Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Assignment Week4 <Ozlem Karaboga> #33

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions Week1/connection-test.js
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,9 @@ var connection = mysql.createConnection({
// code: 'ECONNREFUSED',
// Then, the following line will solve it
// Note that your socket file path may be different
socketPath: '/tmp/mysql.sock'
//socketPath: '/tmp/mysql.sock'

// port : xxxx // Uncomment this line and replace xxxx with the selected port number if you are not using default 3306. I also suggest to download MySQL version 5.7 because recent versions has authentication problems
port : 3306 // Uncomment this line and replace xxxx with the selected port number if you are not using default 3306. I also suggest to download MySQL version 5.7 because recent versions has authentication problems

});

Expand Down
26 changes: 26 additions & 0 deletions Week3/homework/Exercise_1_SQL_Normalization.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
## Exercise 1 : SQL Normalization

### 1.What columns violate 1NF?

The columns **food_code** and **food_description** violate 1NF as they contain multiple values separated by commas instead of atomic values.

### 2.What entities do you recognize that could be extracted?

From the given table, the entities that could be extracted are
**members, dinners, venues, foods**.

### 3.Name all the tables and columns that would make a 3NF compliant solution.

**Members Table :**
Columns: member_id, member_name, member_address

**Dinners Table :**
Columns: dinner_id, dinner_date, venue_code

**Venues Table :**
Columns: venue_code, venue_description

**Foods Table :**
Columns: food_code, food_description

By structuring the data into separate tables based on the identified entities, and eliminating the multi-valued dependencies, a 3NF-compliant solution can be achieved. These tables would help in organizing the data efficiently and ensuring data integrity.
18 changes: 18 additions & 0 deletions Week3/homework/Exercise_2/connections.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
const mysql = require('mysql2');

const connection = mysql.createConnection({
host: 'localhost',
user: 'hyfuser',
password: 'hyfpassword',
database: 'bank_db'
});

connection.connect((err) => {
if (err) {
console.error('Error connecting to database:', err);
return;
}
console.log('Connected to the database.');
});

module.exports = connection;
31 changes: 31 additions & 0 deletions Week3/homework/Exercise_2/transactions-create-tables.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
const connection = require('./connections');

const createAccountTable = `CREATE TABLE IF NOT EXISTS account (
account_number INT PRIMARY KEY,
balance DECIMAL(10, 2)
);`;

const createAccountChangesTable = `CREATE TABLE IF NOT EXISTS account_changes (
change_number INT NOT NULL AUTO_INCREMENT PRIMARY KEY,
account_number INT,
amount DECIMAL(10, 2),
changed_date DATE,
remark VARCHAR(255),
FOREIGN KEY (account_number) REFERENCES account(account_number)
);`;

connection.query(createAccountTable, (err, results) => {
if (err) {
console.error('Error creating account table:', err);
} else {
console.log('Account table created successfully.');
}
});

connection.query(createAccountChangesTable, (err, results) => {
if (err) {
console.error('Error creating account_changes table:', err);
} else {
console.log('Account_changes table created successfully.');
}
});
25 changes: 25 additions & 0 deletions Week3/homework/Exercise_2/transactions-insert-values.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
const connection = require('./connections');

const insertAccountData = `INSERT IGNORE INTO account (account_number, balance) VALUES
(101, 5000.00),
(102, 3000.00);`;

const insertAccountChangesData = `INSERT IGNORE INTO account_changes (change_number, account_number, amount, changed_date, remark) VALUES
(1, 101, 2000.00, '2024-03-15', 'Initial deposit'),
(2, 102, -500.00, '2024-03-16', 'Withdrawal');`;

connection.query(insertAccountData, (err, results) => {
if (err) {
console.error('Error inserting data into account table:', err);
} else {
console.log('Data inserted into account table successfully.');
}
});

connection.query(insertAccountChangesData, (err, results) => {
if (err) {
console.error('Error inserting data into account_changes table:', err);
} else {
console.log('Data inserted into account_changes table successfully.');
}
});
42 changes: 42 additions & 0 deletions Week3/homework/Exercise_2/transactions.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
const connection = require('./connections');

connection.beginTransaction((err) => {
if (err) {
console.error('Error beginning transaction:', err);
return;
}

connection.query('UPDATE account SET balance = balance - 1000 WHERE account_number = 101;', (err, results) => {
if (err) {
return connection.rollback(() => {
console.error('Error updating account 101:', err);
});
}

connection.query('UPDATE account SET balance = balance + 1000 WHERE account_number = 102;', (err, results) => {
if (err) {
return connection.rollback(() => {
console.error('Error updating account 102:', err);
});
}

connection.query('INSERT INTO account_changes (change_number, account_number, amount, changed_date, remark) VALUES (NULL, 101, -1000.00, CURDATE(), "Transfer to account 102"), (NULL, 102, 1000.00, CURDATE(), "Transfer from account 101");', (err, results) => {
if (err) {
return connection.rollback(() => {
console.error('Error inserting data into account_changes table:', err);
});
}

connection.commit((err) => {
if (err) {
return connection.rollback(() => {
console.error('Error committing transaction:', err);
});
}
console.log('Transaction completed successfully.');
connection.end();
});
});
});
});
});
58 changes: 58 additions & 0 deletions Week3/homework/Exercise_3_SQL_injection.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
const mysql = require('mysql2');

const conn = mysql.createConnection({
host: 'localhost',
user: 'hyfuser',
password: 'hyfpassword',
database: 'world'
});

conn.connect(err => {
if (err) throw err;
console.log('Connected to MySQL server.');

// Functions
function getPopulation(Country, name, code, cb) {
conn.query(
`SELECT Population FROM ${Country} WHERE Name = '${name}' and code = '${code}'`,
function (err, result) {
if (err) cb(err);
if (result.length == 0) cb(new Error("Not found"));
cb(null, result);
}
);
}

function getPopulationSafe(Country, name, code, cb) {
conn.query(
'SELECT Population FROM ?? WHERE Name = ? AND Code = ?',
[Country, name, code],
function (err, result) {
if (err) cb(err);
if (result.length == 0) cb(new Error("Not found"));
cb(null, result);
}
);
}

// Calling the vulnerable function
getPopulation('country', "' OR '1'='1", "' OR '1'='1", (err, result) => {
if (err) {
console.error(err);
} else {
console.log('Results:', result);
}
});

// Calling the safe function
getPopulationSafe('country', "' OR '1'='1", "' OR '1'='1", (err, result) => {
if (err) {
console.error('Error occurred while fetching data securely:', err.message);
} else {
console.log('Results:', result);
}

// Closing the connection
conn.end();
});
});
Loading