humblecoder00
diff --git a/‎README.md
Lines changed: 21 additions & 20 deletions b/‎README.md
Lines changed: 21 additions & 20 deletions
diff --git a/‎Week1/README.md
Lines changed: 4 additions & 2 deletions b/‎Week1/README.md
Lines changed: 4 additions & 2 deletions
diff --git a/‎Week3/MAKEME.md
Lines changed: 22 additions & 0 deletions b/‎Week3/MAKEME.md
Lines changed: 22 additions & 0 deletions
diff --git a/‎Week3/README.md
Lines changed: 80 additions & 35 deletions b/‎Week3/README.md
Lines changed: 80 additions & 35 deletions
diff --git a/‎Week3/sql-injection.js
Lines changed: 45 additions & 0 deletions b/‎Week3/sql-injection.js
Lines changed: 45 additions & 0 deletions
diff --git a/‎examples/basic_mysql_connection/index.js
Lines changed: 0 additions & 20 deletions b/‎examples/basic_mysql_connection/index.js
Lines changed: 0 additions & 20 deletions
diff --git a/‎examples/basic_mysql_connection/package.json
Lines changed: 0 additions & 14 deletions b/‎examples/basic_mysql_connection/package.json
Lines changed: 0 additions & 14 deletions
diff --git a/‎examples/basic_mysql_connection/sqlinjection.js
Lines changed: 0 additions & 16 deletions b/‎examples/basic_mysql_connection/sqlinjection.js
Lines changed: 0 additions & 16 deletions
@@ -4,7 +4,7 @@
 
 ### About
 
-This three-week program aims to introduce the fundamental concepts of data entities and data storage.
+This three-week program aims to introduce the fundamental concepts of databases using MySQL.
 
 ### Key Objectives
 
@@ -15,34 +15,35 @@ By the end of this module, students should have a familiarity with and basic und
 - The Structured Query Language (SQL)
 - The construction of a database system
 - MySQL as an example of a relational database system
-- Non-relational data and NoSQL
-- MongoDB as an example of a NoSQL database
-
-## The Practice Database
-
-The login information for the student practice database will be provided during the first class. If you don't have them, send us a message - you will need the username, password, hostname, port, and database name.
 
 ## Lesson Plan
 
-### Lesson 1: Retrieving Data
-
-In this class, students will be introduced to retrieving data from a MySQL database using SELECT queries.
-
-Objective: Students should be able to retrieve data from a database table using SELECT statements that include WHERE, GROUP BY, ORDER BY, LIMIT, and JOIN.
-
-### Lesson 2: Practical Database Usage
+### Lesson 1: MySQL and Node Setup! Create, Insert and Select !
 
-In this class, students will learn how to use more complex SQL queries to retrieve information across tables, and interact with data including write operations.
+Objective: This class aims to incorporate JavaScript code to operate the MySQL database.
+MySQL client can be used to demonstrate SQL queries however, students should know how to
+make a MySQL database connection from JavaScript, run queries from JavaScript and
+capture results of queries in JavaScript.
 
-Objective: Students should be able to build CRUD functionality using SQL statements, including INSERT INTO, UPDATE WHERE, etc. Students will also have a basic understanding of database usage in a web application, including parameter validation, escaping, and prepared statements.
+### Lesson 2: Group by, Having and Joins. Promisification of JS client with prepared statements
 
-### Lesson 3: Data Models, Relationships, and Schemas
+Objective: This class introduces more clauses (group by, having) in the
+select statement. MySQL joins (inner, self, left and right) should be explained
+with demonstration (Employee table with **reportsTo** field and Department
+table with its PK in Employee table is suitable for this demonstration).
+Promise based JavaScript program with SQL prepared statements should be
+understood by students. The program can be found in the Week2 folder (Credits:
+@remarcmij)
 
