diff --git a/README.md b/README.md index 886382a..85f561c 100644 --- a/README.md +++ b/README.md @@ -294,3 +294,175 @@ NOTE: Logical Data Independence is more difficult to achieve.
↥ back to top
+ +## Q. Why E-R models are used? + +E-R model stands for entity-relationship model and it is used to represent a model with their relationships. This is an object oriented approach and it is based on real world that consists of objects which are called entities and relationship between them. Entities are further used inside the database in the form of attributes. + +
+ ↥ back to top +
+ +## Q. What do you understand by cardinality and why it is used? + +- Cardinality is important and used to arrange the data inside the database. +- It is related to the design part and need to be properly used in database. +- It is used in E-R diagrams and used to show the relationship between entities/tables. +- It has many forms like the basic is one to one, which associate one entity with another. +- Second is one to many: which relates one entity with many entities in a table. +- Third is many to many M: N that allows many entities to be related to many more. +- Last is many to one that allows the many entities to be associated with one entity. + +
+ ↥ back to top +
+ +## Q. What is DDL, DML and DCL? + +SQL commands can be divided in three large subgroups. + +1) DDL: The SQL commands which deals with database schemas and information of how the data will be generated in database are classified as Data Definition Language. +-For example: CREATE TABLE or ALTER TABLE belongs to DDL. + +2) DML: The SQL commands which deals with data manipulation are classified as Data Manipulation Language. +For example: SELECT, INSERT, etc. + +3) DCL: The SQL commands which deal with rights and permission over the database are classified as DCL. +For example: GRANT, REVOKE + +## Q. How to prevent from database SQL Injection? + +SQL Injection is a code-based vulnerability that allows an attacker to read and access sensitive data from the database. Attackers can bypass security measures of applications and use SQL queries to modify, add, update, or delete records in a database. + +**Simple SQL Injection Example:** + +```sql +SELECT id FROM users WHERE username='username' AND password='password' OR 1=1' +``` + +Because of the **OR 1=1** statement, the **WHERE** clause returns the first **id** from the **users** table no matter what the **username** and **password** are. The first user id in a database is very often the administrator. In this way, the attacker not only bypasses authentication but also gains administrator privileges. + +**Prevent SQL Injections:** + +**1. Continuous Scanning and Penetration Testing:** + +The automated web application scanner has been the best choice to point out vulnerabilities within the web applications for quite some time now. Now, with SQL injections getting smarter in exploiting logical flaws, website security professionals should explore manual testing with the help of a security vendor. + +They can authenticate user inputs against a set of rules for syntax, type, and length. It helps to audit application vulnerabilities discreetly so that you can patch the code before hackers exploit it to their advantage. + +**2. Restrict Privileges:** + +It is more of a database management function, but enforcing specific privileges to specific accounts helps prevent blind SQL injection attacks. Begin with no privileges account and move on to "read-only", "edit", "delete" and similar privilege levels. + +Minimizing