# Notebook to reset the form database

Part 23 uses a simple form to allow a user to simulate an injection attack. Executing this notebook sets up the tables and view needed for the examples.

Note that the structures are created in the user's domain, either using the oucu/tm351password combination on the remote VCE, or the tm351 login on the local VCE.

## Establish the connection

In order to run this query, the user needs to be logged into the database, so the first thing to do is to set up the authentication credentials. 

In [None]:
%run part_23_authentication_notebook.ipynb

In [None]:
import pandas as pd

import psycopg2 as pg

In [None]:
form_connection=pg.connect(dbname=DB_USER,     # the name of the database
                    host='localhost',   # the host on which the database engine is running
                    user=DB_USER,       # id of the user who is logging in
                    password=DB_PWD,    # the user's password
                    port=5432)          # the port on which the database engine is listening

form_connection.autocommit = True


## Create and populate the tables

In [None]:
# Create and populate the form_patient table:

with form_connection.cursor() as c:

    c.execute('''
        DROP TABLE IF EXISTS form_patient CASCADE;
        
        CREATE TABLE form_patient (
            patient_id CHAR(4),
            patient_name VARCHAR(20),
            date_of_birth DATE,
            gender CHAR(6),
            height_cm DECIMAL(4,1),
            weight_kg DECIMAL(4,1),
            doctor_id CHAR(4));
            
        INSERT INTO form_patient(patient_id, patient_name, date_of_birth, gender, height_cm, weight_kg, doctor_id)
            VALUES('p001', 'Thornton', '1980/01/22', 'F', 162.3, 71.6, 'd06');
        INSERT INTO form_patient(patient_id, patient_name, date_of_birth, gender, height_cm, weight_kg, doctor_id)
            VALUES('p007', 'Tennent', '1980/04/01', 'M', 176.8, 70.9, 'd07');
        INSERT INTO form_patient(patient_id, patient_name, date_of_birth, gender, height_cm, weight_kg, doctor_id)
            VALUES('p008', 'James', '1980/07/08', 'M', 167.9, 70.5, 'd07');
        INSERT INTO form_patient(patient_id, patient_name, date_of_birth, gender, height_cm, weight_kg, doctor_id)
            VALUES('p009', 'Kay', '1980/09/25', 'F', 164.7, 53.2, 'd06');
        INSERT INTO form_patient(patient_id, patient_name, date_of_birth, gender, height_cm, weight_kg, doctor_id)
            VALUES('p015', 'Harris', '1980/12/04', 'M', 180.6, 64.3, 'd06');
        INSERT INTO form_patient(patient_id, patient_name, date_of_birth, gender, doctor_id)
            VALUES('p031', 'Rubinstein', '1980/12/23', 'F', 'd07');
        INSERT INTO form_patient(patient_id, patient_name, date_of_birth, gender, doctor_id)
            VALUES('p037', 'Boswell', '1981/06/11', 'F', 'd10');
        INSERT INTO form_patient(patient_id, patient_name, date_of_birth, gender, height_cm, weight_kg, doctor_id)
            VALUES('p038', 'Ming', '1981/09/23', 'M', 186.3, 85.4, 'd11');
        INSERT INTO form_patient(patient_id, patient_name, date_of_birth, gender, height_cm, weight_kg, doctor_id)
            VALUES('p039', 'Maher', '1981/10/09', 'F', 161.9, 73, 'd11');
        INSERT INTO form_patient(patient_id, patient_name, date_of_birth, gender, height_cm, weight_kg, doctor_id)
            VALUES('p068', 'Monroe', '1981/02/21', 'F', 165, 62.6, 'd10');
        INSERT INTO form_patient(patient_id, patient_name, date_of_birth, gender, height_cm, weight_kg, doctor_id)
            VALUES('p071', 'Harris', '1981/12/12', 'M', 186.3, 76.7, 'd10');
        INSERT INTO form_patient(patient_id, patient_name, date_of_birth, gender, height_cm, weight_kg, doctor_id)
            VALUES('p078', 'Hunt', '1982/02/25', 'M', 179.9, 74.3, 'd10');
        INSERT INTO form_patient(patient_id, patient_name, date_of_birth, gender, height_cm, weight_kg, doctor_id)
            VALUES('p079', 'Dixon', '1982/05/05', 'F', 163.9, 56.5, 'd06');
        INSERT INTO form_patient(patient_id, patient_name, date_of_birth, gender, height_cm, weight_kg, doctor_id)
            VALUES('p080', 'Bell', '1982/06/11', 'F', 171.3, 49.2, 'd07');
        INSERT INTO form_patient(patient_id, patient_name, date_of_birth, gender, height_cm, weight_kg, doctor_id)
            VALUES('p087', 'Reed', '1982/06/14', 'F', 160, 59.1, 'd07');
        INSERT INTO form_patient(patient_id, patient_name, date_of_birth, gender, height_cm, weight_kg, doctor_id)
            VALUES('p088', 'Boswell', '1982/08/23', 'M', 168.4, 91.4, 'd06');
        INSERT INTO form_patient(patient_id, patient_name, date_of_birth, gender, height_cm, weight_kg, doctor_id)
            VALUES('p089', 'Jarvis', '1982/11/09', 'F', 172.9, 53.4, 'd10');

    ''')

In [None]:
# Create and populate the form_doctor table:

with form_connection.cursor() as c:

    c.execute('''
        DROP TABLE IF EXISTS form_doctor CASCADE;
        
        CREATE TABLE form_doctor (doctor_id CHAR(4),
                                  doctor_name VARCHAR(20),
                                  PRIMARY KEY (doctor_id));

        INSERT INTO form_doctor VALUES ('d06', 'Gibson');
        INSERT INTO form_doctor VALUES ('d07', 'Paxton');
        INSERT INTO form_doctor VALUES ('d09', 'Tamblin');
        INSERT INTO form_doctor VALUES ('d10', 'Rampton');
        INSERT INTO form_doctor VALUES ('d11', 'Nolan');
    ''')

In [None]:
# Create and populate the form_patient table:

with form_connection.cursor() as c:

    c.execute('''
        
        ALTER TABLE form_patient
            ADD CONSTRAINT form_patient_doctor_fk
                FOREIGN KEY (doctor_id) REFERENCES form_doctor;
    ''')
    


And finally, we can create a view which contains the patient and doctor information:

In [None]:
with form_connection.cursor() as c:

    c.execute('''
        CREATE VIEW form_view AS
            SELECT form_patient.patient_id, form_patient.patient_name, form_doctor.doctor_id, form_doctor.doctor_name
            FROM form_patient INNER JOIN form_doctor
                ON form_patient.doctor_id = form_doctor.doctor_id;
    ''')
    

In [None]:
form_connection.close()

In [None]:
print('Tables for part 23 reset')