumber = 1001;
const receiverAccountNumber = 1002;
const amount = 1000;

// Deduct the amount from the sender's account

// Declaring queries as constants
const deductAmountFromSenderAccount = `UPDATE account SET balance = balance - ${amount} WHERE account_number = ${senderAccountNumber}`;
const addAmountToReceiverAccount = `UPDATE account SET balance = balance + ${amount} WHERE account_number = ${receiverAccountNumber}`;
const logSenderTransaction = `INSERT INTO account_changes (account_number, amount, changed_date, remark) VALUES (${senderAccountNumber}, -${amount}, CURDATE(), 'Transfer to account ${receiverAccountNumber}')`;
const logReceiverTransaction = `INSERT INTO account_changes (account_number, amount, changed_date, remark) VALUES (${receiverAccountNumber}, ${amount}, CURDATE(), 'Transfer from account ${senderAccountNumber}')`;

connection.query(deductAmountFromSenderAccount, [amount, senderAccountNumber], (err, result) => {
if (err) {
connection.rollback(() => {
console.error('Error deducting amount from sender account: ' + err.stack);
return;
});
}

// Add the amount to the receiver's account
connection.query(addAmountToReceiverAccount, (err, result) => {
if (err) {
connection.rollback(() => {
console.error('Error adding amount to receiver account: ' + err.stack);
return;
});
}

// Log the transaction in the account_changes table for sender
connection.query(logSenderTransaction, (err, result) => {
if (err) {
connection.rollback(() => {
console.error('Error logging transaction: ' + err.stack);
return;
});
}
// Log the transaction in the account_changes table for receiver
connection.query(logReceiverTransaction, (err, result) => {
if (err) {
connection.rollback(() => {
console.error('Error logging transaction: ' + err.stack);
return;
});
}

// Commit the transaction
connection.commit((err) => {
if (err) {
connection.rollback(() => {
console.error('Error committing transaction: ' + err.stack);
return;
});
}

console.log('Transaction completed successfully.');
connection.end((err) => {
if (err) {
console.error('Error closing the database connection: ' + err.stack);
return;
}
console.log('Connection closed.');
});
});
});
});
});
});
});
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@

const createConnection = require('mysql2').createConnection;


// Create a connection to the database
const connection = createConnection({
host: 'localhost',
user: 'hyfuser',
password: 'hyfpassword',
database: 'Transactions',
});

// Connect to the database
connection.connect((err) => {
if (err) {
console.error('Error connecting to the database: ' + err.stack);
return;
}
console.log('Connected to the database.');
});

// Create the account table
const createAccountTable = `
CREATE TABLE IF NOT EXISTS account (
account_number INT PRIMARY KEY,
balance DECIMAL(10, 2)
);
`;

// Create the account_changes table
const createAccountChangesTable = `
CREATE TABLE IF NOT EXISTS account_changes (
change_number INT PRIMARY KEY AUTO_INCREMENT,
account_number INT,
amount DECIMAL(10, 2),
changed_date DATE,
remark VARCHAR(255),
FOREIGN KEY (account_number) REFERENCES account(account_number)
);
`;

// Execute the queries to create the tables
connection.query(createAccountTable, (err) => {
if (err) {
console.error('Error creating account table: ' + err.stack);
return;
}
console.log('Account table created successfully.');
});

connection.query(createAccountChangesTable, (err) => {
if (err) {
console.error('Error creating account_changes table: ' + err.stack);
return;
}
console.log('Account_changes table created successfully.');
});

// Close the database connection
connection.end((err) => {
if (err) {
console.error('Error closing the database connection: ' + err.stack);
return;
}
console.log('Database connection closed.');
});
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@

const createConnection = require('mysql2').createConnection;


// Create a connection to the database
const connection = createConnection({
host: 'localhost',
user: 'hyfuser',
password: 'hyfpassword',
database: 'Transactions',
});

// Connect to the database
connection.connect((err) => {
if (err) {
console.error('Error connecting to the database: ' + err.stack);
return;
}
console.log('Connected to the database.');
});

// Insert values into the account table

const insertAccountValues = `
INSERT INTO account (account_number, balance) VALUES
(1001, 5000.00),
(1002, 10000.00),
(1003, 15000.00),
(1004, 20000.00),
(1005, 25000.00);
`;

connection.query(insertAccountValues, (err) => {
if (err) {
console.error('Error inserting values into account table: ' + err.stack);
return;
}
console.log('Values inserted into account table successfully.');
});

// Insert values into the account_changes table

const insertAccountChangesValues = `
INSERT INTO account_changes (account_number, amount, changed_date, remark) VALUES
(1001, 5000.00, '2021-01-01', 'Initial deposit'),
(1002, 10000.00, '2021-01-01', 'Initial deposit'),
(1003, 15000.00, '2021-01-01', 'Initial deposit'),
(1004, 20000.00, '2021-01-01', 'Initial deposit'),
(1005, 25000.00, '2021-01-01', 'Initial deposit');
`;

connection.query(insertAccountChangesValues, (err) => {
if (err) {
console.error('Error inserting values into account_changes table: ' + err.stack);
return;
}
console.log('Values inserted into account_changes table successfully.');
});

// Close the database connection

connection.end((err) => {
if (err) {
console.error('Error closing the database connection: ' + err.stack);
return;
}
console.log('Database connection closed.');
});
33 changes: 33 additions & 0 deletions Week3/Assignment/Exercise 3 : SQL injection/injection.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
function getPopulation(Country, name, code, cb) {
// assuming that connection to the database is established and stored as conn
conn.query(
`SELECT Population FROM ${Country} WHERE Name = '${name}' and code = '${code}'`,
function (err, result) {
if (err) cb(err);
if (result.length == 0) cb(new Error("Not found"));
cb(null, result[0].name);
}
);
}

/*
A value for the variables: name and code can be manipulated to inject SQL code into the query. Like the following values:
- Name: ' OR '1'='1
- code: ' OR '1'='1
will result in the following query:
SELECT Population FROM ${Country} WHERE Name = '' OR '1'='1' and code = '' OR '1'='1'
This query will return the population of all countries in the database, which is not the intended behavior.
*/

// To prevent SQL injection, you should use parameterized queries or prepared statements. Here's an example using parameterized queries:
function getPopulation(Country, name, code, cb) {
conn.query(
"SELECT Population FROM ?? WHERE Name = ? and code = ?",
[Country, name, code],
function (err, result) {
if (err) cb(err);
if (result.length == 0) cb(new Error("Not found"));
cb(null, result[0].name);
}
);
}
Loading