privileges to the application will ensure that the attacker, who gets into the database through the application, cannot make unauthorized use of specific data. + +**3. Use Query Parameters:** + +Dynamic queries create a lot of troubles for security professionals. They have to deal with variable vulnerabilities in each application, which only gets graver with updates and changes. It is recommended that you prepare parameterized queries. + +These queries are simple, easy to write, and only pass when each parameter in SQL code is clearly defined. This way, your info is supplied with weapons to differentiate between code and information inputs. + +**4. Instant Protection:** + +A majority of organizations fail the problems like outdated code, scarcity of resources to test and make changes, no knowledge of application security, and frequent updates in the application. For these, web application protection is the best solution. + +A managed web application firewall can be deployed for immediate mitigation of such attacks. It contains custom policies to block any suspicious input and deny information breach instantly. This way, you do not have to manually look for loopholes and mend problems afterward. + +
+ ↥ back to top +
+ +## Q. What are the non standard string types available in SQL? + +Following are Non-Standard string types: + +| Name | Max Length | +|----------|------------| +|TINYTEXT |255 bytes | +|TEXT |65,535 bytes| +|MEDIUMTEXT|16 MB | +|LONGTEXT |4GB | + +
+ ↥ back to top +
+ +## # 2. SQL Data Types + +
+ +## Q. What is difference between CHAR and VARCHAR in MySQL? + +Both of them are used for string type data. `char` has fixed length and if the inserted data is less than the defined length, required no. of blank spaces are added as padding. `varchar` has variable length and no padding is used to fill up the left out space. So technically, varchar will save space. + +## Q. What are the string datatypes in SQL? + +A list of data types used in MySQL database. This is based on MySQL 8.0. + +|Data Types | Description | +|----------------|---------------------------------------| +|CHAR(Size) |It is used to specify a fixed length string that can contain numbers, letters, and special characters. Its size can be 0 to 255 characters. Default is 1.| +|VARCHAR(Size) |It is used to specify a variable length string that can contain numbers, letters, and special characters. Its size can be from 0 to 65535 characters.| +|BINARY(Size) |It is equal to CHAR() but stores binary byte strings. Its size parameter specifies the column length in the bytes. Default is 1.| +|VARBINARY(Size) |It is equal to VARCHAR() but stores binary byte strings. Its size parameter specifies the maximum column length in bytes.| +|TEXT(Size) |It holds a string that can contain a maximum length of 255 characters.| +|TINYTEXT |It holds a string with a maximum length of 255 characters.| +|MEDIUMTEXT |It holds a string with a maximum length of 16,777,215.| +|LONGTEXT |It holds a string with a maximum length of 4,294,967,295 characters. +|ENUM(val1, val2, val3,...)|It is used when a string object having only one value, chosen from a list of possible values. It contains 65535 values in an ENUM list. If you insert a value that is not in the list, a blank value will be inserted.| +|SET( val1,val2,val3,....)|It is used to specify a string that can have 0 or more values, chosen from a list of possible values. You can list up to 64 values at one time in a SET list.| +|BLOB(size) |It is used for BLOBs (Binary Large Objects). It can hold up to 65,535 bytes.| + +