-In the final week, additional theory will be covered to discuss more complex relational data. Students will learn about entity relationship modelling and how to convert these models to a database schema using normalisation and foreign-key constraints. Non-relational data will also be considered, as well as the benefits and drawbacks of relational and non-relational models.
+### Lesson 3: Database design, normal forms, SQL injection
 
-Objective: Students should be able to create an entity relationship diagram based on a qualatative description of data requirements, and translate that into a MySQL database schema. Students should also be able to compare and contrast relational (like MySQL) and NoSQL databases (considering their benefits and drawbacks).
+Objective: This class invites students to discuss Entity Relationship Diagram (ERD).
+Students should be able to explain their choices of entities, relationships, attributes etc.
+SQL injection should be explained with a demonstration (with a simple JS client).
+Concepts of database transaction, ACID properties, normal forms should be introduced with
+examples / live coding (creating a transaction, committing and rollback-ing).
 
 ## Handing in homework
 Take a look at [this video](https://www.youtube.com/watch?v=-o0yomUVVpU&index=2&list=PLVYDhqbgYpYUGxRdtQdYVE5Q8h3bt6SIA) made by Daan, he explains how your homework needs to be handed in.
 
-Also review the Git [workflow material](https://github.com/HackYourFuture/Git/blob/master/Lecture-3.md) from the JavaScript3 module, use this as a reference.
+Also review the Git [workflow material](https://github.com/HackYourFuture/Git/blob/master/Lecture-3.md) from the JavaScript3 module, use this as a reference.
@@ -1,6 +1,6 @@
 # Lesson 1: MySQL and Node setup! Create, Insert and Select !
 