+ ↥ back to top +
+ +## Q. What are the differences between the BLOB and TEXT datatypes in MySQL? + +BLOB stands for Binary Large Objects and as its name suggests, it can be used for storing binary data while TEXT is used for storing large number of strings. BLOB can be used to store **binary data** that means we can store pictures, videos, sounds and programs also. + +BLOB values behave like byte string and BLOB does not have a character set. Therefore, comparison and sorting is fully dependent upon numeric values of bytes. + +TEXT values behave like non-binary string or character string. TEXT has a character set and the comparison/ sorting fully depends upon the collection of character set. + +**Creating a table with TEXT data type:** + +```sql +mysql> create table TextTableDemo ( Address TEXT ); + +mysql> DESC TextTableDemo; +``` + +**Creating a table with BLOB type:** + +```sql +mysql> create table BlobTableDemo ( Images BLOB ); + +mysql> desc BlobTableDemo; +``` + +
+ ↥ back to top +
+ +## # 3. SQL Database + +
+ +#### Q. How to create a database using SQL? + +To create a database using SQL, you can use the `CREATE DATABASE` statement followed by the name of the database you want to create. Here's the basic syntax: + +```sql +CREATE DATABASE database_name; +``` +For example, if you want to create a database called "mydatabase", you can run the following SQL query: + +```sql +CREATE DATABASE mydatabase; +``` +Note that depending on your SQL environment, you may need to have appropriate permissions to create a database. + +## # 4. SQL Table + +
\ No newline at end of file diff --git a/Schemas.sql b/Schemas.sql new file mode 100644 index 0000000..6b9f47c --- /dev/null +++ b/Schemas.sql @@ -0,0 +1,495 @@ + +CREATE TABLE Employee ( + EMPLOYEE_ID INT NOT NULL PRIMARY KEY AUTO_INCREMENT, + FIRST_NAME CHAR(25), + LAST_NAME CHAR(25), + SALARY INT(15), + JOINING_DATE DATETIME, + DEPARTMENT CHAR(25), + MANAGER_ID INT +); + +INSERT INTO Employee + (EMPLOYEE_ID, FIRST_NAME, LAST_NAME, SALARY, JOINING_DATE, DEPARTMENT,MANAGER_ID) VALUES + (001, 'James', 'Smith', 100000, '17-02-20 09.00.00', 'HR', 002), + (002, 'Jessica', 'Kohl', 80000, '17-06-11 09.00.00', 'Admin', 005), + (003, 'Alex', 'Garner', 300000, '17-02-20 09.00.00', 'HR', 011), + (004, 'Pratik', 'Pandey', 500000, '17-02-20 09.00.00', 'Admin', 020), + (005, 'Christine', 'Robinson', 500000, '17-06-11 09.00.00', 'Admin', 007), + (006, 'Deepak', 'Gupta', 200000, '17-06-11 09.00.00', 'Account', 015), + (007, 'Jennifer', 'Paul', 75000, '17-01-20 09.00.00', 'Account', 012), + (008, 'Deepika', 'Sharma', 90000, '17-04-11 09.00.00', 'Admin', 017); + +CREATE TABLE Bonus ( + EMPLOYEE_REF_ID INT, + BONUS_AMOUNT INT(10), + BONUS_DATE DATETIME, + FOREIGN KEY (EMPLOYEE_REF_ID) + REFERENCES Employee(EMPLOYEE_ID) + ON DELETE CASCADE +); + +INSERT INTO Bonus + (EMPLOYEE_REF_ID, BONUS_AMOUNT, BONUS_DATE) VALUES + (001, 5000, '18-02-20'), + (002, 3000, '18-06-11'), + (003, 4000, '18-02-20'), + (001, 4500, '18-02-20'), + (002, 3500, '18-06-11'); + +CREATE TABLE Title ( + EMPLOYEE_REF_ID INT, + EMPLOYEE_TITLE CHAR(25), + AFFECTED_FROM DATETIME, + FOREIGN KEY (EMPLOYEE_REF_ID) + REFERENCES Employee(EMPLOYEE_ID) + ON DELETE CASCADE +); + +INSERT INTO Title + (EMPLOYEE_REF_ID, EMPLOYEE_TITLE, AFFECTED_FROM) VALUES + (001, 'Manager', '2018-02-20 00:00:00'), + (002, 'Executive', '2018-06-11 00:00:00'), + (008, 'Executive', '2018-06-11 00:00:00'), + (005, 'Manager', '2018-06-11 00:00:00'), + (004, 'Asst. Manager', '2018-06-11 00:00:00'), + (007, 