-Objective : This module aims to incorporate JavaScript code to operate the MySQL database.
+Objective : This class aims to incorporate JavaScript code to operate the MySQL database.
 MySQL client can be used to demonstrate SQL queries however, students should know how to
 make a MySQL database connection from JavaScript, run queries from JavaScript and
 capture results of queries in JavaScript.
@@ -102,11 +102,13 @@ his 24th birthday works in Facebook and lives in Redmond.
 CREATE TABLE table_name (column_name, column_type [, column2_name, column2_type]);
 ```
 
+#### TYPES
+Recall what a datatype is. js vs mysql types
+
 * INT(N) type
 * DATE, DATETIME and TIMESTAMP, (set time_zone = '+03:00')
 * BLOB (LOAD_FILE(filename))
 
-
 ### Fill up a table in MySQL: INSERT rows
 A row (aka record or tuple) represents a single, implicitly structured data item in the table.
 
 
@@ -0,0 +1,22 @@
+# Homework week 3
+
+## Full ToDo App : Be Creative!
+- Design and finalize the ToDo App database. Be creative. Support multiple users.
+- Create a node server to make Web APIs for ToDo app
+- Support following functions:
+    - Insert item(s) in ToDo list
+    - Delete item(s) in ToDo list
+    - Create a new ToDo list
+    - Delete a ToDo list
+    - Mark an item as completed
+    - Add a reminder for the list (not for the item)
+- Write the necessary SQL statements/commands to maintain the state of the database.
+- Use PostMan to test the APIs.
+
+### What to submit
+- .sql file with the dump of database (all create table statements, insert values etc.)
+- .js, .json, .\* files that make up your app/project
+- README.md file that explains how to run and test your app/project
+
+## Check out the React repo [here](https://github.com/HackYourFuture/React)
+And find out how you can prepare for the first React lecture :dancers:
@@ -1,37 +1,96 @@
-# Lesson 3: Data Models, Relationships, and Schemas
+# Lesson 3: Database design, normal forms, SQL injection
 
-In the final week, additional theory will be covered to discuss more complex relational data. Students will learn about entity relationship modelling and how to convert these models to a database schema using normalisation and foreign-key constraints. Non-relational data will also be considered, as well as the benefits and drawbacks of relational and non-relational models.
-
-Objective: Students should be able to create an entity relationship diagram based on a qualatative description of data requirements, and translate that into a MySQL database schema. Students should also be able to compare and contrast relational (like MySQL) and NoSQL databases (considering their benefits and drawbacks).
+Objective: This class invites students to discuss Entity Relationship Diagram (ERD).
+Students should be able to explain their choices of entities, relationships, attributes etc.
+SQL injection should be explained with a demonstration (with a simple JS client).
+Concepts of database transaction, ACID properties, normal forms should be introduced with
+examples / live coding (creating a transaction, committing and rollback-ing).
 
 ## Pre-Class Readings
 
 Before arriving to class on Sunday, please watch all of the videos in [this video playlist](https://www.lynda.com/SharedPlaylist/ae29ea2f495c432793abc220da47baa6) on Lynda.
-- Choosing Primary Keys
-- Defining One-to-Many Relationships
-- Exploring One-to-One Relationships
-- Exploring Many-to-Many Relationships
-- Understanding Relationship Rules and Referential Integrity
-- Defining Table Relationships
-- NoSQL databases
-- GraphQL: Introduction and History
-- Why use GraphQL?
 
 Also, please read the following page that explains database foreign keys.
 - [What is a Database Foreign Key](http://databases.about.com/cs/specificproducts/g/foreignkey.htm)
 
-## Main Topics
+## Topics to be covered
 
-- More complex entity relationship diagrams
+### Entity Relationship Diagrams
     - Associative entities from many-to-many relationships
-    - Introduction to normalisation
-- Foreign key constraints
-- Complicated values to store in MySQL
+    - Boolean attribute instead of a table
+
+### Normalization
+Database Design following normal forms as a convention.
+These normal forms build incrementally.
+E.g. The database is in 3NF if it is already in 2NF and satisfied the
+rules for 3rd normal form. Read [here] (https://www.studytonight.com/dbms/database-normalization.php) for more details.
+
+#### 1NF (4 rules)
+* Rule 1 : Single valued attributes (each column should have atomic value, no multiple values)
+* Rule 2 : Attribute domain should not change
+* Rule 3 : Unique names for attributes / columns
+* Rule 4 : Order does not matter
+#### 2NF
+No partial dependency. (i.e. no field should depend on part of the primary key)
+Example
+```
+Score table (student_ID, subject_ID, score, teacher)
+Subject table (subject_ID, subject Name)
+```
+#### 3NF
+No transitive dependency (i.e. no field should depend on non-key attributes).
+
+#### Boyce Codd Normal Form (3.5 NF)
+for any dependency A → B, A should be a super key.
+
+#### 4NF
+No multi-value dependency.
+
+### Complicated values to store in MySQL
     - Storing prices (floating point errors)
     - Storing dates (datetime vs. timestamp)
-- CREATE TABLE syntax
-- Brief introduction to non-relational data
-- Scaffolding and application generators
+    - datetime : fixed value (joining date of employee): has a calendar date and a wall clock time
+    - timestamp : unix timestamp, seconds elapsed from 1 Jan 1970 00:00 in UTC (takes timezone into consideration)
+