'Executive', '2018-06-11 00:00:00'), + (006, 'Lead', '2018-06-11 00:00:00'), + (003, 'Lead', '2018-06-11 00:00:00'); + + + CREATE TABLE all_students ( + student_id INT NOT NULL PRIMARY KEY, + school_id INT, + grade_level INT, + date_of_birth DATETIME, + hometown CHAR(25) + ); + CREATE TABLE attendance_events ( + date_event DATETIME, + student_id INT, + attendance CHAR(20), + FOREIGN KEY (student_id) + REFERENCES all_students(student_id) + ON DELETE CASCADE + ); + + INSERT INTO attendance_events + (date_event, student_id, attendance) VALUES + ('2018-01-10', 110111, 'present'), + ('2018-01-10', 110121, 'present' ), + ('2018-01-12', 110115, 'absent'), + ('2018-01-13', 110119, 'absent'), + ('2018-01-13', 110121, 'present'), + ('2018-01-14', 110125, 'present'), + ('2018-02-05', 110111, 'absent'), + ('2018-02-17', 110115, 'present'), + ('2018-02-22', 110129, 'absent'); + + INSERT INTO all_students + (student_id, school_id, grade_level, date_of_birth, hometown) VALUES + (110111, 205, 1, '2013-01-10', 'Pleasanton'), + (110115, 205, 1, '2013-03-15', 'Dublin'), + (110119, 205, 2, '2012-02-13', 'San Ramon'), + (110121, 205, 3, '2011-01-13', 'Dublin'), + (110125, 205, 2, '2012-04-25','Dublin'), + (110129, 205, 3, '2011-02-22', 'San Ramon'); + + CREATE TABLE login_info ( + user_id INT, + login_time DATETIME + ); + + INSERT INTO login_info + (user_id, login_time) VALUES + (1, '2017-08-10 14:32:25'), + (2, '2017-08-11 14:32:25'), + (3, '2017-08-11 14:32:25'), + (2, '2017-08-13 14:32:25'), + (3, '2017-08-14 14:32:25'), + (4, '2017-08-15 14:32:25'), + (5, '2017-08-12 14:32:25'), + (2, '2017-08-18 14:32:25'), + (1, '2017-08-11 14:32:25'), + (1, '2017-08-12 14:32:25'), + (1, '2017-08-13 14:32:25'), + (1, '2017-08-14 14:32:25'), + (1, '2017-08-15 14:32:25'), + (1, '2017-08-16 14:32:25'), + (1, '2017-08-17 14:32:25'), + (3, '2017-08-20 14:32:25'), + (5, '2017-08-16 14:32:25'), + (2, '2017-08-21 14:32:25'), + (3, '2017-08-22 14:32:25'); + + CREATE TABLE USER_ACTION ( + user_id_who_sent INT, + user_id_to_whom INT, + date_action DATETIME, + action CHAR(25) + ); + + INSERT INTO USER_ACTION + (user_id_who_sent, user_id_to_whom, date_action, action) VALUES + (20251, 28272, '2018-05-24','accepted'), + (19209, 64638,'2018-06-13' , 'sent'), + (43744, 16373, '2018-04-15' ,'accepted'), + (20251, 18171, '2018-05-19' , 'sent'), + (54875, 36363, '2018-01-11' ,'rejected'), + (38292, 16373, '2018-05-24','accepted'), + (19209, 26743, '2018-06-12' ,'accepted'), + (27623, 28272, '2018-05-24','accepted'), + (20251, 37378, '2018-03-17','rejected'), + (43744, 18171, '2018-05-24' ,'accepted'); + + CREATE TABLE all_users( + user_id INT NOT NULL PRIMARY KEY, + user_name CHAR(25), + registration_date DATETIME, + active_last_month BOOLEAN + ); + + INSERT INTO all_users + (user_id, user_name, registration_date, active_last_month) VALUES + (1, 'sam', '2018-01-21', 1), + (2, 'phelp', '2018-01-15', 1), + (3, 'peyton', '2018-03-12', 1), + (4, 'ryan', '2018-02-17', 0), + (5, 'james', '2018-01-21', 0), + (6, 'christine', '2018-02-27', 1), + (7, 'bolt', '2018-02-28', 0), + (8, 'jessica', '2018-01-11', 1), + (9, 'paul', '2018-04-23', 1), + (10, 'brian', '2018-03-12', 0); + + + CREATE TABLE sport_accounts( + sport_player_id INT, + sport_player CHAR(25), + sport_category CHAR(25), + FOREIGN KEY (sport_player_id) + REFERENCES all_users(user_id) + ON DELETE CASCADE + ); + + INSERT INTO sport_accounts + (sport_player_id, sport_player, sport_category) VALUES + (2, 'phelp', 'swimming'), + (7, 'bolt', 'running'), + (8,'jessica', 'swimming'), + (9, 