+### Database transactions
+- A transaction is a set of commands that you want to treat as "one command." It has to either happen in full or not at all.
+
+- A classical example is transferring money from one bank account to another. To do that you have first to withdraw the amount from the source account, and then deposit it to the destination account. The operation has to succeed in full. If you stop halfway, the money will be lost, and that is Very Bad.
+
+### ACID properties
+
+- **Atomicity** : states that database modifications must follow an “all or nothing” rule.
+Each transaction is said to be “atomic.”
+If one part of the transaction fails, the entire transaction fails.
+- **Consistency** : states that only valid data will be written to the database. If, for some reason, a transaction is executed that violates the database’s consistency rules, the entire transaction will be rolled back, and the database will be restored to a state consistent with those rules.
+- **Isolation** : requires that multiple transactions occurring at the same time not impact each other’s execution.
+- **Dependency** : ensures that any transaction committed to the database will not be lost. Durability is ensured through the use of database backups and transaction logs that facilitate the restoration of committed transactions in spite of any subsequent software or hardware failures.
+
+### SQL injection
+
+Some SQL clients accept input from user to fabricate the queries.
+A malicious user can tweak the input so as to acquire more information from the database or
+to destroy the database (literally!). Demo program `sql-injection.js` is in the `Week3` folder.
+
+Consider the following query `SELECT name, salary FROM employees where id = X`.
+
+#### Injection to get more information
+```
+If X is `101 OR 1=1`, then the query returns all records because 1=1 is always true
+SELECT name, salary FROM employees where id = 101 OR 1=1;
+```
+
+#### Injection to destroy the database
+```
+If X is `101; DROP database mydb`, then the query will delete the entire database
+SELECT name, salary FROM employees where id = 101; DROP database mydb;
+```
+mysqljs prevents the second injection by not allowing multiple SQL statements
+to be executed at once.
+
+### Understanding the asynchronous nature of database queries
+Jim (@remarcmij) wrote these [excellent demo programs](https://github.com/remarcmij/database_examples)
+for better understanding. Do check them out.
 
 ## Reference Material
 
@@ -41,17 +100,3 @@ Also, please read the following page that explains database foreign keys.
     - [Yeoman](http://yeoman.io) - General framework for creating and scaffolding all types of projects
     - [Sails](http://sails.js) - Lightweight framework for generating APIs and web server apps in Node
     - [Loopback](http://loopback.io/) - A more "enterprise-ready" framework for generating and managing APIs.
-- [Rewatch the previously recorded session](https://www.youtube.com/watch?v=ZNLhHUDj6jo)
-
-## Homework
-
-For this week's homework:
-
-Using an entity relationship diagram, design the data model for an application of your choice; this could be anything, but previous students have used a small business (with staff, offices, and job titles), a library (with books, genres, racks, members, and a borrowing log), or a farm (with animals, barns, and farmers). Your application must include at least one many-to-many relationship and any supporting tables (associative entities) that are needed. The entity relationship diagram must describe what tables you will need, the columns in these tables, which column is the primary key, and the relationships between tables.
-
-Next, using the entity relationship diagram as a starting point, write all the necessary `CREATE TABLE` statements to create all tables and relationships (foreign key constraints) for this data model.
-
-Submit an image or PDF of your entity relationship diagram, and a `.sql` file with the `CREATE TABLE` statements.
-
-## Check out the React repo [here](https://github.com/HackYourFuture/React)
-And find out how you can prepare for the first React lecture :dancers:
 
@@ -0,0 +1,45 @@
+var prompt = require('prompt');
+var mysql      = require('mysql');
+const util = require('util');
+
+const connection = mysql.createConnection({
+  host     : 'localhost',
+  user     : 'hyfuser',
+  password : 'hyfpassword',
+  database : 'class17',
+  multipleStatements: true
+});
+
+const execQuery = util.promisify(connection.query.bind(connection))
+const input = util.promisify(prompt.get.bind(this))
+
+async function queryDatabase() {
+
+    var input_number = ""
+    prompt.start();
+    try {
+        const result = await input(['number']);
+        input_number = result.number
+
+        // 1. Naive way of passing the parameter to the query
+        //const select_query = `select * from students WHERE student_number =  ${input_number};`
+
+        // 2. Escaping the parameter ( replacing the unwanted characters)
+        //const select_query = `select * from students WHERE student_number =` + connection.escape(input_number);
+        // 3. Using a question mark syntax to do the escaping (AKA prepared statements)
+        const select_query = `select * from students WHERE student_number = ?`
+
+        connection.connect();
+        console.log(select_query);
+        var results = await execQuery(select_query, input_number);
+    } catch(error) {
+        console.error(error);
+    }
+    
+    for (r of results) {
+        console.log(r);
+    }
+    connection.end();
+}
+
+queryDatabase();