'paul', 'basketball'), + (10, 'brian', 'cricket'), + (5, 'james', 'cricket'); + + + + CREATE TABLE follow_relation( + follower_id INT, + target_id INT, + following_date DATETIME, + FOREIGN KEY (follower_id) + REFERENCES all_users(user_id) + ON DELETE CASCADE, +FOREIGN KEY (target_id) + REFERENCES all_users(user_id) + ON DELETE CASCADE + ); + + INSERT INTO follow_relation + (follower_id, target_id, following_date) VALUES + (1,8, '2018-01-02'), + (5,2,'2018-01-02'), + (9,10, '2018-01-02'), + (10,8, '2018-01-02'), + (8,3, '2018-01-02'), + (4, 6, '2018-01-02'), + (2,8, '2018-01-02'), + (6,9, '2018-01-02'), + (1,7, '2018-01-02'), + (10,2, '2018-01-02'), + (1,2, '2018-01-02'); + + CREATE TABLE ad_accounts( + account_id INT, + date DATETIME, + account_status CHAR(15) +); + +INSERT INTO ad_accounts +(account_id, date, account_status) VALUES +(101, '2019-01-21', 'active'), +(102, '2019-01-17', 'active'), +(117, '2019-02-06', 'active'), +(112, '2019-01-16', 'active'), +(110, '2019-03-22', 'fraud'), +(115, '2019-04-28', 'fraud'), +(103, '2019-02-07', 'close'), +(112, '2019-04-15', 'fraud'), +(101, '2019-04-28', 'fraud'), +(117, '2019-04-22', 'fraud'), +(102, '2019-03-19', 'fraud'), +(106, '2019-04-28', 'fraud'), +(105, '2019-03-02', 'active'), +(110, '2019-04-28', 'fraud'); + +CREATE TABLE user_details( +date DATETIME, +session_id INT, +user_id INT +); + +CREATE TABLE event_session_details( +date DATETIME, +session_id INT, +timespend_sec INT, +user_id INT +); + +INSERT INTO user_details +(date, session_id, user_id) values +('2019-01-10', 201, 6), +('2019-01-10', 202, 7), +('2019-01-10', 203, 6), +('2019-01-11', 204, 8), +('2019-01-10', 205, 6), +('2019-01-11', 206, 8), +('2019-01-12', 207, 9); + +INSERT INTO event_session_details +(date, session_id, timespend_sec, user_id) VALUES +('2019-01-10', 201, 1200, 6), +('2019-01-10', 202, 100, 7), +('2019-01-10', 203, 1500, 6), +('2019-01-11', 204, 2000, 8), +('2019-01-10', 205, 1010, 6), +('2019-01-11', 206, 1780, 8), +('2019-01-12', 207, 2500, 9), +('2019-01-12', 208, 500, 9), +('2019-01-21', 209, 2798, 15), +('2019-01-25', 210, 1278, 18); + +CREATE TABLE messages_detail( +user_id INT NOT NULL PRIMARY KEY, +messages_sent INT, +date DATE +); + +INSERT INTO messages_detail +(user_id, messages_sent, date) VALUES +(1, 120, '2014-04-27'), +(2,50 , '2014-04-27'), +(3, 222, '2014-04-27'), +(4, 70, '2014-04-27'), +(5, 250, '2014-04-27'), +(6, 246,'2014-04-27'), +(7, 179, '2014-04-27'), +(8, 116, '2014-04-27'), +(9, 84 , '2014-04-27'), +(10, 215,'2014-04-27'), +(11, 105, '2014-04-27'), +(12, 174, '2014-04-27'), +(13, 158, '2014-04-27'), +(14, 30, '2014-04-27'), +(15, 48, '2014-04-27'); + +CREATE TABLE user_name ( +full_names CHAR(30) +); + +INSERT INTO user_name +(full_names) VALUES +('Jessica Taylor'), +('Erin Russell'), +('Amanda Smith'), +('Sam Brown'), +('Robert Kehrer'); + + +CREATE TABLE DIALOGLOG( +user_id INT, +app_id CHAR(5), +type CHAR(15), +date TIMESTAMP +); + +INSERT INTO DIALOGLOG +(user_id, app_id, type, date) VALUES +(1, 'a', 'impression', '2019-02-04'), +(2, 'a', 'impression', '2019-02-04'), +(2, 'a', 'click', '2019-02-04'), +(3, 'b', 'impression', '2019-02-04'), +(4, 'c', 'click', '2019-02-04'), +(4, 'd', 'impression', '2019-02-04'), +(5, 'd', 'click', '2019-02-04'), +(6, 'd', 'impression', '2019-02-04'), +(6, 'e', 'impression', '2019-02-04'), +(3, 'a', 'impression', '2019-02-04'), +(3, 'b', 'click', '2019-02-04'); + +CREATE TABLE friend_request( +requestor_id INT, +sent_to_id INT, +time DATE +); + +INSERT INTO friend_request +(requestor_id, sent_to_id, time) VALUES +(1, 2, '2018-06-03'), +(1, 3, '2018-06-08'), +(1, 3, '2018-06-08'), +(2, 4, '2018-06-09'), +(3, 4, '2018-06-11'), +(3, 5, '2018-06-11'), +(3, 5, '2018-06-12'); + +CREATE TABLE request_accepted( +acceptor_id INT, +requestor_id INT, +time DATE +); + +INSERT INTO request_accepted VALUES +(2, 1, '2018-08-01'), +(3, 1, '2018-08-01'), +(3, 1, '2018-08-01'), +(4, 2, '2018-08-02'), +(5, 3, '2018-08-03'), +(5, 3, '2018-08-03'), +(5, 3, '2018-08-04'); + +CREATE TABLE new_request_accepted( +acceptor_id INT, +requestor_id INT, +accept_date DATE +); + +INSERT INTO new_request_accepted +(acceptor_id, requestor_id, accept_date) Values +(2, 1, '2018-05-01'), +(3, 1, '2018-05-02'), +(4, 2, '2018-05-02'), +(5, 3, '2018-05-03'), +(3, 4, '2018-05-04'); + +CREATE TABLE count_request( +country_code CHAR(10), +count_of_requests_sent INT, +percent_of_request_sent_failed CHAR(10), +sent_date DATE +); + +INSERT INTO count_request +(country_code, count_of_requests_sent, percent_of_request_sent_failed, sent_date) VALUES +('AU', 23676, '5.2%', '2018-09-07'), +('NZ', 12714, '2.1%', '2018-09-08'), +('IN', 24545, '4.6%', '2018-09-09'), +('IN', 34353, '5.3%', '2018-09-10'), +('AU', 24255, '1.7%', '2018-09-11'), +('NZ', 23131, '2.9%', '2018-09-12'), +('US', 49894, '5.3%','2018-09-13'), +('IN', 19374, '2.4%', '2018-09-14'), +('AU', 18485, '2.7%','2018-09-15'), +('IN', 38364, '3.5%', '2018-09-16'); + + +CREATE TABLE confirmed_no( +phone_number CHAR(15) +); + +INSERT INTO confirmation_no +(phone_number) VALUES +('232-473-3433'), +('545-038-2294'), +('647-294-1837'), +('492-485-9727'), +('545-383-7837'), +('184-483-9575'), +('493-420-4902'), +('282-595-8373'), +('594-9594-2948'); + +INSERT INTO confirmed_no +(phone_number) VALUES +('492-485-9727'), +('545-383-7837'), +('184-483-9575'), +('493-420-4902'); + +CREATE TABLE user_interaction( +user_1 CHAR(5), +user_2 CHAR(5), +date DATE +); + +INSERT INTO user_interaction +(user_1, user_2, date) VALUES +('A', 'B', '2019-03-23'), +('A', 'C', '2019-03-23'), +('B', 'D', '2019-03-23'), +('B', 'F', '2019-03-23'), +('C', 'D', '2019-03-23'), +('A', 'D', '2019-03-23'), +('B','C', '2019-03-23'), +('A','E', '2019-03-23'); + +create table salesperson( +id INT, +name CHAR(25), +age INT, +salary INT +); + +insert into salesperson +(id, name, age, salary) values +(1, 'Abe', 61, 140000), +(2, 'Bob', 34, 44000), +(5, 'Chris', 34, 40000), +(7, 'Dan', 41, 52000), +(8, 'Ken', 57, 115000), +(11, 'Joe', 38, 38000); + +create table customer( +id INT, +name char(25), +city char(25), +industry_type char(1) +); + +insert into customer +(id, name, city, industry_type) values +(4, 'Samsonic', 'pleasant', 'J'), +(6, 'Panasung', 'oaktown', 'J'), +(7, 'Samsony', 'jackson', 'B'), +(9, 'Orange', 'jackson', 'B'); + +create table orders( +number int, +order_date date, +cust_id int, +salesperson_id int, +amount int +); + +insert into orders +(number, order_date, cust_id, salesperson_id, amount) values +(10, '1996-02-08', 4, 2, 540), +(20, '1999-01-30', 4, 8, 1800), +(30, '1995-07-14', 9, 1, 460), +(40, '1998-01-29', 7, 2, 2400), +(50, '1998-02-03', 6, 7, 600), +(60, '1998-03-02', 6, 7, 720), +(70, '1998-05-06', 6, 7, 150); + +create table event_log( +user_id INT, +event_date_time INT #Using plain INT column type to store unix timestamp is the most trivial option. +); + +Insert into event_log +(user_id, event_date_time) values +(7494212, 1535308430), +(7494212, 1535308433), +(1475185, 1535308444), +(6946725, 1535308475), +(6946725, 1535308476), +(6946725, 1535308477); \ No newline at end of file